Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä

www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware

us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic Peoples Republic of Korea (DPRK), and provide mitigation recommendations.. Lazarus Groupwhich these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actorsis targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.. see also

us-cert.cisa.gov/ncas/current-activity/2021/02/17/north-korean-malicious-cyber-activity-applejeus. see also

www.zdnet.com/article/us-charges-two-more-members-of-the-lazarus-north-korean-hacking-group/

Attacks targeting IT firms stir concern, controversy

www.welivesecurity.com/2021/02/17/attacks-targeting-it-firms-stir-concern-controversy/ The Exaramel backdoor, discovered by ESET in 2018, resurfaces in a campaign hitting companies that use an outdated version of a popular IT monitoring tool. see also

www.centreon.com/en/company/newsroom/press-releases/centreon-provides-clarification-following-the-publication-of-the-anssi-report/

Malware Is Now Targeting Apples New M1 Processor

www.wired.com/story/apple-m1-malware/ Two distinct strains of malware have already adjusted to the new silicon just months after its debut.

Kia Motors America suffers ransomware attack, $20 million ransom

www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/ Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/ A new version of the Masslogger trojan has been targeting Windows users now using a compiled HTML (CHM) file format to start the infection chain.

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

www.zdnet.com/article/owner-of-app-that-hijacked-millions-of-devices-with-one-update-exposes-buy-to-infect-scheme/ The owners of the once-legitimate Android app insist that a buyer was responsible for a malicious update with far-reaching consequences.

Hosting provider phishing

www.kaspersky.com/blog/hosting-provider-phishing-web-page/38783/ How, and why, cybercriminals attack accounts on hosting provider sites.

Dutch police post ‘friendly’ warnings on hacking forums

www.zdnet.com/article/dutch-police-post-friendly-warnings-on-hacking-forums/ Dutch police: “Hosting criminal infrastructure in The Netherlands is a lost cause.”

Varo Steam-huijareita älä vastaa koskaan tällaisiin viesteihin

www.is.fi/digitoday/esports/art-2000007808398.html Steam-palvelussa yritetään muun muassa huijata skinejä eli virtuaaliesineitä käyttäjiltä.

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

thehackernews.com/2021/02/researchers-unmask-hackers-behind.html Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html In 2019, Mandiants Red Team discovered a series of vulnerabilities present within Digi Internationals ConnectPort X2e device, which allows for remote code execution as a privileged user.. Specifically, Mandiants research focused on SolarCitys (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients.. This two-part blog series will discuss our analysis at a high level, explore the novel techniques used to gain initial access to the ConnectPort X2e device, and share the technical details of the vulnerabilities discovered. Topics to be covered will include physical device inspection, debugging interface probing, chip-off techniques, firmware analysis, glitch attacks, and software exploitation.

SectopRAT: New version adds encrypted communication

www.gdatasoftware.com/blog/sectoprat-adds-encrypted-communication SectopRAT, also known as 1xxbot or Asatafar, had been an unknown, in-development threat when we discovered it a year ago. Now it infects systems in Germany. What is the new version capable of?

Better device configuration shouldnt be like herding cats

www.ncsc.gov.uk/blog-post/better-device-configuration-should-not-be-like-herding-cats Hunting for common security weaknesses using Microsoft Defender for Endpoint.

You might be interested in …

Daily NCSC-FI news followup 2020-12-29

Kyberisku plastiikkakirurgiseen sairaalaan kiristäjät uhkaavat julkaista intiimikuvat www.is.fi/digitoday/tietoturva/art-2000007709054.html Britanniassa paljastunut hyökkäys on uusi esimerkki siitä, miten ihmisten arkaluonteiset tiedot voivat päätyä kiristysmateriaaliksi. Asiasta kertoo BBC. Japanese Aerospace Firm Kawasaki Warns of Data Breach threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/ The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. US […]

Read More

Daily NCSC-FI news followup 2020-02-06

Protecting users from insecure downloads in Google Chrome security.googleblog.com/2020/02/protecting-users-from-insecure_6.html Today were announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, well start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start […]

Read More

Daily NCSC-FI news followup 2021-03-25

Supon vuosikirja 2020: Terrorismin uhka-arviossa näkyy äärioikeiston muuttunut tilannekuva supo.fi/-/supon-vuosikirja-2020-terrorismin-uhka-arviossa-nakyy-aarioikeiston-muuttunut-tilannekuva Terrorismin uhka Suomessa on edelleen tasolla kaksi eli kohonnut. Suurin muutos on tapahtunut äärioikeistolaisen terrorismin tilannekuvassa. Koronapandemia vaikutti kybervakoilun kasvuun. Suojelupoliisi havaitsi poikkeuksellisen intensiivisiä valtiollisia kybervakoiluyrityksiä, jotka kohdistuivat Suomen ulko- ja turvallisuuspoliittisen päätöksenteon valmisteluun. Cybersecurity: Council adopts conclusions on the EU’s cybersecurity strategy www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/ The […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.