Daily NCSC-FI news followup 2021-02-19

Apple Offers Its Closest Look Yet at iOS and MacOS Security

www.wired.com/story/apple-platform-security-guide-researchers/ In its latest Platform Security Guide, Cupertino raised the curtain on the critical features that protect against hackers. Lisäksi:

support.apple.com/guide/security/welcome/web. Lisäksi:

www.darkreading.com/endpoint/apple-offers-closer-look-at-its-platform-security-technologies-features/d/d-id/1340198

Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

threatpost.com/silver-sparrow-malware-30k-macs/164121/ A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide but it’s unclear why. Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform.

AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

us-cert.cisa.gov/ncas/alerts/aa21-048a The U.S. Government has identified malware and indicators of compromise (IOCs) used by the North Korean government to facilitate cryptocurrency thefts; the cybersecurity community refers to this activity as “AppleJeus.”

Cybercriminal Enterprise Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams

threatpost.com/cybercriminal-enterprise-ringleaders-stole-55m-via-covid-19-fraud-romance-scams/164086 The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013. Authorities estimate the alleged group of criminals made over $55 million during its crime spree robbing mostly elderly online daters, small businesses and more.

Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

thehackernews.com/2021/02/masslogger-trojan-upgraded-to-steal-all.html A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.

Malaysia arrests 11 suspects for hacking government sites

www.zdnet.com/article/malaysia-arrests-11-suspects-for-hacking-government-sites A similar government website defacement campaign is also taking place this week in Myanmar, in support of the country’s jailed elected leader.

Take security to the Zero Trust Edge

www.zdnet.com/article/take-security-to-the-zero-trust-edge/ The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for organizations’ physical locations and remote workers.

Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated […]

Daily NCSC-FI news followup 2020-01-04

Police Tracked a Terror Suspect Until His Phone Went Dark After a Facebook Warning www.morningstar.com/news/dow-jones/202001026663/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning WhatsApp, Facebook Inc.’s popular messaging tool, had just notified about 1,400 users — among them the suspected terrorist — that their phones had been hacked by an “advanced cyber actor.” An elite surveillance team was using spyware from NSO Group, […]

Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him. Microsoft quietly created a Windows 10 File Recovery tool, […]