Daily NCSC-FI news followup 2021-03-19

Identifying suspicious credential usage

www.ncsc.gov.uk/blog-post/identifying-suspicious-credential-usage How NCSC guidance can help organisations detect and protect themselves from credential abuse.

Weekly Threat Report 19th March 2021

www.ncsc.gov.uk/report/weekly-threat-report-19th-march-2021 The NCSC’s weekly threat report is drawn from recent open source reporting.

“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users

arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/ A team of advanced hackers exploited no fewer than 11 zero-day vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Also:


New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects. XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism. The backdoor has functionality for recording the victim’s microphone, camera and keyboard, as well as the ability to upload and download files. The XcodeSpy infection vector could be used by other threat actors, and all Apple Developers using Xcode are advised to exercise caution when adopting shared Xcode projects.

Trust your surveillance? Why hacked cameras are very bad

www.welivesecurity.com/2021/03/19/trust-your-surveillance-why-hacked-cameras-are-very-bad/ When a breach captures a part of us that is unchangeable, does it mean that we have allowed technology to pry too deeply into our lives?

FBI: Cybercrime losses topped US$4.2 billion in 2020

www.welivesecurity.com/2021/03/18/fbi-cybercrime-losses-topped-us42billion-2020/ The Bureau received over 28, 000 reports of COVID-19-themed scams last year

Facebook outage affecting WhatsApp, Messenger and Instagram

www.bleepingcomputer.com/news/technology/facebook-outage-affecting-whatsapp-messenger-and-instagram/ When attempting to access Facebook services, users worldwide have stated that the application will display a continuous “Connecting” message. In BleepingComputer tests here in the USA and India, we confirmed the outage and are unable to connect to the messaging platforms.

Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-now-targeted-in-ongoing-attacks/ On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.

REvil ransomware says they hit Acer, Acer reports “abnormal situations”

www.bleepingcomputer.com/news/security/revil-ransomware-says-they-hit-acer-acer-reports-abnormal-situations/ The REvil ransomware operation claims to have stolen unencrypted data after hacking electronics and computer giant Acer.

FBI warns of BEC attacks increasingly targeting US govt orgs

www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attacks-increasingly-targeting-us-govt-orgs/ The Federal Bureau of Investigation (FBI) is warning US private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

Russian pleads guilty to Tesla hacking and extortion attempt

www.bleepingcomputer.com/news/security/russian-pleads-guilty-to-tesla-hacking-and-extortion-attempt/ Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory.

Mysterious bug is deleting Microsoft Teams, SharePoint files

www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/ Microsoft SharePoint and Microsoft Teams users report files are missing or moved to the Recycle Bin after the recent Azure Active Directory outage this week.

CISA releases new SolarWinds malicious activity detection tool

www.bleepingcomputer.com/news/security/cisa-releases-new-solarwinds-malicious-activity-detection-tool/ The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program (CHIRP), the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems. Also:

www.zdnet.com/article/burnt-by-solarwinds-attack-us-releases-tool-for-post-compromise-detection/. Also:


Statement on Microsoft Exchange vulnerabilities

www.enisa.europa.eu/news/enisa-news/statement-on-microsoft-exchange-vulnerabilities The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.

Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities

www.zdnet.com/article/microsoft-defender-antivirus-now-patches-exchange-server-vulnerabilities/ Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

Bitcoin-kiristysviestit jatkuvat

poliisi.fi/-/bitcoin-kiristysviestit-jatkuvat Hämeen poliisilaitos on saanut tietoonsa jälleen kymmeniä yksityishenkilöille lähetettyjä kiristysviestejä, joissa vaaditaan vastaanottajaa maksamaan 1450 euron arvosta Bitcoineja kiristäjän lompakkoon tai muuten hänestä levitetään arkaluonteista tietoa. Myös:


Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military

www.vice.com/en/article/k7adn9/car-location-data-telematics-us-military-ulysses-group 15 billion car locations. Nearly any country on Earth. The Ulysses Group’ is pitching a powerful surveillance technology to the U.S. government.

Microsoft Releases Exchange On-premises Mitigation Tool

us-cert.cisa.gov/ncas/current-activity/2021/03/16/microsoft-releases-exchange-premises-mitigation-tool Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates.

Uhkat Ruotsia kohtaan kasvavat eivätkä nykyiset vastatoimet riitä, arvioi Ruotsin turvallisuuspoliisi Säpo

yle.fi/uutiset/3-11844771 Ruotsiin kohdistuvat uhkat ulkomailta ja väkivaltaisista ääriliikkeistä jatkavat kasvuaan, arvioi turvallisuuspoliisi Säpo.

Norjan parlamenttia vastaan tehtiin kyberhyökkäys toista kertaa noin puolen vuoden aikana

yle.fi/uutiset/3-11831255 Verkkohyökkäys suurkäräjille käytti hyväkseen Microsoft Exchangen haavoittuvuuksia, kertoo NRK.

Safeguarding critical infrastructure

medium.com/e-tech/protecting-the-healthcare-sector-from-cyber-attacks-7b1851538e27 A UN report highlights the vulnerability of the healthcare sector and suggests a cybersecurity code of conduct for nation states

FBI warns of escalating Pysa ransomware attacks on education orgs

www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/ The CP-000142-MW flash alert issued by the FBI today was coordinated with DHS-CISA and it provides indicators of compromise to help guard against the malicious actions of this ransomware gang. Also:


Highlights from the 2021 Unit 42 Ransomware Threat Report

unit42.paloaltonetworks.com/ransomware-threat-report-highlights/ Ransomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks.. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends and security best practices so we can understand and manage the threat.

Polish State Websites Hacked and Used to Spread False Info

www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info Two Polish government websites were hacked Wednesday and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack.

China-Linked Cyber-Espionage Group Mustang Panda is Targeting Telecommunications

cybersguards.com/china-linked-cyber-espionage-group-mustang-panda-is-targeting-telecommunications/ According to McAfee security researchers, the China-linked cyber-espionage organisation Mustang Panda is targeting telecommunications companies in Asia, Europe, and the United States for espionage purposes. Also:

www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf. Also:


Beware Android trojan posing as Clubhouse app

www.welivesecurity.com/2021/03/18/beware-android-trojan-posing-clubhouse-app/ The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication

NIS2 Proposal: First feedback on the normative text

cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text Feedback on the normative text of the NIS2 proposal.

You might be interested in …

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-12-22

Kyberturvallisuuskeskuksen uusi julkaisu: Opas tietomurtojen havaitsemiseen www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen Tässä ohjeessa keskitytään erityisesti tietomurron havaitsemiseen lokitietojen avulla. Esimerkkeinä käytetään Windows Event Log – -­tapahtumalokeja tai muita Windows-­käyttöjärjestelmän lokitapahtumia. Valittuja esimerkkitapahtumia on havaittu tutkituissa tietomurroista tunkeutujien jäljiltä. PDF: www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Opas-tietomurtojen-havaitsemiseen.pdf SolarWinds hackers breached US Treasury officials’ email accounts www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/ US Senator Ron Wyden said that dozens of US Treasury […]

Read More

Daily NCSC-FI news followup 2020-10-05

Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/ Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation Digipoolin teettämä kartoitus MosaicRegressor: Lurking in the Shadows of UEFI securelist.com/mosaicregressor/98849/ UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.