Daily NCSC-FI news followup 2021-03-20

Office 365 Phishing Attack Targets Financial Execs

threatpost.com/office-365-phishing-attack-financial-execs/164925/ Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. Also:

www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/

Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10

arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/ As if the mass-exploitation of Exchange servers wasn’t enough, now there’s BIG-IP. Last week, F5 disclosed and patched critical BIG-IP vulnerabilities that allow hackers to gain complete control of a server. Despite a severity rating of 9.8 out of 10, the security flaws got overshadowed by a different set of critical vulnerabilities Microsoft disclosed and patched in Exchange server a week earlier. Also:

thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

Stalkerware in 2020 is still a burning issue

www.kaspersky.com/blog/stalkerware-in-2020/39102/ Stalkerware activity dropped off during the pandemic, but it’s picking up again. How to deal with the threat.

Report reveals the staggering scale of Business Email Compromise losses

blog.malwarebytes.com/business-2/2021/03/report-reveals-the-staggering-scale-of-business-email-compromise-losses/ The Internet Crime Complaint Center (IC3), an arm of the FBI where internet users can report online fraud crimes, recently released the 2020 Internet Crime Report, an annual report that contains high-level information on suspected fraud cases reported to them and their losses. A state-by-state statistical breakdown of these cases were included in an accompanying report, 2020 State Reports, that you can browse through here. Also:

www.ic3.gov/Media/PDF/AnnualReport/2020State/StateReport.aspx

The Week in Ransomware – March 19th 2021 – Highest ransom ever!

www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-19th-2021-highest-ransom-ever/ While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.

US grid at rising risk to cyberattack, says GAO

thehill.com/policy/energy-environment/543831-government-watchdog-energy-department-must-address-cyber-threats-to Distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack, a government watchdog said in a report released Thursday. www.gao.gov/assets/gao-21-81.pdf

4 Ways Hackers Are Bypassing Network Segmentation

infosecwriteups.com/4-ways-hackers-are-bypassing-network-segmentation-9190d6f71a70?source=rss—-7b722bfd1b8d—4&gi=f72540426c4f If you own a business or work in the industry, you’ve most likely heard of PCI and know maintaining compliance is critical for a business to continue accepting credit card payments.

Ryuk ransomware explained: A targeted, devastatingly effective attack

www.csoonline.com/article/3541810/ryuk-ransomware-explained-a-targeted-devastatingly-effective-attack.html#tk.rss_news Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.

You might be interested in …

Daily NCSC-FI news followup 2019-12-28

U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility www.bleepingcomputer.com/news/security/us-coast-guard-says-ryuk-ransomware-took-down-maritime-facility/ The systems encrypted by Ryuk Ransomware directly impacted the facility’s “entire corporate IT network (beyond the footprint of the facility)” [emphasis ours] and physical access and camera control systems, and it also led to “loss of critical process control monitoring systems.” Ransomware Hits Maastricht […]

Read More

Daily NCSC-FI news followup 2020-02-03

TERVEYSTALON SÄHKÖISEEN VERKKOAJANVARAUKSEEN ON KOHDISTUNUT TIETOJENKALASTELUA www.terveystalo.com/fi/Sijoittajat/Tiedotteet/?crid=2AECEBB792F63309 Terveystalon sähköiseen verkkoajanvaraukseen on kohdistunut tietojenkalastelua. Tämän seurauksena yksittäisten henkilöiden henkilötunnus on todennäköisesti saatu selvitettyä. Verkkoajanvarauksessa ei käsitellä potilastietoja, ainoastaan nimi- ja henkilötunnustietoja. Potilastietoja verkkoajanvarauksen kautta ei saa selvitettyä.. Lue myös yle.fi/uutiset/3-11189706, www.hs.fi/kotimaa/art-2000006393563.html, www.is.fi/digitoday/tietoturva/art-2000006394014.html ja www.is.fi/digitoday/tietoturva/art-2000006394067.html Hakkerointi on yhtä murhaava ase kuin ohjusisku, sanoo Israelin armeijan tiedustelun veteraani […]

Read More

Daily NCSC-FI news followup 2020-12-29

Kyberisku plastiikkakirurgiseen sairaalaan kiristäjät uhkaavat julkaista intiimikuvat www.is.fi/digitoday/tietoturva/art-2000007709054.html Britanniassa paljastunut hyökkäys on uusi esimerkki siitä, miten ihmisten arkaluonteiset tiedot voivat päätyä kiristysmateriaaliksi. Asiasta kertoo BBC. Japanese Aerospace Firm Kawasaki Warns of Data Breach threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/ The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. US […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.