Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/

North Korean hackers target security researchers again

www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.

Risk Management, C-Suite Shifts & Next-Gen Text Scams: Your March 2021 Security Intelligence Roundup

securityintelligence.com/articles/march-2021-security-intelligence-roundup/

Iranian credential thieves targeting medical researchers

www.scmagazine.com/home/security-news/iranian-credential-thieves-targeting-medical-researchers/

Android sends 20x more data to Google than iOS sends to Apple, study says

arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/

He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.

www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Applications interact with the Background Intelligent Transfer Service by creating jobs with one or more files to download or upload. The BITS service runs in a service host process and can schedule transfers to occur at any time. As is the case with many technologies, BITS can be used both by legitimate applications and by attackers.

Fransom is an open-source tool that will emulate common ransomware functions for the purpose of testing endpoint detection and response tools

github.com/fraktalcyber/Fransom

Quick Analysis of a Modular InfoStealer

isc.sans.edu/diary/rss/27264

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the […]

Daily NCSC-FI news followup 2020-12-18

Kansallinen turvallisuusauditointikriteeristö Katakri 2020 julkaistu valtioneuvosto.fi/-/kansallinen-turvallisuusauditointikriteeristo-katakri-2020-julkaistu Kansallisen turvallisuusviranomainen NSA julkaisee Katakri 2020:n, eli viranomaisten tietoturvallisuuden auditointityökaluksi tarkoitetun kansallisen auditointikriteeristön 18.joulukuuta 2020 verkkoversiona.. Katakrin neljännen version päivitystyön taustalla keskeisimpänä tekijänä on ollut vastaaminen 2020 alusta uusiutuneen kansallisen lainsäädännön muutoksiin.. Painettu julkaisu ja englanninkielinen verkkoversio on saatavilla vuoden 2021 alkupuolella. SolarWinds hackers breach US nuclear weapons agency […]

Daily NCSC-FI news followup 2021-10-01

Flubot Android malware now spreads via fake security updates www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/ The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. Update Google Chrome ASAP to Patch 2 […]