Daily NCSC-FI news followup 2021-04-01

www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm/

BazarCall malware uses malicious call centers to infect victims

www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs the BazarCall malware.

Malware adapted for the Apple M1

www.kaspersky.com/blog/apple-m1-malware/39180/ What’s the difference between the malware adapted for Apple’s new M1 chip and the sort written for good old x86 processors.

Wi-Fi slinger Ubiquiti hints at source code leak after claim of catastrophic’ cloud intrusion emerges

www.theregister.com/2021/04/01/ubiquiti_data_breach/ Source code for Ubiquiti products and other internal info may have been exfiltrated, servers may have been rooted, and whoever’s responsible may be a current or former employee of the company… yet other than with a few stray words, Ubiquiti has chosen to focus on a personal privacy issue it says is not a problem.

Ubiquiti cyberattack may be far worse than originally disclosed

www.bleepingcomputer.com/news/security/ubiquiti-cyberattack-may-be-far-worse-than-originally-disclosed/ The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.

CISA gives federal agencies 5 days to find hacked Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.

Federal agencies given five days to find hacked Exchange servers

www.tripwire.com/state-of-security/government/federal-agencies-given-five-days-to-find-hacked-exchange-servers/ CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results.

Exchange Server attacks: Run this Microsoft malware scanner now, CISA tells government agencies

www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/#ftag=RSSbaffb68 The Cybersecurity and Infrastructure Security Agency (CISA) has instructed US government agencies with on-premise Exchange systems to run Microsoft malware scanners and report results by April 5.

Massive security breach at US universities

dorper.me/articles/unileak.aspx A massive data breach has hit US Universities including Stanford University, University of California, University of Miami, University of Colorado Boulder, Yeshiva University, Syracuse University, and University of Maryland. Hackers have stolen terabytes of student, prospective student, and employee personal information including transcripts, financial info, mailing addresses, phone numbers, usernames, passwords and Social Security Numbers. The hackers are holding the universities at ransom. Unless the universities pay the ransom, the hackers will continue publishing student information.

US DOJ: Phishing attacks use vaccine surveys to steal personal info

www.bleepingcomputer.com/news/security/us-doj-phishing-attacks-use-vaccine-surveys-to-steal-personal-info/ The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.

800Gbps DDoS extortion attack hits gambling company

www.bleepingcomputer.com/news/security/800gbps-ddos-extortion-attack-hits-gambling-company/ Akamai says that in February they dealt with “three of the six biggest volumetric DDoS attacks” the company has ever recorded.

Hakkerit murtautuivat kotien turvakameroihin salasanoja ja lähes loputtomasti videoklippejä kaupan, hinta riippuu sisällön “mielenkiintoisuudesta”

www.tivi.fi/uutiset/tv/a54ea81b-c1cd-426f-a1e4-0186cfba5a8d Kiinan kansalaiset ovat saaneet tottua siihen, että heidän tekemisiään pidetään tarkoin silmällä eikä yksityisyyttä juuri vaalita. Valtiohallinto pitää kirjaa “sosiaalisista pisteistä”, ja lisäksi joutuu pelkäämään pahantahtoisia hakkereita, jotka saattavat tunkeutua ihmisten elämään muun muassa kotien turvakameroiden kautta.

Kryptovaluuttaan sijoittanut latasi vahingossa väärän sovelluksen ja menetti 850000 euron bitcoinit “Apple petti luottamukseni eikä saa päästä pälkähästä”

www.kauppalehti.fi/uutiset/kryptovaluuttaan-sijoittanut-latasi-vahingossa-vaaran-sovelluksen-ja-menetti-850000-euron-bitcoinit-apple-petti-luottamukseni-eika-saa-paasta-palkahasta/f3ba8255-c59d-45d… Bitcoineihin sijoittanut Christodoulou latasi maaliskuussa Applen App storesta sovelluksen, jolla hallita kryptolompakkoaan. Rikolliset onnistuivat tempussa huijaamalla ensin Applea. He olivat saaneet App storeen salaussovelluksen. Hyväksynnän jälkeen sovellus “päivitettiin” näyttämään tunnetun Trezorin kryptolompakolta. Christodouloun kryptolompakko tyhjeni alle sekunnissa.

Huijasitko Call of Duty: Warzone -pelissä? Tietokoneesi saattaa olla nyt saastunut

www.tivi.fi/uutiset/tv/ca288573-a9e9-42d4-9048-999764ba29d0 Warzone-huijarit ovat saattaneet tietämättään asentaa ikävän haittaohjelman tietokoneelleen.

This is where the iPhone hands down beats Android

www.zdnet.com/article/this-is-where-the-iphone-hands-down-beats-android/ But there’s one thing that Apple has that’s spot on — and that’s delivering patches to older handsets.

VMware fixes authentication bypass in data center security software

www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/ VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.

Kyberturvallisuuskeskuksen kadonnut kyberalpakka on löytynyt

yle.fi/aihe/tekstitv?P=863#3 Kiitos kaikille etsinnässä auttaneille ja alpakkahavaintoja jakaneille. Hyvää aprillipäivää!

You might be interested in …

Daily NCSC-FI news followup 2021-03-25

Supon vuosikirja 2020: Terrorismin uhka-arviossa näkyy äärioikeiston muuttunut tilannekuva supo.fi/-/supon-vuosikirja-2020-terrorismin-uhka-arviossa-nakyy-aarioikeiston-muuttunut-tilannekuva Terrorismin uhka Suomessa on edelleen tasolla kaksi eli kohonnut. Suurin muutos on tapahtunut äärioikeistolaisen terrorismin tilannekuvassa. Koronapandemia vaikutti kybervakoilun kasvuun. Suojelupoliisi havaitsi poikkeuksellisen intensiivisiä valtiollisia kybervakoiluyrityksiä, jotka kohdistuivat Suomen ulko- ja turvallisuuspoliittisen päätöksenteon valmisteluun. Cybersecurity: Council adopts conclusions on the EU’s cybersecurity strategy www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/ The […]

Read More

Daily NCSC-FI news followup 2020-06-05

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails threatpost.com/trump-biden-campaign-apt-phishing-emails/156319/ Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.. Huntley said that the Iran-linked APT targeting Bidens campaign staff was APT 31 (also known as Zirconium). According to reports, this threat actor is tied […]

Read More

Daily NCSC-FI news followup 2021-01-10

Eilakaisla joutui kyber­hyökkäyksen kohteeksi henkilö­tietojen vuoto ei pois suljettua www.hs.fi/kotimaa/art-2000007731435.html Henkilöstöpalvelualan yritys Eilakaisla joutui viikonloppuna kyberhyökkäyksen kohteeksi. Yritys tiedotti sunnuntaina, että kiristyshaittaohjelmalla perjantaina tehdyn hyökkäyksen vuoksi Eilakaislan palvelin lakkasi sinä päivänä toimimasta. Hyökkäyksen takia on mahdollista, että työnhakijoiden ja työntekijöiden henkilötietoja sekä asiakkaiden laskutustietoja on vaarantunut.. Myös: yle.fi/uutiset/3-11730761. www.is.fi/digitoday/tietoturva/art-2000007731487.html Miten kyber­uhkien torjuntaa pitäisi kehittää? www.tivi.fi/uutiset/tv/1cfc4f24-2da5-4a3a-9d86-26f9f0898f81 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.