Daily NCSC-FI news followup 2021-04-01

www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm/

BazarCall malware uses malicious call centers to infect victims

www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs the BazarCall malware.

Malware adapted for the Apple M1

www.kaspersky.com/blog/apple-m1-malware/39180/ What’s the difference between the malware adapted for Apple’s new M1 chip and the sort written for good old x86 processors.

Wi-Fi slinger Ubiquiti hints at source code leak after claim of catastrophic’ cloud intrusion emerges

www.theregister.com/2021/04/01/ubiquiti_data_breach/ Source code for Ubiquiti products and other internal info may have been exfiltrated, servers may have been rooted, and whoever’s responsible may be a current or former employee of the company… yet other than with a few stray words, Ubiquiti has chosen to focus on a personal privacy issue it says is not a problem.

Ubiquiti cyberattack may be far worse than originally disclosed

www.bleepingcomputer.com/news/security/ubiquiti-cyberattack-may-be-far-worse-than-originally-disclosed/ The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.

CISA gives federal agencies 5 days to find hacked Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.

Federal agencies given five days to find hacked Exchange servers

www.tripwire.com/state-of-security/government/federal-agencies-given-five-days-to-find-hacked-exchange-servers/ CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results.

Exchange Server attacks: Run this Microsoft malware scanner now, CISA tells government agencies

www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/#ftag=RSSbaffb68 The Cybersecurity and Infrastructure Security Agency (CISA) has instructed US government agencies with on-premise Exchange systems to run Microsoft malware scanners and report results by April 5.

Massive security breach at US universities

dorper.me/articles/unileak.aspx A massive data breach has hit US Universities including Stanford University, University of California, University of Miami, University of Colorado Boulder, Yeshiva University, Syracuse University, and University of Maryland. Hackers have stolen terabytes of student, prospective student, and employee personal information including transcripts, financial info, mailing addresses, phone numbers, usernames, passwords and Social Security Numbers. The hackers are holding the universities at ransom. Unless the universities pay the ransom, the hackers will continue publishing student information.

US DOJ: Phishing attacks use vaccine surveys to steal personal info

www.bleepingcomputer.com/news/security/us-doj-phishing-attacks-use-vaccine-surveys-to-steal-personal-info/ The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.

800Gbps DDoS extortion attack hits gambling company

www.bleepingcomputer.com/news/security/800gbps-ddos-extortion-attack-hits-gambling-company/ Akamai says that in February they dealt with “three of the six biggest volumetric DDoS attacks” the company has ever recorded.

Hakkerit murtautuivat kotien turvakameroihin salasanoja ja lähes loputtomasti videoklippejä kaupan, hinta riippuu sisällön “mielenkiintoisuudesta”

www.tivi.fi/uutiset/tv/a54ea81b-c1cd-426f-a1e4-0186cfba5a8d Kiinan kansalaiset ovat saaneet tottua siihen, että heidän tekemisiään pidetään tarkoin silmällä eikä yksityisyyttä juuri vaalita. Valtiohallinto pitää kirjaa “sosiaalisista pisteistä”, ja lisäksi joutuu pelkäämään pahantahtoisia hakkereita, jotka saattavat tunkeutua ihmisten elämään muun muassa kotien turvakameroiden kautta.

Kryptovaluuttaan sijoittanut latasi vahingossa väärän sovelluksen ja menetti 850000 euron bitcoinit “Apple petti luottamukseni eikä saa päästä pälkähästä”

www.kauppalehti.fi/uutiset/kryptovaluuttaan-sijoittanut-latasi-vahingossa-vaaran-sovelluksen-ja-menetti-850000-euron-bitcoinit-apple-petti-luottamukseni-eika-saa-paasta-palkahasta/f3ba8255-c59d-45d… Bitcoineihin sijoittanut Christodoulou latasi maaliskuussa Applen App storesta sovelluksen, jolla hallita kryptolompakkoaan. Rikolliset onnistuivat tempussa huijaamalla ensin Applea. He olivat saaneet App storeen salaussovelluksen. Hyväksynnän jälkeen sovellus “päivitettiin” näyttämään tunnetun Trezorin kryptolompakolta. Christodouloun kryptolompakko tyhjeni alle sekunnissa.

Huijasitko Call of Duty: Warzone -pelissä? Tietokoneesi saattaa olla nyt saastunut

www.tivi.fi/uutiset/tv/ca288573-a9e9-42d4-9048-999764ba29d0 Warzone-huijarit ovat saattaneet tietämättään asentaa ikävän haittaohjelman tietokoneelleen.

This is where the iPhone hands down beats Android

www.zdnet.com/article/this-is-where-the-iphone-hands-down-beats-android/ But there’s one thing that Apple has that’s spot on — and that’s delivering patches to older handsets.

VMware fixes authentication bypass in data center security software

www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/ VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.

Kyberturvallisuuskeskuksen kadonnut kyberalpakka on löytynyt

yle.fi/aihe/tekstitv?P=863#3 Kiitos kaikille etsinnässä auttaneille ja alpakkahavaintoja jakaneille. Hyvää aprillipäivää!

You might be interested in …

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Read More

Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current […]

Read More

Daily NCSC-FI news followup 2020-07-24

Garmin outage caused by confirmed WastedLocker ransomware attack www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/ Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Lisäksi www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/ ja www.forbes.com/sites/leemathews/2020/07/23/garmins-alleged-ransomware-wastedlocker-evil-corp/ ja thehackernews.com/2020/07/garmin-ransomware-attack.html ja threatpost.com/garmin-suffers-ransomware-attack/157698/ Poliisi varoittaa Microsoft huijaussoitoista […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.