Daily NCSC-FI news followup 2021-04-01


BazarCall malware uses malicious call centers to infect victims

www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs the BazarCall malware.

Malware adapted for the Apple M1

www.kaspersky.com/blog/apple-m1-malware/39180/ What’s the difference between the malware adapted for Apple’s new M1 chip and the sort written for good old x86 processors.

Wi-Fi slinger Ubiquiti hints at source code leak after claim of catastrophic’ cloud intrusion emerges

www.theregister.com/2021/04/01/ubiquiti_data_breach/ Source code for Ubiquiti products and other internal info may have been exfiltrated, servers may have been rooted, and whoever’s responsible may be a current or former employee of the company… yet other than with a few stray words, Ubiquiti has chosen to focus on a personal privacy issue it says is not a problem.

Ubiquiti cyberattack may be far worse than originally disclosed

www.bleepingcomputer.com/news/security/ubiquiti-cyberattack-may-be-far-worse-than-originally-disclosed/ The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.

CISA gives federal agencies 5 days to find hacked Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.

Federal agencies given five days to find hacked Exchange servers

www.tripwire.com/state-of-security/government/federal-agencies-given-five-days-to-find-hacked-exchange-servers/ CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results.

Exchange Server attacks: Run this Microsoft malware scanner now, CISA tells government agencies

www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/#ftag=RSSbaffb68 The Cybersecurity and Infrastructure Security Agency (CISA) has instructed US government agencies with on-premise Exchange systems to run Microsoft malware scanners and report results by April 5.

Massive security breach at US universities

dorper.me/articles/unileak.aspx A massive data breach has hit US Universities including Stanford University, University of California, University of Miami, University of Colorado Boulder, Yeshiva University, Syracuse University, and University of Maryland. Hackers have stolen terabytes of student, prospective student, and employee personal information including transcripts, financial info, mailing addresses, phone numbers, usernames, passwords and Social Security Numbers. The hackers are holding the universities at ransom. Unless the universities pay the ransom, the hackers will continue publishing student information.

US DOJ: Phishing attacks use vaccine surveys to steal personal info

www.bleepingcomputer.com/news/security/us-doj-phishing-attacks-use-vaccine-surveys-to-steal-personal-info/ The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.

800Gbps DDoS extortion attack hits gambling company

www.bleepingcomputer.com/news/security/800gbps-ddos-extortion-attack-hits-gambling-company/ Akamai says that in February they dealt with “three of the six biggest volumetric DDoS attacks” the company has ever recorded.

Hakkerit murtautuivat kotien turvakameroihin salasanoja ja lähes loputtomasti videoklippejä kaupan, hinta riippuu sisällön “mielenkiintoisuudesta”

www.tivi.fi/uutiset/tv/a54ea81b-c1cd-426f-a1e4-0186cfba5a8d Kiinan kansalaiset ovat saaneet tottua siihen, että heidän tekemisiään pidetään tarkoin silmällä eikä yksityisyyttä juuri vaalita. Valtiohallinto pitää kirjaa “sosiaalisista pisteistä”, ja lisäksi joutuu pelkäämään pahantahtoisia hakkereita, jotka saattavat tunkeutua ihmisten elämään muun muassa kotien turvakameroiden kautta.

Kryptovaluuttaan sijoittanut latasi vahingossa väärän sovelluksen ja menetti 850000 euron bitcoinit “Apple petti luottamukseni eikä saa päästä pälkähästä”

www.kauppalehti.fi/uutiset/kryptovaluuttaan-sijoittanut-latasi-vahingossa-vaaran-sovelluksen-ja-menetti-850000-euron-bitcoinit-apple-petti-luottamukseni-eika-saa-paasta-palkahasta/f3ba8255-c59d-45d… Bitcoineihin sijoittanut Christodoulou latasi maaliskuussa Applen App storesta sovelluksen, jolla hallita kryptolompakkoaan. Rikolliset onnistuivat tempussa huijaamalla ensin Applea. He olivat saaneet App storeen salaussovelluksen. Hyväksynnän jälkeen sovellus “päivitettiin” näyttämään tunnetun Trezorin kryptolompakolta. Christodouloun kryptolompakko tyhjeni alle sekunnissa.

Huijasitko Call of Duty: Warzone -pelissä? Tietokoneesi saattaa olla nyt saastunut

www.tivi.fi/uutiset/tv/ca288573-a9e9-42d4-9048-999764ba29d0 Warzone-huijarit ovat saattaneet tietämättään asentaa ikävän haittaohjelman tietokoneelleen.

This is where the iPhone hands down beats Android

www.zdnet.com/article/this-is-where-the-iphone-hands-down-beats-android/ But there’s one thing that Apple has that’s spot on — and that’s delivering patches to older handsets.

VMware fixes authentication bypass in data center security software

www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/ VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.

Kyberturvallisuuskeskuksen kadonnut kyberalpakka on löytynyt

yle.fi/aihe/tekstitv?P=863#3 Kiitos kaikille etsinnässä auttaneille ja alpakkahavaintoja jakaneille. Hyvää aprillipäivää!

You might be interested in …

Daily NCSC-FI news followup 2021-01-02

The Week in Ransomware – January 1st 2021 – New Year Edition www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-1st-2021-new-year-edition/ This holiday edition cover the latest ransomware news from the past two weeks, including known ransomware attacks and law enforcement takedowns. Over the past two weeks, we have seen ransomware attacks on scent and flavor designed Symrise, FreePBX developer Sangoma, trucking giant […]

Read More

Daily NCSC-FI news followup 2020-12-20

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ In many of their actions, the attackers took steps to maintain a low profile. For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread […]

Read More

Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026) blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.