Daily NCSC-FI news followup 2021-04-06

Spy Operations Target Vietnam with Sophisticated RAT

threatpost.com/spy-operations-vietnam-rat/165243/ An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013. The malware used in the campaign, dubbed FoundCore, allows attackers to conduct filesystem manipulation, process manipulation, screenshot captures and arbitrary command execution.

Hackers From China Target Vietnamese Military and Government

thehackernews.com/2021/04/hackers-from-china-target-vietnamese.html A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed “FoundCore.”

European Commission, other EU orgs recently hit by cyber-attack

www.bleepingcomputer.com/news/security/european-commission-other-eu-orgs-recently-hit-by-cyber-attack/ The European Commission and several other European Union organizations were hit by a cyberattack in March, according to a European Commission spokesperson. No “major information breach” was detected so far, although forensic analysis of the intrusion attempts is still in the initial phase, and no conclusive information is available.

Ransom Gangs Emailing Victim Customers for Leverage

krebsonsecurity.com/2021/04/ransom-gangs-emailing-victim-customers-for-leverage/ Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. “Sadly, regardless of whether a ransom is paid, consumers whose data has been stolen are still at risk as there is no way of knowing if ransomware gangs delete the data as they promise”

Ransomware hits TU Dublin and National College of Ireland

www.bleepingcomputer.com/news/security/ransomware-hits-tu-dublin-and-national-college-of-ireland/ The National College of Ireland (NCI) and the Technological University of Dublin have announced that ransomware attacks hit their IT systems. At the moment, no information is available on the ransomware gangs behind the two attacks. An NCI spokesperson was not available for comment when contacted by BleepingComputer earlier today.

Industries critical to COVID-19 response suffer surge in cloud cyberattacks

www.zdnet.com/article/industries-critical-to-covid-19-response-suffer-surge-in-cloud-cyberattacks Industries and organizations critical to the fight against COVID-19 have faced a surge in cyberattacks due to their rapid transition to cloud platforms in light of the pandemic. Industries critical to COVID-19 management have suffered a particular uptick in cloud security incidents. According to the report, retail, manufacturing, and government entities have been struck hardest with attack attempts increasing by 402%, 230%, and 205% respectively during the pandemic.

Malicious Cyber Activity Targeting Critical SAP Applications

us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications.

Have I Been Pwned adds search for leaked Facebook phone numbers

www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-search-for-leaked-facebook-phone-numbers/ Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site’s recent data leak. For example, if you wanted to check if your phone number was part of the Facebook data leak, you would need to use a search in the format ‘19175555555.’ If you are in the UK, you would need to include your country code as well, so a searchable phone number format would be ‘+442071838750.’. Hunt states that the + symbol is optional and will be stripped when searching, as shown below.

Facebook data leak now under EU data regulator investigation

www.bleepingcomputer.com/news/security/facebook-data-leak-now-under-eu-data-regulator-investigation/ Ireland’s Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. “Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.”

Teemu teki suomalaisille Facebook-vuodon uhreille sivuston, jota viranomaiset eivät suosittele käytettävän kymmeniä tuhansia kävijöitä

www.is.fi/digitoday/tietoturva/art-2000007903051.html Pääsiäisenä julki tulleen suuren Facebook-vuodon osallisille on pystytetty anonyymi verkkopalvelu, jossa voi tarkistaa, onko oma puhelinnumero ja mahdollisesti muitakin Facebook-tietoja päätynyt verkkoon. “Sen käyttö ei ole Kyberturvallisuuskeskuksen mielestä järkevää.”. “Hetken mielijohteesta en suosittele lataamaan tietovuodossa vuodettuja tietoja ja laittamaan niitä internetiin saataville.”

Facebookin vastaus tietovuotoon ällistyttää luuleeko yhtiö, että syntymäaika vanhentuu?

www.tivi.fi/uutiset/tv/67e36cd6-8c95-45ae-92e7-d5e6473ee083 Facebook tuntuu käsittämättömän välinpitämättömältä, vaikka yli 500 miljoonan käyttäjän henkilökohtaisia tietoja liikkuu netissä. Facebookilta on kysytty kommenttia jättimäisestä tietovuodosta. Mark Zuckerbergin edustaja kommentoi The Registerille vain, että kyse on vuoden 2019 tiedoista, ja että vuoto raportoitiin ja haavoittuvuus korjattiin jo tuolloin.

LinkedIn Spear-Phishing Campaign Targets Job Hunters

threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Fake job offers lure professionals into downloading the more_eggs backdoor trojan. The phishing emails try to trick a victim into clicking on a malicious.ZIP file by picking up the victim’s current job title and adding the word “position” at the end, making it appear like a legitimate offer.

Suomalaisia jymäytetään pelottavan uskottavilla pankki­huijauksilla, vanha neuvo ei suojaa erottaisitko nämä aidoista?

www.is.fi/digitoday/tietoturva/art-2000007902153.html Nyt poistuneella verkkosivulla oli tarkkaan alkuperäisestä kopioitu ulkoasu sekä hyväksytty verkkovarmenne. Vastaavia saattaa tulla lisää milloin vain. Suomalaisia on harhautettu huijaussivustolla, joka on tarkka kopio Nordean sisäänkirjautumissivustosta. Sivun graafinen ulkoasu vastaa pankin omaa, minkä lisäksi sen verkko-osoite on suhteellisen uskottavan oloinen nordeatarkistaa.com. Myös Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus varoittaa aktiivisista verkkopankkihuijauksista. Viraston twiitin perusteella verkossa on myös aidonnäköisiä OP:n nimissä tehtyjä huijaussivuja.

Check you own the website before you send out the press release

grahamcluley.com/check-you-own-the-website-before-you-send-out-the-press-release/ The end of last month saw the official launch of the UK Cyber Security Council, a government-backed consortium with a mandate to boost career opportunities and professional standards in the cybersecurity sector, attract more talent, and increase diversity in the industry. To the casual reader that looks fine. And maybe some journalists will have emailed [email protected] or even tried to visit the UK Cyber Security Council’s website at ukcybersecurity.org.uk. Not only did the email address not work but actually no-one had registered the ukcybersecurity.org.uk domain at all.

Microsoft Defender for Endpoint now supports Windows 10 Arm devices

www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-endpoint-now-supports-windows-10-arm-devices/ Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices. Defender for Endpoint’s functionality and capabilities are identical on devices Windows 10 on Arm devices, providing everything from the onboarding experience to device inventory, response actions, advanced hunting, alerts, and more.

Voiko it-osasto lukea Teams-keskustelujasi? Näin se on mahdollista

www.tivi.fi/uutiset/tv/6fdb55a2-d815-4f47-9893-7d86544be9d3 Microsoft Teamsista on tullut olennainen osa monen organisaation toimintaa etätyösuositusten myötä. it-osastot ovat hiljattain alkaneet heräillä siihen, että joissain tapauksissa Teamsin chatteja olisi syytä valvoa. Tech Target on ohjeistanut asiasta kiinnostuneita siitä, miten yrityksen Teams-keskusteluja voi teknisesti valvoa. Microsoft 365:stä löytyy tarvittava työkalu, mutta sen käyttöönotto vaatii hieman säätämistä.

The Opportunitiesand Obstaclesfor Women at NSA and Cyber Command

www.wired.com/story/women-cybersecurity-nsa-cyber-command/ WIRED spoke with three women working in cybersecurity in the US intelligence committee about the progress of recent years and the work that remains. Working in cybersecurity within the United States intelligence community means navigating a warren of male-dominated fields. Inequalities persist, but three senior-level women at the National Security Agency and Cyber Command offered WIRED rare insights into how those organizations have evolvedand the hard work that remains to be done.

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

threatpost.com/apple-mail-zero-click-security-vulnerability/165238/ A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party;. the ability to modify a victim’s Mail configuration, including mail redirects which enables takeover of victim’s other accounts via password resets;. and the ability to change the victim’s configuration so that the attack can propagate to correspondents in a worm-like fashion.

You might be interested in …

Daily NCSC-FI news followup 2020-09-09

Netwalker ransomware hits Pakistan’s largest private power utility www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/ K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. In a Tor payment page seen by BleepingComputer, the ransomware operators demand a $3, 850, 000 ransom payment. If a ransom is […]

Read More

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]

Read More

Daily NCSC-FI news followup 2020-10-31

Code of Practice for Cyber Security and Safety in Engineering www.ncsc.gov.uk/news/code-of-practice-cyber-security-and-safety-in-engineering The Institution of Engineering and Technology has published a Code of Practice with the support of the NCSC. A Code of Practice to help the engineering sector implement effective cyber security has been published today. The Code, developed by the Institution of Engineering and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.