Daily NCSC-FI news followup 2021-04-08

Researchers uncover a new Iranian malware used in recent cyberattacks

thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting financial, government, energy, chemical, and telecommunications industries in the Middle East. Aside from gathering basic information about the victim’s machine, the backdoor establishes connections with a remote server to await additional commands that allow it to download files from the server, upload arbitrary files, and execute shell commands, the results of which are posted back to the server.

EU joutui taas kyberiskun kohteeksi “valvotaan ympäri vuorokauden”

www.tivi.fi/uutiset/tv/8e9b421c-477e-4192-bc4f-5a685c6b0919 Euroopan komissio kertoo joutuneensa maaliskuussa kyberiskun kohteeksi. Tietoturvaloukkauksella oli vaikutusta myös moniin muihin EU-instituutioihin, Bleeping Computer kirjoittaa. “Työskentelemme läheisesti EU:n cert-tiimin (computer emergency response team), EU-instituutioiden sekä kyseessä olevien it-ratkaisujen toimittajien kanssa tapauksen selvittämiseksi”, komission edustaja sanoo. “Merkittävästä tietomurrosta” ei toistaiseksi ole havaintoa, mutta tutkimusten kerrotaan olevan vasta alkuvaiheessa.

Indian defense chief admits China’s cyber-weapons would disrupt large number of systems’ whenever Beijing presses the button

www.theregister.com/2021/04/08/india_admits_china_outmatches_cyber_defences/ The highest-ranked officer in India’s armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation’s defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor. Asked about capability gaps between India and China, general Rawat admitted India is behind China in several military fields, then added: “The biggest differential lies in the field of cyber.”

Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link

www.bloomberg.com/news/articles/2021-03-24/australian-minister-in-phishing-attack-as-report-reveals-hk-link A second senior Australian government minister has revealed his mobile phone was hacked through the Telegram messaging app, with a media report saying the phishing scam was aimed at revealing contact details of pro-democracy activists in Hong Kong.

REvil ransomware now changes password to auto-login in Safe Mode

www.bleepingcomputer.com/news/security/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode/ A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords.

(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor

www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Securit… ESET researchers have discovered a previously undocumented Lazarus backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva. The backdoor consists of multiple components and communicates with its C&C server via the Tor network. So far, we were able to find its installer, loader and main payload a backdoor with a TorSocket DLL. The previously unknown attack was discovered in June 2020.

Another supply-chain attack? Android maker Gigaset injects malware into victims’ phones via poisoned update

www.theregister.com/2021/04/07/gigaset_supply_chain_malware_android_phones/ Android smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack. The Trojan, once downloaded and installed on a victim’s device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.

Belden says health benefits data stolen in 2020 cyberattack

www.bleepingcomputer.com/news/security/belden-says-health-benefits-data-stolen-in-2020-cyberattack/ Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9, 000 people. In November 2020, Belden disclosed they had suffered a cyberattack where threat actors gained access and copied “some current and former employee data, as well as limited company information regarding some business partners.”. In a new disclosure released yesterday, Belden says their investigation has revealed that the threat actors accessed further data during this attack.

Tech support scammers lure victims with fake antivirus billing emails

www.bleepingcomputer.com/news/security/tech-support-scammers-lure-victims-with-fake-antivirus-billing-emails/ The emails pretend to be billing notices from Norton Lifelock, Microsoft, and McAfee that state the recipient will be charged between $350 to $399 for a three-year subscription unless they call to cancel the subscription. The threat actors constantly change the email subjects, but they all pretend to be a billing subscription from a well-known security security company. When users call into the included phone numbers, the scammers will install various remote access software that threat actors will use to install malware on the computer.

Belgian police seize 28 tons of cocaine after ‘cracking’ Sky ECC’s chat app encryption

www.theregister.com/2021/04/08/sky_ecc_drugs/ Sky ECC was a subscription-based end-to-end encrypted messaging app made by Sky Global and bundled on Google, Apple, Nokia, and BlackBerry handsets stripped of their GPS units, cameras, and microphones the idea being that you could chat via text with other users without fear of being snooped on. European police pulled off a combined operation and shut down Sky Global and swooped on it users and distributors.

Microsoft releases a cyberattack simulator – Shall we play a game?

www.bleepingcomputer.com/news/security/microsoft-releases-a-cyberattack-simulator-shall-we-play-a-game/ Microsoft has released an open-source cyberattack simulator that allows security researchers and data scientists to create simulated network environments and see how they fare against AI-controlled cyber agents.

Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall

www.bleepingcomputer.com/news/security/windows-10-hacked-again-at-pwn2own-chrome-and-zoom-also-fall/ Contestants hacked Microsoft’s Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform.

How Vulnerability Management Can Stop a Data Breach

securityintelligence.com/posts/vulnerability-management-stop-data-breach/ Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2, 000 surveyed IT and security workers indicated that they had suffered a data breach in the last two years that could be blamed squarely on unpatched vulnerabilities.

You might be interested in …

Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden. The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations […]

Read More

Daily NCSC-FI news followup 2021-05-29

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs us-cert.cisa.gov/ncas/alerts/aa21-148a The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). CISA and FBI acknowledge open-source reporting attributing the activity discussed in the report to […]

Read More

Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.