Daily NCSC-FI news followup 2021-04-12

Israel appears to confirm it carried out cyberattack on Iran nuclear facility

www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility Israel appeared to confirm claims that it was behind a cyber-attack on Irans main nuclear facility on Sunday, which Tehrans nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators.

Sisä-Suomen poliisilaitoksella on tutkittavana useita WhatsApp-sovelluksen kaappauksia

poliisi.fi/-/sisa-suomen-poliisilaitoksella-on-tutkittavana-useita-whatsapp-sovelluksen-kaappauksia Useat henkilöt ovat ilmoittaneet poliisille tapauksista, joissa oma WhatsApp-tili on kaapattu.. Selvitysten perusteella WhatsApp-tili kaapataan siten, että tuttu yhteystieto pyytää asianomistajan toimittamaan kiireellisesti 6-numeroisen koodin, joka lähetetään asianomistajan puhelimeen.

Dutch supermarkets run out of cheese after ransomware attack

www.bleepingcomputer.com/news/security/dutch-supermarkets-run-out-of-cheese-after-ransomware-attack/ A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets.

Updates on Microsoft Exchange Server Vulnerabilities

us-cert.cisa.gov/ncas/current-activity/2021/04/12/updates-microsoft-exchange-server-vulnerabilities CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

IcedID Circulates Via Web Forms, Google URLs

threatpost.com/icedid-web-forms-google-urls/165347/ Attackers are filling out and submitting web-based contact us forms, thus evading email spam filters.

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

thehackernews.com/2021/04/indian-brokerage-firm-upstox-suffers.html Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web.

Pulse Secure VPN users can’t login due to expired certificate

www.bleepingcomputer.com/news/security/pulse-secure-vpn-users-cant-login-due-to-expired-certificate/ Users worldwide cannot connect to Pulse Secure VPN devices after a code signing certificate used to digitally sign and verify software components has expired.

How ransomware gangs are connected, sharing resources and tactics

blog.malwarebytes.com/ransomware/2021/04/how-ransomware-gangs-are-connected-and-sharing-resources-and-tactics/

You might be interested in …

Daily NCSC-FI news followup 2019-10-03

Casbaneiro: Dangerous cooking with a secret ingredient www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/ Casbaneiro, also known as Metamorfo, is a typical Latin American banking trojan that targets banks and cryptocurrency services in Brazil and Mexico (Figure 1). It uses the social engineering method described in the introduction to our previous article, where fake pop-up windows are displayed. Just a GIF […]

Read More

Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US […]

Read More

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.