Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets


Apple releases fixes for three WebKit zero-days, additional patches for a fourth


Spam and phishing in Q1 2021

securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns.

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government

www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government Spearphishing emails were sent to various security arms of the Ukrainian government utilizing social engineering lures containing subjects such as: “New COVID-21 Variant” and “An Urgent Computer Update”. This latest iteration of the COVID-themed lures we have been seeing over the past year is not about COVID-19, but a fictitious COVID-21 (bypassing the equally fictitious COVID-20 entirely!) using a fake World Health Organization (WHO) link

NSA releases Cybersecurity Advisory (CSA) on Ensuring Security of Operational Technology

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2589103/nsa-releases-cybersecurity-advisory-on-ensuring-security-of-operational-technol/ The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

New Variant of Buer Loader Written in Rust

www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular. Proofpoint is calling this variant RustyBuer. Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities.

A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges

www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/ Flashpoint has validated recently leaked documents that indicate Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company

Experian API Exposed Credit Scores of Most Americans

krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/ American consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address

You might be interested in …

Daily NCSC-FI news followup 2019-12-13

G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike […]

Read More

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.