Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets


Apple releases fixes for three WebKit zero-days, additional patches for a fourth


Spam and phishing in Q1 2021

securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns.

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government

www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government Spearphishing emails were sent to various security arms of the Ukrainian government utilizing social engineering lures containing subjects such as: “New COVID-21 Variant” and “An Urgent Computer Update”. This latest iteration of the COVID-themed lures we have been seeing over the past year is not about COVID-19, but a fictitious COVID-21 (bypassing the equally fictitious COVID-20 entirely!) using a fake World Health Organization (WHO) link

NSA releases Cybersecurity Advisory (CSA) on Ensuring Security of Operational Technology

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2589103/nsa-releases-cybersecurity-advisory-on-ensuring-security-of-operational-technol/ The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

New Variant of Buer Loader Written in Rust

www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular. Proofpoint is calling this variant RustyBuer. Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities.

A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges

www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/ Flashpoint has validated recently leaked documents that indicate Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company

Experian API Exposed Credit Scores of Most Americans

krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/ American consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address

You might be interested in …

Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS. 8 U.S. City Websites Targeted in Magecart Attacks threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. Admin of carding portal behind $568M […]

Read More

Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February […]

Read More

Daily NCSC-FI news followup 2021-04-23

Vakava tietomurto valtion palvelimilla rikosilmoitus tehty jo www.tivi.fi/uutiset/tv/bc5371d1-14f5-4dac-897e-0042cbf25e03 Valtion tieto- ja viestintätekniikkakeskus Valtori tiedotti torstaina valtionhallinnon yhteisessä it-ympäristössä todetusta haavoittuvuudesta. Palvelinsovelluksessa ollut haavoittuvuus kosketti useita valtionhallinnon virastoja, joihin Valtori on ollut yhteydessä. Amerikkalaismedia varoitti Suomen poliisia kiistanalaisen kasvojentunnistusohjelman käytöstä KRP kompuroi vastauksessaan yle.fi/uutiset/3-11898702 Poliisi on luopunut Clearview AI -kasvojentunnistusohjelman käytöstä. Ransomware by the numbers: Reassessing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.