Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets


Apple releases fixes for three WebKit zero-days, additional patches for a fourth


Spam and phishing in Q1 2021

securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns.

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government

www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government Spearphishing emails were sent to various security arms of the Ukrainian government utilizing social engineering lures containing subjects such as: “New COVID-21 Variant” and “An Urgent Computer Update”. This latest iteration of the COVID-themed lures we have been seeing over the past year is not about COVID-19, but a fictitious COVID-21 (bypassing the equally fictitious COVID-20 entirely!) using a fake World Health Organization (WHO) link

NSA releases Cybersecurity Advisory (CSA) on Ensuring Security of Operational Technology

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2589103/nsa-releases-cybersecurity-advisory-on-ensuring-security-of-operational-technol/ The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

New Variant of Buer Loader Written in Rust

www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular. Proofpoint is calling this variant RustyBuer. Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities.

A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges

www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/ Flashpoint has validated recently leaked documents that indicate Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company

Experian API Exposed Credit Scores of Most Americans

krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/ American consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address

You might be interested in …

Daily NCSC-FI news followup 2020-02-11

Will an immobilizer save your car from being stolen? www.kaspersky.com/blog/36c3-immobilizers/32419/ Automobiles are getting ever smarter, and cracking them with a crowbar and a screwdriver is getting ever more difficult. Statistics back up that assumption: According to research from Jan C. van Ours and Ben Vollaard highlighting car theft and recovery data, vehicle theft decreased by […]

Read More

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai […]

Read More

Daily NCSC-FI news followup 2020-05-26

New Zealand introduces Bill to block violent extremist content www.zdnet.com/article/new-zealand-introduces-bill-to-block-violent-extremist-content/ It would make livestreaming of objectionable content a criminal offence, censorship calls will be made immediately, and take-down notices will be backed by law. YK: kyberiskuissa roimaa kasvua supervalta boikotoi kokousta www.tivi.fi/uutiset/tv/b9faeb00-ec81-42a1-ba54-18f88164034f YK varoitti perjantaina kyberrikosten olevan kasvussa koronapandemian aikana. YK:n ep√§virallisessa turvallisuusneuvoston kokouksessa perjantaina […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.