Daily NCSC-FI news followup 2021-05-08

Largest U.S. pipeline shuts down operations after ransomware attack

www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/ Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack. Colonial Pipeline transports refined petroleum products between refineries located in the Gulf Coast and markets throughout the southern and eastern United States. The company transports 2.5 million barrels per day through its 5,500 mile pipeline and provides 45% of all fuel consumed on the East Coast.. Also:

threatpost.com/pipeline-crippled-ransomware/165963/.

www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/

How China turned a prize-winning iPhone hack against the Uyghurs

www.technologyreview.com/2021/05/06/1024621/china-apple-spy-uyghur-hacker-tianfu/ An attack that targeted Apple devices was used to spy on Chinas Muslim minorityand US officials claim it was developed at the countrys top hacking competition.. In March 2017, a group of hackers from China arrived in Vancouver with one goal: Find hidden weak spots inside the worlds most popular technologies. Googles Chrome browser, Microsofts Windows operating system, and Apples iPhones were all in the crosshairs. But no one was breaking the law. These were just some of the people taking part in Pwn2Own, one of the worlds most prestigious hacking competitions.

Instagramista löytyi useita vaarallisia tilejä varo näiltä tulevia yhteydenottoja

www.iltalehti.fi/tietoturva/a/e62af4f1-b397-4ba6-8e89-b284e6dfb44f Instagramissa erottuu uusi huijaustrendi, jossa rikolliset perustavat valetilejä oikeiden tilien seuraajien huijaamiseksi arvontojen avulla. Liikkeellä on useita valetilejä, jotka on luotu imitoimaan aitoja, suosittuja tilejä. Valetilit on tavallisesti luotu niin, että niissä on käytetty aitojen tilien kuvia sekä kuvausta, jolloin ne ovat suoria kopioita. Toisissa tapauksissa tili saattaa olla tehty niin, että se näyttää oikean tilin rinnakkaistililtä, jonka kautta väitetään arvontojen palkintojenjaon tapahtuvan. Valetilit ilmestyvät usein nopeasti sen jälkeen, kun aito tili on laittanut pystyyn arvonnan.

Business email compromise campaign targets wide range of orgs with gift card scam

www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/ Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud. In this blog, we want to share our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft.

Ransomware gangs have leaked the stolen data of 2,100 companies so far

www.bleepingcomputer.com/news/security/ransomware-gangs-have-leaked-the-stolen-data-of-2-100-companies-so-far/ Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites. When modern ransomware operations began in 2013, the attacker’s goal was to encrypt as many companies as possible and then demand a ransom payment for a decryptor. Since the beginning of 2020, ransomware operations began conducting a new tactic called double-extortion.

ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality

www.wired.com/story/isps-funded-85-million-fake-comments-opposing-net-neutrality/ The secret campaign, backed by major broadband companies, used real peoples names without their consent. THE LARGEST INTERNET providers in the US funded a campaign that generated “8.5 million fake comments” to the Federal Communications Commission as part of the ISPs’ fight against net neutrality rules during the Trump administration, according to a report issued Thursday by New York state attorney general Letitia James.

Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?

blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/ Truesec has documented how Russian ransomware gangs profit from being left alone by Russian law enforcement, but connections seem to go even deeper. In October 2020, the Russian-based threat actor known as Evil Corp conducted a ransomware attack against a major corporation. The attack vector to gain initial access was a drive-by compromise: a legitimate website was compromised and visitors to the website were prompted to download a fake Chrome update; a ZIP file, containing a JavaScript file.

You might be interested in …

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from […]

Read More

Daily NCSC-FI news followup 2021-06-30

Public Windows PrintNightmare 0-day exploit allows domain takeover www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ Another vulnerability, CVE-2021-1675 also regarding Print Spooler, was fixed in the Microsoft June update. Researchers from Chinese security company Sangfor, decided to release their writeup and demo exploit called PrintNightmareand believed to release information about the same issue. As it turns out PrintNightmare is not the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.