Daily NCSC-FI news followup 2021-05-09

Twitter scammers impersonate SNL in Elon Musk cryptocurrency scams

www.bleepingcomputer.com/news/security/twitter-scammers-impersonate-snl-in-elon-musk-cryptocurrency-scams/ Twitter scammers are jumping on Elon Musk’s hosting of Saturday Night Live to push cryptocurrency scams to steal people’s Bitcoin, Ethereum, and Dogecoin. For the past year, we have been reporting how scammers have been raking in hundreds of thousands of dollars by promoting fake giveaway scams from well-known people or companies, such as Elon Musk, Tesla, and Gemini Exchange.

Who is Probing the Internet for Research Purposes?

isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Shodan is one of the most familiar site for research on what is on the internet. In Oct 2020 I did a diary on Censys, another site collecting similar information like Shodan. The next two sites are regularly scanning the internet for data which isn’t shared with the security community at large. Net Systems Research probe the internet for research, but none of the data is accesible or published on the site. This is part of the message About Us: “Net Systems Research was founded in 2015 by a group of security data researchers who wanted to utilize a global view of the internet to study these difficult and emerging internet security challenges and understand the resulting implications.”

Colonial Hackers Stole Data Thursday Ahead of Shutdown

www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter. The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based companys network in just two hours on Thursday, two people involved in Colonials investigation said.

Amazon Fake Reviews Scam Exposed in Data Breach

www.safetydetectives.com/blog/amazon-reviews-leak-report/ The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities.

Cybersecurity Ignorance Is Dangerous

foreignpolicy.com/2021/05/03/cybersecurity-ignorance-is-dangerous/ A new book gets the policy recommendations right while making technical errors that could undermine trust in its conclusions. In one of the biggest tech book launches of 2021, Nicole Perlroth, a cybersecurity reporter at the New York Times, published This Is How They Tell Me The World Ends to cheers from the general public, plaudits from fellow journalists, and a notable wave of criticism from many in the cybersecurity community.. Perlroths book about the global market in cyberweapons is a riveting read that mixes profound truth on policy with occasional factual errors, and it ultimately achieves its goal of scaring the shit out of anyone who doesnt know much about the topic.

Do You Suddenly Need To Stop Using Facebook?

www.forbes.com/sites/zakdoffman/2021/05/09/this-is-why-you-should-delete-facebook-on-your-iphone-ipad-android-pc-or-mac/ A serious new warning this week for Facebooks more than 2.5 billion users. Its easy to dismiss the dangers of data harvesting and tracking, until you realize how dangerous and invasive it can be to you personally. As weve just seen, Facebook likely knows some of your darkest secrets and you should take action to protect your privacy. In a devilishly clever attack, as first reported on Forbes, Signal weaponized Facebooks data harvesting this week to attack the tech giant, using targeting criteria in a series of proposed ads. Yes, the story made headlinesbut almost all the coverage missed the most serious point. Behind the detail is a warning and a reason to delete Facebook.

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs

blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html Since April 2021, Cisco Talos has observed updated infrastructure and new components associated with the Lemon Duck cryptocurrency mining botnet that target unpatched Microsoft Exchange Servers and attempt to download and execute payloads for Cobalt Strike DNS beacons. This activity reflects updated tactics, techniques, and procedures (TTPs) associated with this threat actor. After several zero-day Microsoft Exchange Server vulnerabilities were made public on March 2, Cisco Talos and several other security researchers began observing various threat actors, including Lemon Duck, leveraging these vulnerabilities for initial exploitation before security patches were made available.

You might be interested in …

Daily NCSC-FI news followup 2021-05-20

China could soon have stronger privacy laws than the U.S. www.protocol.com/china/china-privacy-laws-surpass-usa In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and […]

Read More

Daily NCSC-FI news followup 2020-02-03

TERVEYSTALON SÄHKÖISEEN VERKKOAJANVARAUKSEEN ON KOHDISTUNUT TIETOJENKALASTELUA www.terveystalo.com/fi/Sijoittajat/Tiedotteet/?crid=2AECEBB792F63309 Terveystalon sähköiseen verkkoajanvaraukseen on kohdistunut tietojenkalastelua. Tämän seurauksena yksittäisten henkilöiden henkilötunnus on todennäköisesti saatu selvitettyä. Verkkoajanvarauksessa ei käsitellä potilastietoja, ainoastaan nimi- ja henkilötunnustietoja. Potilastietoja verkkoajanvarauksen kautta ei saa selvitettyä.. Lue myös yle.fi/uutiset/3-11189706, www.hs.fi/kotimaa/art-2000006393563.html, www.is.fi/digitoday/tietoturva/art-2000006394014.html ja www.is.fi/digitoday/tietoturva/art-2000006394067.html Hakkerointi on yhtä murhaava ase kuin ohjusisku, sanoo Israelin armeijan tiedustelun veteraani […]

Read More

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.