Daily NCSC-FI news followup 2021-05-09

Twitter scammers impersonate SNL in Elon Musk cryptocurrency scams

www.bleepingcomputer.com/news/security/twitter-scammers-impersonate-snl-in-elon-musk-cryptocurrency-scams/ Twitter scammers are jumping on Elon Musk’s hosting of Saturday Night Live to push cryptocurrency scams to steal people’s Bitcoin, Ethereum, and Dogecoin. For the past year, we have been reporting how scammers have been raking in hundreds of thousands of dollars by promoting fake giveaway scams from well-known people or companies, such as Elon Musk, Tesla, and Gemini Exchange.

Who is Probing the Internet for Research Purposes?

isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Shodan is one of the most familiar site for research on what is on the internet. In Oct 2020 I did a diary on Censys, another site collecting similar information like Shodan. The next two sites are regularly scanning the internet for data which isn’t shared with the security community at large. Net Systems Research probe the internet for research, but none of the data is accesible or published on the site. This is part of the message About Us: “Net Systems Research was founded in 2015 by a group of security data researchers who wanted to utilize a global view of the internet to study these difficult and emerging internet security challenges and understand the resulting implications.”

Colonial Hackers Stole Data Thursday Ahead of Shutdown

www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter. The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based companys network in just two hours on Thursday, two people involved in Colonials investigation said.

Amazon Fake Reviews Scam Exposed in Data Breach

www.safetydetectives.com/blog/amazon-reviews-leak-report/ The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities.

Cybersecurity Ignorance Is Dangerous

foreignpolicy.com/2021/05/03/cybersecurity-ignorance-is-dangerous/ A new book gets the policy recommendations right while making technical errors that could undermine trust in its conclusions. In one of the biggest tech book launches of 2021, Nicole Perlroth, a cybersecurity reporter at the New York Times, published This Is How They Tell Me The World Ends to cheers from the general public, plaudits from fellow journalists, and a notable wave of criticism from many in the cybersecurity community.. Perlroths book about the global market in cyberweapons is a riveting read that mixes profound truth on policy with occasional factual errors, and it ultimately achieves its goal of scaring the shit out of anyone who doesnt know much about the topic.

Do You Suddenly Need To Stop Using Facebook?

www.forbes.com/sites/zakdoffman/2021/05/09/this-is-why-you-should-delete-facebook-on-your-iphone-ipad-android-pc-or-mac/ A serious new warning this week for Facebooks more than 2.5 billion users. Its easy to dismiss the dangers of data harvesting and tracking, until you realize how dangerous and invasive it can be to you personally. As weve just seen, Facebook likely knows some of your darkest secrets and you should take action to protect your privacy. In a devilishly clever attack, as first reported on Forbes, Signal weaponized Facebooks data harvesting this week to attack the tech giant, using targeting criteria in a series of proposed ads. Yes, the story made headlinesbut almost all the coverage missed the most serious point. Behind the detail is a warning and a reason to delete Facebook.

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs

blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html Since April 2021, Cisco Talos has observed updated infrastructure and new components associated with the Lemon Duck cryptocurrency mining botnet that target unpatched Microsoft Exchange Servers and attempt to download and execute payloads for Cobalt Strike DNS beacons. This activity reflects updated tactics, techniques, and procedures (TTPs) associated with this threat actor. After several zero-day Microsoft Exchange Server vulnerabilities were made public on March 2, Cisco Talos and several other security researchers began observing various threat actors, including Lemon Duck, leveraging these vulnerabilities for initial exploitation before security patches were made available.

You might be interested in …

Daily NCSC-FI news followup 2021-08-03

Five Southeast Asian telcos hacked by three different Chinese espionage groups therecord.media/five-southeast-asian-telcos-hacked-by-three-different-chinese-espionage-groups/ At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups. “These are global telcos with tens of millions of customers, ” Assaf Dahan, Senior Director and Head of Threat Research at security […]

Read More

Daily NCSC-FI news followup 2020-01-17

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html As noted in Rough Patch: I Promise It’ll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix […]

Read More

Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also: www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/, www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack Microsoft details the most clever phishing techniques it saw in 2019 www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.