Daily NCSC-FI news followup 2021-05-28

APT29: Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns

www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered. This file contained a malicious LNK file, a malicious DLL file, and a legitimate lure referencing foreign threats to the 2020 US Federal Elections.

APT29: SVR cyberspies used iOS zero-day in recent phishing campaign

therecord.media/svr-cyberspies-used-ios-zero-day-in-recent-phishing-campaign/ APT29 took control over the Constant Contact account and used it to send around 3, 000 booby-trapped emails to more than 150 organizations across 24 countries. In the vast majority of emails, the hackers sent links to victims that redirected them to websites that used JavaScript code to drop a malicious ISO image file on their computers. What was notable of the recent attacks was that in particular cases, the hackers filtered incoming users and directed iOS users to a special page where they deployed a Safari iOS zero-day bug to infect victims’ devices.

Chinese cyberspies are targeting US, EU orgs with new malware

www.bleepingcomputer.com/news/security/chinese-cyberspies-are-targeting-us-eu-orgs-with-new-malware/ Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. “We now assess that espionage activity by UNC2630 and UNC2717 supports key Chinese government priorities, ” FireEye said in a follow-up report published on Thursday.

Kiristyshyökkäykset kaksinkertaistuneet vuodessa Eniten hyökkäyksiä tehdään terveydenhuollon järjestelmiin

www.kauppalehti.fi/uutiset/kiristyshyokkaykset-kaksinkertaistuneet-vuodessa-eniten-hyokkayksia-tehdaan-terveydenhuollon-jarjestelmiin/ed834387-35a3-4ae8-89d9-a0c5e500e50f Organisaatioihin kohdistuvissa kiristyshyökkäyksissä on tapahtunut 102 prosentin kasvu vuoden 2020 alkuun verrattuna, kertoo tietoturvayhtiö Check Point Research (CPR) tiedotteessaan. CPR mainitsee tiedotteessaan myös uudenlaisen “kolminkertaisen kiristyksen”, ja tienraivaajan kyseenalaisen kunnian saa suomalainen Vastaamo.

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

blog.malwarebytes.com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/ Conti ransomware is created and distributed by a group the cybersecurity industry has named Wizard Spider, the same Russian cybercriminal group that created the infamous Ryuk ransomware. It is offered to trusted affiliates as Ransomware-as-a-service (RaaS). Vitali Kremez: “Based on multiple incident response matters and current assessment, it is believed that Conti ransomware is linked to the same Ryuk ransomware developer group based on the code reuse and unique TrickBot distribution.”

Klarnan sovellus näytti muiden käyttäjien tietoja

www.tivi.fi/uutiset/tv/ae693adb-d89d-4932-98a4-c05f6bf0162d Osa Klarnan sovelluksen käyttäjistä pääsi torstaina näkemään toisten käyttäjien arkaluontoisiakin tietoja. Klarnan mukaan vika koski 31 minuutin ajan enintään 9500 asiakasta. Twitter-käyttäjä kertoo nähneensä nimet, puhelinnumerot, osoitteet, ostohistorian sekä osittaisia korttitietoja lukuisilta muilta käyttäjiltä.

Mexico walls off national lottery sites after ransomware DDoS threat

www.bleepingcomputer.com/news/security/mexico-walls-off-national-lottery-sites-after-ransomware-ddos-threat/ Access to Mexico’s Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. Avaddon ransomware operation stated that they successfully conducted an attack on ‘Pronosticos Deportivo, ‘ where they claim to have stolen data and then encrypted the devices. The ransomware gang also threatened to release more documents and to DDoS the victim’s website if negotiations did not begin within 240 hours.

FBI antaa varastetut salasanat nettipalvelulle

www.tivi.fi/uutiset/tv/a7781cc7-cec9-4bcb-9786-98c70e3534e0 FBI ryhtyy yhteistyöhön tunnetun Have I Been Pwned -verkkosivun kanssa. FBI luovuttaa sivustolle jatkossa salasanat, joihin se törmää rikostutkimuksissaan.

Deepfake Maps Could Really Mess With Your Sense of the World

www.wired.com/story/deepfake-maps-mess-sense-world/ Researchers applied AI techniques to make portions of Seattle look more like Beijing. Such imagery could mislead governments or spread misinformation online.

US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps

www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/ By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices. Experts approached by Bellingcat said that these findings represented serious breaches of security protocols and raised renewed questions about US nuclear weapons deployment in Europe.

M1racles – Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

arstechnica.com/gadgets/2021/05/apples-m1-chip-has-a-security-bug-but-dont-worry-its-mostly-harmless/ Technically, it’s a vulnerability, but there’s not much an attacker can do with it. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can’t be detectedor at least without specialized equipment.

Koronavilkusta korjattiin haavoittuvuus suomalaiset varoittivat Googlea jo elokuussa

www.is.fi/digitoday/tietoturva/art-2000008009832.html Koronavilkun Android-versiosta korjattiin haavoittuvuus, joka aiheutti lähinnä teoreettisen vaaran henkilöllisyyden paljastumiselle. Terveyden ja hyvinvoinnin laitos THL kertoo, että Suomesta kerrottiin aukosta Googlelle jo viime elokuussa.

You might be interested in …

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2021-02-01

Someväitteiden mukaan Vastaamo-uhrien pankkitilejä tyhjennetty – todellisuudessa kyse lienee kierosta huijauksesta Nordean ja OP:n nimissä www.is.fi/digitoday/tietoturva/art-2000007776104.html Suomessa on meneillään kehittynyt OP:n ja Nordean nimissä tehtävä tietojenkalastelu, joka sattuu samaan aikaan Vastaamon asiakastietojen aktiivisen leviämisen kanssa. – Vastaamo-tiedoissa ei ole ollut sellaisia tietoja, jotka tämän mahdollistaisivat. Siellä ei ole ollut esimerkiksi käyttäjätunnus ja salasana -pareja tai […]

Read More

Daily NCSC-FI news followup 2020-09-12

IT staffing firm Artech says ransomware attack led to data breach www.bleepingcomputer.com/news/security/it-staffing-firm-artech-says-ransomware-attack-led-to-data-breach/ Artech Information Systems, one of the largest US IT staffing companies, has disclosed a data breach caused by a ransomware attack that affected some of its systems during early January 2020. Its No Giggle: Managing Expectations for Vulnerability Disclosure threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ Vulnerability-disclosure policies (VDPs), […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.