Daily NCSC-FI news followup 2021-05-29

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

us-cert.cisa.gov/ncas/alerts/aa21-148a The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). CISA and FBI acknowledge open-source reporting attributing the activity discussed in the report to APT29 (also known as Nobelium, The Dukes, and Cozy Bear). However, CISA and FBI are investigating this activity and have not attributed it to any threat actor at this time.

New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

www.bleepingcomputer.com/news/security/new-epsilon-red-ransomware-hunts-unpatched-microsoft-exchange-servers/ A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

Hackers Exploit Post-COVID Return to Offices

threatpost.com/hackers-exploit-covid-office/166550/ The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices. The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. If a victim decides to interact (click) on either document a login panel appears and prompts the recipient to provide login credentials to access the files.

Using Fake Reviews to Find Dangerous Extensions

krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams.

Turvapuhelimissa häiriöitä Oulussa ja Jyväskylässä vaikutti pahimmillaan jopa tuhannen asiakkaan palveluun, Oulussa tilanne jo korjaantunut

yle.fi/uutiset/3-11954972 Turvapuhelimissa ilmenneet ongelmat ovat haitanneet Jyväskylän ja Oulun kaupungin turvapuhelinasiakkaita. Yhteensä häiriön piirissä on enimmillään ollut arviolta tuhatkunta asiakasta. Jyväskylän kaupungin tiedotteen mukaan operaattori Tele2:n maailmanlaajuinen ongelma ilmeni lauantaina klo 12.30. Häiriö hankaloittaa turvapuhelinasiakkaiden palvelua ja henkilöstön työtä.

You might be interested in …

Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible […]

Read More

Daily NCSC-FI news followup 2020-04-27

Ciscon USC-laitteet ovat vaarassa tuhoutua omin päin, mikäli ylläpitäjät eivät tilannetta ratkaise www.tivi.fi/uutiset/tv/be4dd0ae-92ab-4e18-8e9b-9d3a04adacb9 The Register kertoo, että 23:ssa Ciscon USC-malliston palvelimessa on ikävä vika. Ne nimittäin ottavat ja itsetuhoutuvat, kun niiden käyttöaika yltää 40 000 tuntiin. “Jos ssd-levy yltää 40 000 käyttötuntiin asti, levy muuttuu täysin käyttökelvottomaksi ja se on vaihdettava”, Cisco varoittaa asiakkaitaan. Lue […]

Read More

Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/ Cisco Webex bug allowed anyone to join a password-protected meeting www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.