Daily NCSC-FI news followup 2021-06-01

Ruotsi ja Norja vaativat Tanskalta selvitystä vakoiluväitteistä

yle.fi/uutiset/3-11955732 Mediatietojen mukaan Tanskan puolustusministeri olisi tiennyt jo viime elokuussa, että Yhdysvaltain Kansallisen turvallisuuden virasto NSA on vakoillut Tanskan kautta useiden liittolaismaiden poliitikkoja ja virkamiehiä. Ruotsin ja Norjan puolustusministerit vaativat Tanskalta selvitystä mediatiedoista, joiden mukaan Yhdysvallat olisi vakoillut Tanskan kautta niiden poliitikkoja ja virkamiehiä, kertoo muun muassa Tanskan yleisradioyhtiö DR.

US seizes domains used by APT29 in recent USAID phishing attacks

www.bleepingcomputer.com/news/security/us-seizes-domains-used-by-apt29-in-recent-usaid-phishing-attacks/ The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks.

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/ The Kimsuky APTalso known as Thallium, Black Banshee, and Velvet Chollimais a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. The Malwarebytes Threat Intelligence team is actively monitoring this actor and has been able to spot phishing websites, malicious documents, and scripts that have been used to target high profile people within the government of South Korea.

World’s biggest meat supplier, JBS, suffers cyber attack

grahamcluley.com/worlds-biggest-meat-supplier-jbs-suffers-cyber-attack/ The world’s largest meat supplier, JBS, says that it has suffered a cyber attack against its IT systems in North America and Australia impacting its ability to “process” thousands of cattle, sheep, and pigs. The security incident, first spotted on Sunday, has not been officially confirmed to a be a ransomware attack but I think anyone hearing the news would not be surprised if a ransomware gang was to blame.

JBS ransomware attack likely came from a Russian group, White House says

therecord.media/jbs-ransomware-attack-likely-came-from-a-russian-group-white-house-says/ A cyberattack that shut down some operations at JBS, a major meat processor with plants across Australia and the Americas, is believed to be a ransomware incident originating from a criminal organization based in Russia, the White House said Tuesday. JBS first disclosed details about the attack on Monday, calling it “an organized cybersecurity attack” that affected some of the servers supporting its IT systems in North America and Australia. According to press reports, White House spokeswoman Karine Jean-Pierre told reporters on Air Force One that the Brazil-based meatpacker notified the Biden administration Sunday that it was a ransomware attack. “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harber ransomware criminals, ” Jean-Pierre said, adding that the FBI is investigating the incident.

Critical WordPress plugin zero-day under active exploitation

www.bleepingcomputer.com/news/security/critical-wordpress-plugin-zero-day-under-active-exploitation/ Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content. The security flaw is a critical severity remote code execution (RCE) vulnerability discovered by Wordfence security analyst Charles Sweethill on Monday.

You might be interested in …

Daily NCSC-FI news followup 2019-07-06

ACSC Releases Updated Essential Eight Maturity Model www.us-cert.gov/ncas/current-activity/2019/07/05/acsc-releases-updated-essential-eight-maturity-model The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential EightACSCs list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model […]

Read More

Daily NCSC-FI news followup 2020-03-30

Revealed: Saudis suspected of phone spying campaign in US www.theguardian.com/world/2020/mar/29/revealed-saudis-suspected-of-phone-spying-campaign-in-us Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US, according to a whistleblower who has shown the Guardian millions of alleged secret tracking requests. Emotet: Dangerous Malware Keeps on Evolving medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de […]

Read More

Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.