Daily NCSC-FI news followup 2021-06-08

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/ The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. Lisäksi:

thehackernews.com/2021/06/us-recovers-23-million-ransom-paid-to.html. Lisäksi:

threatpost.com/fbi-claws-back-millions-darksides-ransom/166705/. Lisäksi: yle.fi/uutiset/3-11970237

StackOverflow, Twitch, Reddit, others down in Fastly CDN outage

www.bleepingcomputer.com/news/security/stackoverflow-twitch-reddit-others-down-in-fastly-cdn-outage/ Major websites around the world are either completely down or not loading properly in a global outage. Lisäksi:

status.fastly.com/. Lisäksi:

www.wired.com/story/fastly-cdn-internet-outages-2021/

Tällainen on suomalaisten puhelimia riivaava haittaohjelma: Näin se leviää ja varastaa tietosi ja näin pääset siitä eroon

www.is.fi/digitoday/tietoturva/art-2000008034177.html Viime viikon torstaina alkanut suomalaisten puhelimiin kohdistunut haittaohjelmien levityskampanja on erilainen kuin aiemmin Suomessa nähdyt ja luonteeltaan poikkeuksellisen aggressiivinen. Lisäksi:

www.kyberturvallisuuskeskus.fi/fi/tekstiviestitse-levitettavat-android-haittaohjelmat

“Asensin videon, jossa masturboit” varo tätä kiristysviestiä!

www.iltalehti.fi/tietoturva/a/35c6b655-05ad-4b67-a20e-e1ef422db953 Niin sanotut pornokiristäjät ovat taas aktivoituneet ja alkaneet lähettää suomalaisille kiristysviestejä. Näissä viesteissä väitetään, että vastaanottajan koneelle on saatu asennettua virus, jonka avulla tämän vierailuja pornosivustoilla on pystytty seuraamaan. Lisäksi:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/pornokiristyksia-runsaasti-liikkeella-ala-usko-huijarien-vaitteita

FBI and Australian police ran an encrypted chat platform to catch criminal gangs

therecord.media/fbi-and-australian-police-ran-an-encrypted-chat-platform-to-catch-criminal-gangs/ The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years. Lisäksi:

yle.fi/uutiset/3-11970836?. Lisäksi:

hotforsecurity.bitdefender.com/blog/criminal-networks-smashed-after-using-secure-chat-app-secretly-run-by-cops-25948.html.

blog.malwarebytes.com/reports/2021/06/800-arrested-after-police-dupe-criminals-with-backdoored-message-service-an0m/

Novel Victory’ Backdoor Spotted in Chinese APT Campaign

threatpost.com/victory-backdoor-apt-campaign/166700/ Researchers said the malware has been under development for at least three years. An ongoing surveillance operation has been uncovered that targets a Southeast Asian government, researchers said using a previously unknown espionage malware. Lisäksi:

research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/

TrickBot indictment reveals the scale and complexity of organized cybercrime

blog.malwarebytes.com/cybercrime/2021/06/trickbot-indictment-reveals-the-scale-and-complexity-of-organized-cybercrime/ Back in 2016, we saw the emergence of a botnet mainstay called TrickBot. Initially observed by our Labs team spreading via malvertising campaigns, it quickly became a major problem for businesses everywhere. Whether spread by malvertising or email spam, the end result was the same. Data exfiltration and the threat of constant reinfection were the order of the day.

New UAF Vulnerability Affecting Microsoft Office to be Patched Today

thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. Lisäksi:

research.checkpoint.com/2021/fuzzing-the-office-ecosystem/

Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild

www.zdnet.com/article/microsoft-june-2021-patch-tuesday-50-vulnerabilities-patched-including-six-zero-days-exploited-in-the-wild/ Six out of seven zero-days are being actively used in cyberattacks. Lisäksi:https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/

Four Security Vulnerabilities were Found in Microsoft Office

blog.checkpoint.com/2021/06/08/four-security-vulnerabilities-were-found-in-microsoft-office/ Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft Office suite, including Excel and Office online. Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook.

PuzzleMaker attacks with Chrome zero-day exploit chain

securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. Lisäksi:

www.bleepingcomputer.com/news/security/windows-10-targeted-by-puzzlemaker-hackers-using-chrome-zero-days/

You might be interested in …

Daily NCSC-FI news followup 2020-04-24

New Training: on orchestration of CSIRT Tools www.enisa.europa.eu/news/enisa-news/csirt-training-tools-new-orchestration The EU agency for Cybersecurity introduces new training materials to support Member States’ CSIRTs. ENISA puts great effort into supporting the development of EU Member States’ national incident response preparedness. To that purpose, ENISA updated its CSIRT training material aimed at improving the skills of CSIRT teams. […]

Read More

Daily NCSC-FI news followup 2021-03-06

Chinas RedEcho accused of targeting Indias power grids blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/ RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future [PDF].. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and […]

Read More

Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.