Daily NCSC-FI news followup 2021-06-13

Malware disguised as antivirus protection

www.kaspersky.com/blog/malware-disguised-as-antivirus/40252/ In almost every post about Android, we recommend installing apps from official sources only, and that wont change anytime soon. A recent example illustrates why: Scammers were spreading a banking Trojan disguised as popular media players, a fitness app, a book reader, and one that hit close to home, Kaspersky Internet Security for Android. Nothing is wrong with third-party app marketplaces per se, but no one can know for sure whether any given store is trustworthy. In an official Android app store, be it Google Play or Huawei AppGallery, employees of the respective owner companies screen every application submitted by developers, weeding out any that are clearly malicious.

Why Cyber Attacks Against Film And Media Industries Are Escalating

www.forbes.com/sites/davidbalaban/2021/06/11/why-cyber-attacks-against-film-and-media-industries-are-escalating/ The entertainment industry is a gigantic ever-accelerating hype train everyone wants to ride. Movie lovers are obsessively tuned for new blockbuster releases and suffer a frustrating setback if they miss another episode of a favorite TV show. Video production companies are now busier than ever creating fresh content, with the pandemic-borne lockdowns forcing millions to immerse themselves deeper in the digital world and causing a greater demand for OTT media stuff that is fun to watch at home. Celebrities get mileage out of the boom, too, by stepping up their repertoire.

Intuit notifies customers of hacked TurboTax accounts

www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-hacked-turbotax-accounts/ Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. In a breach notification letter sent to affected customers earlier this month, the company said that this was not a “systemic data breach of Intuit.” In account takeover attacks, cybercriminals gain access to their victims’ accounts using credentials stolen from other online services following past data breaches.

Five Arrested for Allegedly Laundering Nearly $1 Million from Business Email Compromise Fraud

www.justice.gov/usao-wdtx/pr/five-arrested-allegedly-laundering-nearly-1-million-business-email-compromise-fraud A federal grand jury indictment unsealed today charges five individuals for laundering nearly $1 million derived from a Business Email Compromise (BEC) scheme. FBI agents and local authorities arrested the defendants yesterday without incident. In a BEC scheme, scammers target businesses and individuals making wire transfer payments, especially those employees with access to company finances. The scammers trick the employees into wiring payments to bank accounts they believe belong to trusted partners but that are actually controlled by the fraudsters.

Interpol shuts down thousands of fake online pharmacies

www.bleepingcomputer.com/news/security/interpol-shuts-down-thousands-of-fake-online-pharmacies/ The Interpol (International Criminal Police Organisation) has taken down thousands of online marketplaces that posed as pharmacies and pushed dangerous fake and illicit drugs and medicine. This record number of illicit online pharmacies was shut down during Operation Pangea XIV, which targeted online sellers of counterfeit and illegal pharmaceuticals and medical devices.

Asiantuntijat näkevät Suomen hajanaisessa kyberpuolustuksessa Vastaamon kaltaisia aukkoja suurillekin iskuille

yle.fi/uutiset/3-11979008 Liikenne- ja viestintäministeriö julkaisi tällä viikolla kaksi ohjelmaa, joilla halutaan estää muun muassa Vastaamon kaltaisia tapauksia paremmin. Puolassa annettiin valheellinen ilmoitus radioaktiivisesta uhasta, kun ydinturvallisuusviranomaisten nettisivut hakkeroitiin. Hakkerit varastivat Euroopan lääkevirastosta asiakirjoja koronarokotteisiin liittyen. Nämä ovat pari esimerkkiä pelkästään tänä vuonna maailmalla tapahtuneista kyberiskuista. Vaikka kyberturvallisuudesta on puhuttu laajalti Suomessa viime vuosina, osa asiantuntijoista katsoo, että Suomen kyky varautua laaja-alaisiin kyberiskuihin on puutteellinen. Myös:

www.is.fi/digitoday/tietoturva/art-2000008050090.html

You might be interested in …

Daily NCSC-FI news followup 2020-01-23

Increased Emotet Malware Activity www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute […]

Read More

Daily NCSC-FI news followup 2020-09-24

#InstaHack: how researchers were able to take over the Instagram App using a malicious image blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/ Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to […]

Read More

Daily NCSC-FI news followup 2019-11-24

CNAME Cloaking, the dangerous disguise of third-party trackers medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a What has started to happen in the last few months in the world of third-party tracking is having a major impact on peoples privacy, and it all stayed pretty much under the radar. How to Avoid Black Friday Scams Online www.wired.com/story/how-to-avoid-black-friday-scams-online/ Black Friday attracts crowds, and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.