Daily NCSC-FI news followup 2021-06-23

Suomalaiset menettäneet 13, 5 miljoonaa huijareille lue poliisin ohjeet

www.is.fi/digitoday/tietoturva/art-2000008078041.html Verkkohuijarit ovat vieneet suomalaisilta tänä vuonna 13, 5 miljoonaa euroa, joista lähes 5 miljoonaa pankkihuijauksin.

Huawei sai kylmää vettä niskaan Ruotsissa – Ericsson pelkää kostoa

www.tivi.fi/uutiset/tv/a3301f54-967e-482f-addf-6f3698eda710 Ruotsin turvallisuuspoliisin esittämät uhkakuvat vakuuttivat hallinto-oikeuden Huawein muodostamasta riskistä.

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework

therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/ The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.

French Spyware Executives Are Indicted for Aiding Torture

www.wired.com/story/french-spyware-executives-indicted-aiding-torture/ The managers are accused of selling tech to Libya and Egypt that was used to to identify activists, read private messages, and kidnap, torture, or kill them.

This secretive firm has powerful new hacking tools

www.wired.co.uk/article/phone-hacking-mollitiam-industries A secretive cyberintelligence firm claims to have created powerful hacking tools that can remotely monitor and take control of Android, MacOS and Windows devices. Designed for those looking to “investigate targets in tactical operations, ” Mollitiam Industries is promoting tools that are capable of the “anonymous interception, and the remote and invisible control of targets connected to the internet, ” according to documents seen by WIRED.

Microsoft warns: Now attackers are using a call centre to trick you into downloading ransomware

www.zdnet.com/article/microsoft-warns-now-attackers-are-using-a-call-centre-to-trick-you-into-downloading-ransomware/ Beware of phishing emails claiming your free trial subscription is over and that urge you to call a number to cancel it before you get slugged with monthly fees.

Guide for enterprises on how to prevent and deal with ransomware attacks

blog.checkpoint.com/2021/06/23/global-surge-in-ransomware-attacks-to-pay-or-not-to-pay-is-not-the-only-question/ Every week, more than 1, 200 organizations worldwide fall victim to a ransomware attack, and all enterprises without exceptions are at risk. The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The increase in attacks is also related to the availability of threats. Many hacker groups offer ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted.

Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators

www.crowdstrike.com/blog/how-falcon-complete-disrupts-ecrime-operators-wizard-spider/ In this blog, we describe a string of recent incidents in which the CrowdStrike Falcon Complete team observed a financially motivated eCrime operator (likely WIZARD SPIDER) use compromised external remote services (Microsoft Remote Desktop Protocol, or RDP) along with Cobalt Strike in an unsuccessful attempt to deploy ransomware. This activity indicates a notable increase in the adversary’s tactics to include RDP brute forcing along with their more traditional modus operandi for initial access via phishing or leveraging their partner networks of access brokers.

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE).

SonicWall bug affecting 800K firewalls was only partially fixed

www.bleepingcomputer.com/news/security/sonicwall-bug-affecting-800k-firewalls-was-only-partially-fixed/ Turns out, the vulnerability was not properly patcheduntil now. As such a new vulnerability identifier, CVE-2021-20019 has been assigned to the flaw. SonicWall has now released advisories related to this vulnerability today, with further information on the fixed versions. also:

www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/

Strategies, tools, and frameworks for building an effective threat intelligence team

www.microsoft.com/security/blog/2021/06/22/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team/ In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Red Canary Director of Intelligence Katie Nickels, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team.

USB-based malware is a growing concern for industrial firms, new Honeywell findings show

www.cyberscoop.com/usb-malware-honeywell-cyber-risk/ The number of cyber threats designed to use USB sticks and other external media devices as launching pads doubled in 2021, according to new research from Honeywell, the industrial automation giant.

How to confuse antimalware neural networks. Adversarial attacks and protection

securelist.com/how-to-confuse-antimalware-neural-networks-adversarial-attacks-and-protection/102949/ In this article we attempt to attack our product anti-malware neural network models and check existing defense methods.

Vastaamon tietomurron uhrit tehneet 25 000 rikosilmoitusta kiristyksestä poliisi toivoo silti lisää ja aloittaa kuulemiset syksyllä

yle.fi/uutiset/3-11995066 Vastaamon tietomurron uhrit ovat tehneet poliisille ennätyksellisen paljon rikosilmoituksia. Poliisin arvion mukaan uhreja on kuitenkin useita tuhansia enemmän. Poliisi toivoo, että rikosilmoituksia tehtäisiin vielä ennen syksyä.

Tulsa warns of data breach after Conti ransomware leaks police citations

www.bleepingcomputer.com/news/security/tulsa-warns-of-data-breach-after-conti-ransomware-leaks-police-citations/ The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

Pakistan-linked hackers targeted Indian power company with ReverseRat

thehackernews.com/2021/06/pakistan-linked-hackers-targeted-indian.html A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. also:

blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/

Threat Update 43 Ransomware Early Warning: Brute Force

www.varonis.com/blog/threat-update-43-ransomware-early-warning-brute-force/ Join Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team as they talk about how monitoring for brute-force attempts helps organizations spot potential infiltration points or attempts to elevate rights. They will also review real-world examples of how to narrow down the source of the attempts to foil the attacker’s plans.

You might be interested in …

Daily NCSC-FI news followup 2020-12-11

AIVD exposes espionage network in the Netherlands; two Russian intelligence officers forced to leave the country english.aivd.nl/latest/news/2020/12/10/aivd-exposes-espionage-network-in-the-netherlands-two-russian-intelligence-officers-forced-to-leave-the-country Recently the General Intelligence and Security Service (“Algemene Inlichtingen- en Veiligheidsdienst” AIVD) disrupted the covert activities of an intelligence officer of the Russian civil intelligence agency SVR. The intelligence officer – who worked at the Russian Embassy in […]

Read More

Daily NCSC-FI news followup 2020-03-01

Switzerland files criminal complaint over Crypto spying scandal www.reuters.com/article/us-swiss-spying-crypto/switzerland-files-criminal-complaint-over-crypto-spying-scandal-idUSKBN20O1VD The Swiss government has filed a criminal complaint over the U.S. Central Intelligence Agencys alleged use of a cryptography company as a front to spy on various governments secret communications, the Swiss attorney generals office said on Sunday.. The complaint against persons unknown for alleged breaches […]

Read More

Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.