Daily NCSC-FI news followup 2021-06-23

Suomalaiset menettäneet 13, 5 miljoonaa huijareille lue poliisin ohjeet

www.is.fi/digitoday/tietoturva/art-2000008078041.html Verkkohuijarit ovat vieneet suomalaisilta tänä vuonna 13, 5 miljoonaa euroa, joista lähes 5 miljoonaa pankkihuijauksin.

Huawei sai kylmää vettä niskaan Ruotsissa – Ericsson pelkää kostoa

www.tivi.fi/uutiset/tv/a3301f54-967e-482f-addf-6f3698eda710 Ruotsin turvallisuuspoliisin esittämät uhkakuvat vakuuttivat hallinto-oikeuden Huawein muodostamasta riskistä.

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework

therecord.media/mitre-releases-d3fend-defensive-measures-complimentary-to-its-attck-framework/ The basic idea behind D3FEND is that the framework will provide defensive techniques that system administrators can apply to counter the practices detailed in the ATT&CK matrix, a one-of-a-kind project that was set up in 2015 to catalog and index the most common offensive techniques used by threat actors in the real world.

French Spyware Executives Are Indicted for Aiding Torture

www.wired.com/story/french-spyware-executives-indicted-aiding-torture/ The managers are accused of selling tech to Libya and Egypt that was used to to identify activists, read private messages, and kidnap, torture, or kill them.

This secretive firm has powerful new hacking tools

www.wired.co.uk/article/phone-hacking-mollitiam-industries A secretive cyberintelligence firm claims to have created powerful hacking tools that can remotely monitor and take control of Android, MacOS and Windows devices. Designed for those looking to “investigate targets in tactical operations, ” Mollitiam Industries is promoting tools that are capable of the “anonymous interception, and the remote and invisible control of targets connected to the internet, ” according to documents seen by WIRED.

Microsoft warns: Now attackers are using a call centre to trick you into downloading ransomware

www.zdnet.com/article/microsoft-warns-now-attackers-are-using-a-call-centre-to-trick-you-into-downloading-ransomware/ Beware of phishing emails claiming your free trial subscription is over and that urge you to call a number to cancel it before you get slugged with monthly fees.

Guide for enterprises on how to prevent and deal with ransomware attacks

blog.checkpoint.com/2021/06/23/global-surge-in-ransomware-attacks-to-pay-or-not-to-pay-is-not-the-only-question/ Every week, more than 1, 200 organizations worldwide fall victim to a ransomware attack, and all enterprises without exceptions are at risk. The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The increase in attacks is also related to the availability of threats. Many hacker groups offer ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted.

Response When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators

www.crowdstrike.com/blog/how-falcon-complete-disrupts-ecrime-operators-wizard-spider/ In this blog, we describe a string of recent incidents in which the CrowdStrike Falcon Complete team observed a financially motivated eCrime operator (likely WIZARD SPIDER) use compromised external remote services (Microsoft Remote Desktop Protocol, or RDP) along with Cobalt Strike in an unsuccessful attempt to deploy ransomware. This activity indicates a notable increase in the adversary’s tactics to include RDP brute forcing along with their more traditional modus operandi for initial access via phishing or leveraging their partner networks of access brokers.

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

thehackernews.com/2021/06/unpatched-critical-flaw-affects-pling.html Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE).

SonicWall bug affecting 800K firewalls was only partially fixed

www.bleepingcomputer.com/news/security/sonicwall-bug-affecting-800k-firewalls-was-only-partially-fixed/ Turns out, the vulnerability was not properly patcheduntil now. As such a new vulnerability identifier, CVE-2021-20019 has been assigned to the flaw. SonicWall has now released advisories related to this vulnerability today, with further information on the fixed versions. also:

www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/

Strategies, tools, and frameworks for building an effective threat intelligence team

www.microsoft.com/security/blog/2021/06/22/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team/ In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Red Canary Director of Intelligence Katie Nickels, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team.

USB-based malware is a growing concern for industrial firms, new Honeywell findings show

www.cyberscoop.com/usb-malware-honeywell-cyber-risk/ The number of cyber threats designed to use USB sticks and other external media devices as launching pads doubled in 2021, according to new research from Honeywell, the industrial automation giant.

How to confuse antimalware neural networks. Adversarial attacks and protection

securelist.com/how-to-confuse-antimalware-neural-networks-adversarial-attacks-and-protection/102949/ In this article we attempt to attack our product anti-malware neural network models and check existing defense methods.

Vastaamon tietomurron uhrit tehneet 25 000 rikosilmoitusta kiristyksestä poliisi toivoo silti lisää ja aloittaa kuulemiset syksyllä

yle.fi/uutiset/3-11995066 Vastaamon tietomurron uhrit ovat tehneet poliisille ennätyksellisen paljon rikosilmoituksia. Poliisin arvion mukaan uhreja on kuitenkin useita tuhansia enemmän. Poliisi toivoo, että rikosilmoituksia tehtäisiin vielä ennen syksyä.

Tulsa warns of data breach after Conti ransomware leaks police citations

www.bleepingcomputer.com/news/security/tulsa-warns-of-data-breach-after-conti-ransomware-leaks-police-citations/ The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

Pakistan-linked hackers targeted Indian power company with ReverseRat

thehackernews.com/2021/06/pakistan-linked-hackers-targeted-indian.html A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. also:

blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/

Threat Update 43 Ransomware Early Warning: Brute Force

www.varonis.com/blog/threat-update-43-ransomware-early-warning-brute-force/ Join Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team as they talk about how monitoring for brute-force attempts helps organizations spot potential infiltration points or attempts to elevate rights. They will also review real-world examples of how to narrow down the source of the attempts to foil the attacker’s plans.

You might be interested in …

Daily NCSC-FI news followup 2021-06-25

Clop gang partners laundered $500 Million in ransomware payments thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. While the bust was […]

Read More

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Daily NCSC-FI news followup 2019-09-27

Some Voting Machines Still Have Decade-Old Vulnerabilities www.wired.com/story/voting-village-results-hacking-decade-old-bugs/ The results of the 2019 Defcon Voting Village are inand they paint an ugly picture for voting machine security.. In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.