Daily NCSC-FI news followup 2021-06-25

Clop gang partners laundered $500 Million in ransomware payments

thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. While the bust was seen as a major blow to the operations of the Clop gang, the hackers published earlier this week a fresh batch of confidential employee records stolen from a previously unknown victim on their dark web portal, raising the possibility that the arrested suspects may have been affiliates who play a lesser role in the operations.

Using VMs to hide ransomware attacks is becoming more popular

therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/ In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software.

Microsoft signed a malicious Netfilter rootkit

www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP.

The Ghosts of Mirai

www.fortinet.com/blog/threat-research/the-ghosts-of-mirai It has been almost five years since the source code of the notorious MIRAI IoT malware was released to the public by its author in late 2016. This event led to the emergence of numerous copycats, creating their own flavors of IoT botnet armies. Although improvements have been constantly added since then by various threat actors, the structure and goal of the campaigns have remained the same.

Mercedes-Benz data breach exposes SSNs, credit card numbers

www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/ The data breach exposed credit card information, social security numbers, and driver license numbers of under 1, 000 Mercedes-Benz customers and potential buyers.

Gaming industry under siege from cyberattacks during pandemic

www.welivesecurity.com/2021/06/24/gaming-industry-under-siege-cyberattacks-pandemic/ During the COVID-19 pandemic, the gaming industry has seen greater growth in cyberattacks than any other industry, according to content delivery network (CDN) provider Akamai. Web application attacks against gaming companies rose by 340 percent between 2019 and 2020 and by as much as 415 percent between 2018 and 2020.

Zyxel firewalls and VPNs under active cyberattack

thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html Zyxel is warning customers of an ongoing attack targeting a “small subset” of its security products such as firewall and VPN servers.

Cisco ASA Bug Now Actively Exploited

threatpost.com/cisco-asa-bug-exploited-poc/167274/ In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

Windows 11 won’t work without a TPM

www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/ Today, Microsoft announced the system requirements to upgrade or install Windows 11 and included a new PC Health Check tool that you can use to check if your hardware is compatible with Windows 11. With Windows 11, Microsoft has brought security to the forefront by requiring a TPM to be installed.

AWS Has Acquired Encrypted Messaging Service Wickr

techcrunch.com/2021/06/25/aws-is-buying-encrypted-messaging-service-wickr/ Amazon’s cloud services giant Amazon Web Services (AWS) is getting into the encrypted messaging business. The company has just announced that it has acquired secure communications service Wickr a messaging app that has geared itself towards providing services to government and military groups and enterprises. It claims to be the only “collaboration service” that meets security criteria set out by the NSA.

Pankkien nimissä huijattu tänä vuonna jo 5 miljoonaa euroa

www.kauppalehti.fi/uutiset/pankkien-nimissa-huijattu-tana-vuonna-jo-5-miljoonaa-euroa-poliisi-neuvoo-miten-huijauksen-voi-havaita/0f063943-7527-4616-b454-355f471c583e Poliisi varoittaa nousevasta rikosilmiöstä, jossa rikolliset kalastelevat verkkopankkitunnuksia pankkien verkkosivuja muistuttavien valesivustojen avulla. Verkkopankilta näyttäville valesivustoille päätyy useimmiten joko pankin nimissä saapuneen teksti- tai sähköpostiviestin kautta tai verkon hakukoneen hakutuloksista.

You might be interested in …

Daily NCSC-FI news followup 2019-06-11

Wi-Fi in the office convenient but risky www.kaspersky.com/blog/vulnerable-wi-fi/27250/ Almost every office has a Wi-Fi network today, and sometimes more than one. Who wants to connect laptops with a cable? And forget about smartphones and tablets! However, a wireless network can be a weak point in your IT infrastructure. Not all companies use complex and unique […]

Read More

Daily NCSC-FI news followup 2022-01-21

Haittaohjelma lietsoo pelkoa ei lähde edes Windowsin uudelleenasennuksella www.tivi.fi/uutiset/tv/521b1ca1-ab6f-4b27-8cbf-d0ec229cd3ca MoonBounce-niminen haittaohjelma on tehty toimimaan tietokoneen uefi-laiteohjelmistossa, joka vastaa tietokoneen käynnistämisestä. Haittaohjelma asentuu emolevyn flash-muistiin tietokoneen kovalevyn sijaan. Siksi käyttöjärjestelmän uudelleenasennus tai kovalevyn vaihto eivät poista haittaohjelmaa. Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui? yle.fi/uutiset/3-12268002?origin=rss Valtionyhtiö Cinia kiertää […]

Read More

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.