Daily NCSC-FI news followup 2021-06-26

Microsoft says SolarWinds hacking group has breached three new victims

therecord.media/microsoft-says-solarwinds-hacking-group-has-breached-three-new-victims/ Microsoft said on Friday that it discovered new cyberattacks carried out by Nobelium, the codename the company has assigned to the Russian state-sponsored hacking group responsible for the SolarWinds hack last year. Direct link to Microsoft report:

msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/

Microsoft admits to signing rootkit malware in supply-chain fiasco

www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/ Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called “Netfilter, ” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. Link to Microsoft report:

msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/

PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry

threatpost.com/ps3-players-ban-attacks-gaming/167303/ Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network. A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform. This is just the latest in a shocking spike in attacks on unsuspecting gamers.

You might be interested in …

Daily NCSC-FI news followup 2021-11-28

North Korean hackers posed as Samsung recruiters to target security researchers therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/ North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report. “The emails included a PDF […]

Read More

Daily NCSC-FI news followup 2021-10-24

Verkkopankkitunnusten kalastelu jyrkässä nousussa yle.fi/uutiset/3-12157789 Tänä vuonna tehdään ennätyksiä tunnuskalasteluun menneissä rahamäärissä, sanoo tietoturva-asiantuntija Ville Kontinen liikenne- ja viestintävirasto Traficomista. Poliisin kyberrikostorjuntakeskuksen tietojen mukaan verkkopankkitunnusten kalastelulla on aiheutettu tänä vuonna jo yli 8, 5 miljoonan euron vahingot. Valeverkkopankkeihin on kirjautunut tänä vuonna jo satoja suomalaisia. BlackMatter ransomware victims quietly helped using secret decryptor www.bleepingcomputer.com/news/security/blackmatter-ransomware-victims-quietly-helped-using-secret-decryptor/ Cybersecurity […]

Read More

Daily NCSC-FI news followup 2021-04-23

Vakava tietomurto valtion palvelimilla rikosilmoitus tehty jo www.tivi.fi/uutiset/tv/bc5371d1-14f5-4dac-897e-0042cbf25e03 Valtion tieto- ja viestintätekniikkakeskus Valtori tiedotti torstaina valtionhallinnon yhteisessä it-ympäristössä todetusta haavoittuvuudesta. Palvelinsovelluksessa ollut haavoittuvuus kosketti useita valtionhallinnon virastoja, joihin Valtori on ollut yhteydessä. Amerikkalaismedia varoitti Suomen poliisia kiistanalaisen kasvojentunnistusohjelman käytöstä KRP kompuroi vastauksessaan yle.fi/uutiset/3-11898702 Poliisi on luopunut Clearview AI -kasvojentunnistusohjelman käytöstä. Ransomware by the numbers: Reassessing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.