Daily NCSC-FI news followup 2021-07-28

2021 Global IoT Trends Report

www.newark.com/iot-trends-2021 We reached out to our global customer base with an IoT survey between September 2020 and December 2020. We got 2,095 completed questionnaires, primarily from engineers of IoT solutions, in 60 countries.

S.Africa’s Port Terminals Still Disrupted Days After Cyber-Attack

www.securityweek.com/safricas-port-terminals-still-disrupted-days-after-cyber-attack The attack has affected ports in Durban — the busiest in sub-Saharan Africa — as well as Cape Town, Port Elizabeth and Ngqura, Transnet said in the “confidential” notice seen by AFP on Tuesday.. “It’s a nightmare. It’s just a catastrophe, frankly,” [consultant Dave Watts] said, noting that the disruption had occurred at the peak of the citrus export season, when South African farmers were rushing to get their produce to foreign markets. “It’s a perfect storm”.

Huijausviestit ovat aiempia kavalampia: Vanhat opit eivät enää päde Katso neljä helppoa tietoturvavinkkiä

www.kauppalehti.fi/uutiset/huijausviestit-ovat-aiempia-kavalampia-vanhat-opit-eivat-enaa-pade-katso-nelja-helppoa-tietoturvavinkkia/0d0f7508-fe91-49a5-aaff-b29099b1bd13 Huijaustekstiviesteistä ja -puheluista on tullut osa suomalaisten arkea. Huijareiden soitto- ja tekstiviestilistoilla on kymmeniä, jopa satojatuhansia suomalaisnumeroita, kertoo F-Securen tutkimusjohtaja, tietoturva-asiantuntija Mikko Hyppönen.

Biden: If U.S. has ‘real shooting war’ it could be result of cyber attacks

www.reuters.com/world/biden-warns-cyber-attacks-could-lead-a-real-shooting-war-2021-07-27/ “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence.. President Joe Biden on Tuesday warned that if the United States ended up in a “real shooting war” with a “major power” it could be the result of a significant cyber attack on the country, highlighting what Washington sees as growing threats posed by Russia and China.

Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam

www.theregister.com/2021/07/27/youtube_channel_tech_scam/ “So to prove that anyone can be scammed,” Browning announced via Twitter following the attack, “I was convinced to delete my YouTube channel because I was convinced I was talking [to YouTube] support. I never lost control of the channel, but the sneaky s**t managed to get me to delete the channel. Hope to recover soon.”

LockBit ransomware now encrypts Windows domains using group policies

www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/ In samples of the LockBit 2.0 ransomware discovered by MalwareHunterTeam and analyzed by BleepingComputer and Vitali Kremez, the threat actors have automated this process so that the ransomware distributes itself throughout a domain when executed on a domain controller.. LockBit 2.0 also includes a feature previously used by the Egregor Ransomware operation that print bombs the ransom note to all networked printers.

BlackMatter ransomware targets companies with revenue of $100 million and more

therecord.media/blackmatter-ransomware-targets-companies-with-revenues-of-100-million-and-more/ A new ransomware gang launched into operation this week, claiming to combine the best features of the now-defunct Darkside and REvil ransomware groups, Recorded Future analysts have discovered.. Per the BlackMatter gang, the networks need to have between 500 and 15,000 hosts and be located in the US, the UK, Canada, or Australia.. The BlackMatter group says it is willing to pay up to $100,000 for exclusive access to any of these high-value networks.

The FBI Is Locating Cars By Spying On Their WiFi

www.forbes.com/sites/thomasbrewster/2021/07/22/the-fbi-is-using-stingray-smartphone-surveillance-to-locate-cars-and-spy-on-their-wifi/ Many people dont realize that modern cars arent just wheels and an engine anymore, they are computers and cellphones too, says Nate Wessler, deputy director of the ACLU Speech, Privacy, and Technology Project. These features offer convenience and efficiency to drivers, but they also generate sensitive information about where we go and what we do. Strong privacy protections are . important for this kind of vehicle information, just as they are for information generated by our cell phones and laptops.

Jokaisesta Suomen rakennuksesta tehdään kolmiulotteinen mallinnus oman talon 3D-kuvaa voi tulevaisuudessa tarkastella nettisivuilta

yle.fi/uutiset/3-12030975 Tällä hetkellä Maanmittauslaitoksen laserkeilausaineistoa voi ladata käyttöönsä tiedostospalvelun kautta avoimena aineistona. Puolustusvoimat pitää kuitenkin koko Suomen kattavaa tarkkaa laserkeilattua aineistoa kokonaisturvallisuuden kannalta sellaisena, että uuden aineiston käyttö tulee vaatimaan käyttöoikeuden.

Half of vulnerabilities Singapore government finds via bounties, disclosures are valid

www.zdnet.com/article/half-of-vulnerabilities-singapore-government-finds-via-bounties-disclosures-are-valid/ Half of [more than 1000] security vulnerability reports the Singapore government received via bug bounties and public disclosure schemes have been ascertained to be valid. The public sector also recorded a 44% increase in data incidents over the past year, though, none were assessed to be of “high severity”.

A sextortion e-mail from…IT support?!

isc.sans.edu/diary/rss/27682 n the text, the sender claims to work for an IT service company […], which was engaged by recipients e-mail provider. This was supposed to give the sender access to the e-mail providers user database and among other information online traffic of individual users.

Russia disconnects from internet in tests as it bolsters security – RBC daily

www.reuters.com/technology/russia-disconnected-global-internet-tests-rbc-daily-2021-07-22/ MOSCOW, July 22 (Reuters) – Russia managed to disconnect itself from the global internet during tests in June and July, the RBC daily reported on Thursday, citing documents from the working group tasked with improving Russia’s internet security.

Back-alley firms meddle in elections and promote falsehoods on behalf of clients who can claim deniability, escalating our era of unreality.

www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html Commercial firms conducted for-hire disinformation in at least 48 countries last year nearly double from the year before, according to an Oxford University study. The researchers identified 65 companies offering such services.. [Paywalled, text at https://catless.ncl.ac.uk/Risks/32/78#subj10]

The Inevitable Weaponization of App Data Is Here

www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app It finally happened. After years of warning from researchers, journalists, and even governments, someone used highly sensitive location data from a smartphone app to track and publicly harass a specific person.. The data itself didn’t contain each mobile phone user’s real name, but The Pillar and its partner were able to pinpoint which device belonged to Burill by observing one that appeared at the USCCB staff residence and headquarters, locations of meetings that he was in, as well as his family lake house and an apartment that has him listed as a resident. . In other words, they managed to, as experts have long said is easy to do, unmask this specific person and their movements across time from an supposedly anonymous dataset.. Also


Mass hacking of Taiwan politicians’ LINE accounts sparks national security concerns

www.taiwannews.com.tw/en/news/4259770 The Liberty Times revealed Wednesday (July 28) that government officials and public figures across the political spectrum have been hacking victims on the widely used messaging app. They include high-level Cabinet officials, military personnel, and city leaders.

I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona

www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media TA456, an Iranian-state aligned actor, spent years masquerading as the persona Marcella Flores in an attempt to infect the machine of an employee of an aerospace defense contractor with malware.

How foreign hackers weaponised Indias cybersecurity shield

the-ken.com/story/how-foreign-hackers-weaponised-indias-cybersecurity-shield/ Between 7-14 July, hackers took down the two-factor authentication system the Indian government uses to secure its email network three separate times. The inboxes of countless government officials, including the secretary of MeitY, were compromised.. [The] unidentified hacker group destabilised the governments email infrastructure, causing [MFA] to malfunction. Authorities had little choice but to disable [MFA] for a few hours in order to restore email access. In this window, the hackers set to work sweeping through the email inboxes of accounts they had already compromised through phishing or other means.

Critical 9.9 Vulnerability In Hyper-V Allowed Attackers To Exploit Azure

www.guardicore.com/labs/critical-vulnerability-in-hyper-v-allowed-attackers-to-exploit-azure/ Vulnerabilities like CVE-2021-28476 demonstrate the risks that a shared resource model (e.g. a public cloud) brings. Indeed, in cases of shared infrastructures, even simple bugs can lead to devastating results like denial of service and remote code execution.

Chinas Digital Colonialism: Espionage and Repression Along the Digital Silk Road

go.recordedfuture.com/hubfs/reports/cta-2021-0727.pdf Many developing countries are vulnerable to the exploitation of their data by corporations and powerful governments due to a lack of direct experience in cyber defense and an eagerness to catch up with competitors through rapid digitalization. The 8 case studies in this report serve as examples from Africa, Latin America, and Southwest Asia.

Top Routinely Exploited Vulnerabilities

us-cert.cisa.gov/ncas/alerts/aa21-209a This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdoms National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). . This advisory provides details on the top 30 vulnerabilitiesprimarily Common Vulnerabilities and Exposures (CVEs)routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

Northern Ireland’s COVID certification service suspended after data leak

www.bleepingcomputer.com/news/security/northern-irelands-covid-certification-service-suspended-after-data-leak/ Northern Ireland’s Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of COVIDCert NI app were presented with data of other users, under certain circumstances, says the Department.

Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report

unit42.paloaltonetworks.com/ransomware-families/ In the first quarter (Q1) of 2021, Unit 42 detected 113 different ransomware families in the wild. Based on the statistical data, the top 15 ransomware families only cover 52.3% of total ransomware cases. This demonstrates the diversity of ransomware and emphasizes how difficult it is to expand ransomware detection coverage with static profiling.

VPN servers seized by Ukrainian authorities werent encrypted

arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/ Privacy tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them.

You might be interested in …

Daily NCSC-FI news followup 2020-08-14

NSA and FBI Cybersecurity Advisory – Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant […]

Read More

Daily NCSC-FI news followup 2019-10-16

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Docker Containers Riddled with Graboid Crypto-Worm […]

Read More

Daily NCSC-FI news followup 2019-12-22

Florida man jailed for over five years after cyberstalking schoolmate, posting threats www.zdnet.com/article/man-jailed-for-over-five-years-after-cyberstalking-schoolmate-posting-threats/ One Day, Three Credit Card Data Breach Notifications www.bleepingcomputer.com/news/security/one-day-three-credit-card-data-breach-notifications/ On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.