Daily NCSC-FI news followup 2021-08-02

Pegasus spyware found on journalists’ phones, French intelligence confirms

www.theguardian.com/news/2021/aug/02/pegasus-spyware-found-on-journalists-phones-french-intelligence-confirms Announcement is first time an independent and official authority has corroborated Pegasus project findings

‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware

www.nbcnews.com/tech/social-media/i-will-not-be-silenced-women-targeted-hack-leak-attacks-n1275540 Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.html A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced, stealthy adversary under the moniker “Praying Mantis” or “TG2021.”

A Cold War is raging in cyberspace. Here’s how countries are preparing their defenses

www.zdnet.com/article/a-cold-war-is-raging-in-cyberspace-heres-how-countries-are-preparing-their-defenses/ Much like conventional militaries, countries also need to perform occasional drills of their cybersecurity defenses. Instead of soldiers and tanks, these involve virtual machines and months of pestering executives for their login credentials.

Hackers shut down system for booking COVID-19 shots in Italy’s Lazio region

www.reuters.com/world/europe/hackers-shut-down-system-booking-covid-19-shots-italys-lazio-region-2021-08-01/ Hackers have attacked and shut down the IT systems of the company that manages COVID-19 vaccination appointments for the Lazio region surrounding Rome, the regional government said on Sunday.

An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil

therecord.media/an-interview-with-blackmatter-a-new-ransomware-group-thats-learning-from-the-mistakes-of-darkside-and-revil/

Ransomware operators love them: Key trends in the Initial Access Broker space

www.zdnet.com/article/ransomware-operators-love-them-key-trends-in-the-initial-access-broker-space/ In a threat actor’s mind, take out the legwork, reap the proceeds of blackmail.

Windows 10 to automatically block potentially unwanted apps

www.bleepingcomputer.com/news/microsoft/windows-10-to-automatically-block-potentially-unwanted-apps/ Microsoft Defender and Microsoft Edge on Windows 10 will automatically block potentially unwanted applications (PUAs) by default starting this month.

Windows PetitPotam attacks can be blocked using new method

www.bleepingcomputer.com/news/microsoft/windows-petitpotam-attacks-can-be-blocked-using-new-method/ The good news is that researchers have figured out a way to block the remote unauthenticated PetitPotam attack vector using NETSH filters without affecting local EFS functionality.

PwnedPiper vulnerabilities impact 80% of major hospitals in North America

therecord.media/pwnedpiper-vulnerabilities-impact-80-of-major-hospitals-in-north-america/ Details have been published today about a collection of nine vulnerabilities known as PwnedPiper that impact common a type of medical equipment that’s installed in roughly 80% of all major hospitals in North America.

You might be interested in …

Daily NCSC-FI news followup 2020-04-20

Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730 – From what we found even those who use VPNs are at risk even more so than usual. Read below to see how and what to do about it. The main objective of these attacks was the exfiltration of intellectual property, such as documents on integrated […]

Read More

Daily NCSC-FI news followup 2021-06-08

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/ The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. Lisäksi: thehackernews.com/2021/06/us-recovers-23-million-ransom-paid-to.html. Lisäksi: threatpost.com/fbi-claws-back-millions-darksides-ransom/166705/. Lisäksi: yle.fi/uutiset/3-11970237 StackOverflow, Twitch, Reddit, others down in Fastly CDN outage www.bleepingcomputer.com/news/security/stackoverflow-twitch-reddit-others-down-in-fastly-cdn-outage/ Major websites […]

Read More

Daily NCSC-FI news followup 2020-09-17

Ransomware attack at German hospital leads to death of patient www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/ A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack. www.is.fi/digitoday/tietoturva/art-2000006638568.html Postin nimissä lähetettäviä huijaustekstiviestejä tulee suomalaisille hyvin aktiivisesti. Ilta-Sanomat Digitoday on saanut useita ilmoituksia viime viikonloppuna ja tällä viikolla lähetetyistä […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.