Daily NCSC-FI news followup 2021-08-05

Energy group ERG reports minor disruptions after ransomware attack

www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/ Italian energy company ERG reports “only a few minor disruptions” affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems.

Linux version of BlackMatter ransomware targets VMware ESXi servers

www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/ The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware’s ESXi virtual machine platform.

Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals

therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/ A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.

Ransomware Gangs and the Name Game Distraction

krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.

Prometheus TDS: The $250 service behind recent malware attacks

www.bleepingcomputer.com/news/security/prometheus-tds-the-250-service-behind-recent-malware-attacks/ Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.

EU officials investigating breach of Cybersecurity Atlas project

therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/ The European Commission is investigating a breach of its Cybersecurity Atlas project after a copy of the site’s backend database was put up for sale on an underground cybercrime forum on Monday. While by the nature of being a public inventory of contacts details, the data in the Cybersecurity Atlas and its members was supposed to be public and accessible by design, The Record was able to confirm that this information was an SQL database dump of the project’s Drupal website rather than being a scrape of data listed on the official site.

Tutkimus: Puolet Suomen väestöstä joutunut teknisen tuen huijausten kohteeksi viimeisen vuoden aikana

news.microsoft.com/fi-fi/2021/08/04/tech-support-scam-research-2021/ Microsoftin teettämän tutkimuksen mukaan puolet Suomessa asuvista aikuisista on altistunut teknisen tuen huijauksille, ja 3 % on menettänyt rahaa näissä huijauksissa. Puhelinyhteydenottojen ja sähköpostin lisäksi huijarit hyödyntävät nyt myös esimerkiksi ammattimaisen näköisesti tehtyjä verkkosivuja ja ponnahdusikkunoita.

Saitko tällaisen sähköpostin? Kavala huijaus yrittää viedä sometilisi

www.tivi.fi/uutiset/tv/83471bdc-f5f1-44c6-a6de-2cb78a8ef73d Tietojenkalastelijat pyrkivät hyödyntämään tekijänoikeusloukkausten yleisyyttä Instagram-tilien kaappaamiseksi. Traficomin Kyberturvallisuuskeskus tiedottaa Twitterissä liikkeellä olevasta sähköpostihuijauksesta, jonka tavoitteena on kaapata uhrin Instagram-tili.

Spam and phishing in Q2 2021

securelist.com/spam-and-phishing-in-q2-2021/103548/ In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials.

Lessons Learned From Examining More Than a Decade of Public ICS/OT Exploits

www.dragos.com/blog/industry-news/lessons-learned-from-examining-decade-of-public-ics-ot-exploits-data/ report:

hub.dragos.com/hubfs/Whitepapers/Examining%20Public%20ICS%20OT%20Exploits%20-%20Dragos%202021.pdf?hsLang=en

Facebook bans academics who researched ad transparency and misinformation on Facebook

www.theverge.com/2021/8/4/22609020/facebook-bans-academic-researchers-ad-transparency-misinformation-nyu-ad-observatory-plug-in The researchers say their work is being silenced. Facebook has banned the personal accounts of academics who researched ad transparency and the spread of misinformation on the social network. Facebook says the group violated its term of service by scraping user data without permission. But the academics say they are being silenced for exposing problems on Facebook’s platform.

How a fake network pushes pro-China propaganda

www.bbc.com/news/world-asia-china-58062630 A sprawling network of more than 350 fake social media profiles is pushing pro-China narratives and attempting to discredit those seen as opponents of China’s government, according to a new study. The aim is to delegitimise the West and boost China’s influence and image overseas, the report by the Centre for Information Resilience (CIR) suggests.

New CISA chief announces Joint Cyber Defense Collaborative with private sector

therecord.media/new-cisa-chief-announces-joint-cyber-defense-collaborative-with-private-sector/ The new Cybersecurity and Infrastructure Security Agency Director Jen Easterly appealed to the private sector for help fending off digital attackers and announced an initiative called the Joint Cyber Defense Collaborative (JCDC) partnering with major tech and cybersecurity firms Thursday at the Black Hat Security conference. The initial partners in the program are Crowdstrike, Palo Alto, FireEye, Amazon Web Services, Google, Microsoft, AT&T, Verizon, and Lumen, according to Easterly.

Security company warns of Mitsubishi industrial control vulnerabilities

www.zdnet.com/article/security-company-warns-of-mitsubishi-industrial-control-vulnerabilities/ Nozomi Networks Labs has discovered five vulnerabilities affecting Mitsubishi safety PLCs.

Microsoft announces new Super Duper Secure Mode’ for Edge

therecord.media/microsoft-announces-new-super-duper-secure-mode-for-edge/ Microsoft said today it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature [V8 JIT] in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode.

Messaging Apps Have an Eavesdropping Problem

www.wired.com/story/signal-facebook-messenger-eavesdropping-vulnerabilities/ Vulnerabilities in Signal, Facebook Messenger, Google Duo, and more all point to a pervasive privacy issue. “I find interaction-less bugs to be the most interesting class of vulnerabilities just because they’re so useful to attackers, ” Silvanovich says. “If a user doesn’t have to do anything, that’s the easiest thing.”

You might be interested in …

Daily NCSC-FI news followup 2021-03-27

Google’s top security teams unilaterally shut down a counterterrorism operation www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ Google’s Project Zero and Threat Analysis Group teams found the hacking group exploiting 11 zero-day vulnerabilities in just nine months, a high number of exploits over a short period. Software that was attacked included the Safari browser on iPhones but also many Google products, […]

Read More

Daily NCSC-FI news followup 2021-05-01

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and […]

Read More

Daily NCSC-FI news followup 2021-07-21

Virtuaalivaluuttoihin liittyviä rahanpesuilmoituksia alkuvuonna yli 3, 4 miljoonaa kappaletta, kertoo KRP www.is.fi/digitoday/tietoturva/art-2000008140592.html Selvittelykeskus kirjasi kesäkuun loppuun mennessä rahanpesurekisteriin ennätykselliset yli 3466000 epäilyttävää liiketoimea tai epäiltyä terrorismin rahoittamista koskevaa ilmoitusta. Näistä noin 26600 tuli muilta kuin virtuaalivaluuttapalveluihin liittyviltä tahoilta. Suomi ja Singapore 6g-yhteistyöhön “Voimme saavuttaa molemminpuolista etua” www.tivi.fi/uutiset/tv/45e16ffc-1ba1-411e-87be-edbcd797803f Oulun yliopiston koordinoima 6g-teknologian tutkimus- ja kehitysohjelma 6g […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.