Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia

blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two documents written in Russian language and weaponized with the same malicious macro. One of the lures is about the trade and economic issues between Russia and the Korean Peninsula. The other one is about a meeting of the intergovernmental Russian-Mongolian commission. In this blog post we [Malwarebytes] provide on overview of this campaign that uses two different UAC bypass techniques and clever obfuscation tricks to remain under the radar.

Veikkaus epäilee: satoja pelitilejä yritetty hakkeroida robotin avulla “Kannattaa arvioida oma salasana”

www.kauppalehti.fi/uutiset/veikkaus-epailee-satoja-pelitileja-yritetty-hakkeroida-robotin-avulla-kannattaa-arvioida-oma-salasana/ac1559b9-a1e0-40c6-84d5-57195795f8ff Veikkaus on havainnut normaalista poikkeavia yrityksiä kirjautua yrityksen verkkopalveluun. Asiasta tehdyn tutkinnan perusteella epäilyttävät kirjautumisyritykset keskittyvät heinäkuun alkuun 2021. Hyökkääjän epäillään käyttäneen ohjelmallisia työkaluja, joiden avulla robotti pyrki kirjautumaan asiakkaiden pelitileille arvaamalla käyttäjätunnuksen ja salasanan. Veikkauksen verkkosivujen mukaan hyökkääjä on tällä tavoin saattanut päästä kirjautumaan enintään noin 800 asiakkaan pelitilille. Yhtiö on ottanut yhteyttä mahdollisen hyökkäyksen kohteeksi joutuneisiin asiakkaisiin ja nollannut heidän vanhat salasanansa.

Hundreds of thousands of Realtek-based devices under attack from IoT botnet

therecord.media/hundreds-of-thousands-of-realtek-based-devices-under-attack-from-iot-botnet/ A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang. The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog. Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs). According to the research team, the vulnerability, which resided in a web panel used to configure the SDK/device, allowed a remote attacker to connect to these devices via malformed URL web panel parameters, bypass authentication, and run malicious code with the highest privileges, effectively taking over the device.

Do Open-Source Supply Chains Leave Security Gaps in Your Organization?

www.infosecurity-magazine.com/opinions/open-source-supply-chainssecurity/ There has been a 430% year-on-year increase in attacks targeting open source components to infect software supply chains in the last year. Infiltrating open source libraries can also be a more covert approach than directly attacking organizations if it’s already part of a trusted supply chain, its malicious activity will be detected. Organizations need to ensure that developers are armed with the automation and clear processes required to incorporate security and vulnerability checks in new software; repositories also need to shoulder the burden and review the submitted code.

You might be interested in …

Daily NCSC-FI news followup 2019-10-01

Yritysten kybervarautumisen tilanne ei juurikaan ole muuttunut uhat ovat yleistyneet www.kauppakamarilehti.fi/index.php/ajankohtaista/yritysten-kybervarautumisen-tilanne-ei-juurikaan-ole-muuttunut-uhat-ovat-yleistyneet/ Selvitys tehtiin syksyllä 2019 yhteistyössä CyVantage LLC:n kanssa. Yrityksiin kohdistuvat kyberuhat 2019 -selvitys osoittaa että niin yritysten kuin viranomaisten toiminnassa torjua kyberuhkia on paljon kehitettävää. Selvitys on kolmas, mikä aiheesta on tehty. Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/ […]

Read More

Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts o365blog.com/post/phishing/ Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/ U.S. Bookstore giant Barnes & Noble has disclosed that they […]

Read More

Daily NCSC-FI news followup 2021-09-29

Russia arrests top cybersecurity executive in treason case www.reuters.com/technology/moscow-office-group-ib-cybersecurity-firm-searched-by-police-company-2021-09-29/ Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm. DarkHalo after SolarWinds: the Tomiris connection securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/ Tomiris […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.