Daily NCSC-FI news followup 2021-09-22

Russian state hackers use new TinyTurla malware as secondary backdoor

www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Security researchers at Cisco Talos say that TinyTurla is a “previously undiscovered” backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.

CISA Alert (AA21-265A) – Conti Ransomware

us-cert.cisa.gov/ncas/alerts/aa21-265a The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

Ransomware victims panicked while FBI secretly held REvil decryption key

arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/ For three weeks during the REvil ransomware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1, 500 networks, including those run by hospitals, schools, and businesses. The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip-off the REvil gang and had hoped to take down their operations, sources told the Post.

Second farming cooperative shut down by ransomware this week

www.bleepingcomputer.com/news/security/second-farming-cooperative-shut-down-by-ransomware-this-week/ Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. Crystal Valley is a farm supply and grain marketing cooperative serving farmers in Minnesota and northern Iowa. Yesterday, Crystal Valley disclosed that their company was targeted with a ransomware attack on Sunday that led them to shut down IT systems, preventing payments using Visa, Mastercard, and Discover credit cards.

Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials

therecord.media/microsoft-exchange-autodiscover-bug-leaks-hundreds-of-thousands-of-domain-credentials/ Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world. Discovered by Amit Serper, AVP of Security Research at security firm Guardicore, the bug resides in the Microsoft Autodiscover protocol, a feature of Exchange email servers that allows email clients to automatically discover email servers, provide credentials, and then receive proper configurations.

Hackers leak LinkedIn 700 million data scrape

therecord.media/hackers-leak-linkedin-700-million-data-scrape/ A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data.

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

Rikolliset lähettivät laskuja johtajan nimissä

yle.fi/uutiset/3-12110248 Länsi-Uudellamaan poliisi tutkii törkeää petosta, jossa yritys joutui todennäköisesti ulkomaisten rikollisten röyhkeän huijauksen kohteeksi. Länsi-Uudellamaalla sijaitsevan yrityksen maksuliikenteestä vastaavalle henkilölle oli lähetetty sähköpostiviesti, jossa yrityksen johtoasemassa ollut henkilö oli kehottanut maksamaan noin 50 000 euroa ulkomaalaiselle tilille. Samoissa nimissä oli lähetetty myös toinen yli 100 000 euron maksupyyntö.

TikTok, GitHub, Facebook Join Open-Source Bug Bounty

threatpost.com/tiktok-github-facebook-open-source-bug-bounty/174898/ As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program (IBB) to lure threat hunters’ attention to open-source supply chains.

Liettua paljasti Xiaomin kännyköiden sensuroivan käyttäjän hakuja ja kehotti ostoboikottiin suomalaisasiantuntija pitää paljastusta vakavana

yle.fi/uutiset/3-12109988 Liettuan viranomaisten mukaan Xiaomi-puhelimien sisään on rakennettu ohjelmisto, joka sensuroi Kiinalle epämiellyttäviä sanoja ja sloganeita. Suomessa Kyberturvallisuuskeskus selvittää asiaa.

VMSA-2021-0020: Questions & Answers

core.vmware.com/vmsa-2021-0020-questions-answers-faq VMware has released patches that address a new critical security advisory, VMSA-2021-0020. This needs your immediate attention if you are using vCenter Server.

You might be interested in …

Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also: thehackernews.com/2020/07/iranian-hacking-training-videos.html, arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/ Can the exfiltration of personal data by web trackers be stopped? freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of […]

Read More

Daily NCSC-FI news followup 2019-10-07

Mikko Hyppönen: Unohda nämä kaksi turvasääntöä www.is.fi/digitoday/tietoturva/art-2000006262088.html F-Securen tietoturvajohtaja Mikko Hyppönen haluaa kumota yleisen uskomuksen siitä, että kalastelun tai nettihuijauksen uhriksi joutuneet ihmiset olisivat tyhmiä tai tapahtunut olisi heidän omaa vikaansa.. Hyppösen mukaan verkkokonnien keksimät uudet keinot ovat tehneet kahdesta klassisesta turvallisen verkkosivuston tunnusmerkistä vanhentuneita. Nämä ovat osoiterivillä oleva lukon kuva sekä osoiterivillä näkyvä turvallisena […]

Read More

Daily NCSC-FI news followup 2020-02-23

U.S. Defense Agency That Secures Trumps Communications Confirms Data Breach www.forbes.com/sites/daveywinder/2020/02/21/us-defense-agency-that-secures-trumps-communications-confirms-data-breach/ The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach. Heres what is known so far. Governments of the world just ramped up spying on reporters www.cjr.org/first_person/ft-nations-surveillance-attacks.php Transparent Tribe: Four Years Later blog.yoroi.company/research/transparent-tribe-four-years-later/ Operation Transparent Tribe […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.