Daily NCSC-FI news followup 2021-09-22

Russian state hackers use new TinyTurla malware as secondary backdoor

www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Security researchers at Cisco Talos say that TinyTurla is a “previously undiscovered” backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.

CISA Alert (AA21-265A) – Conti Ransomware

us-cert.cisa.gov/ncas/alerts/aa21-265a The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

Ransomware victims panicked while FBI secretly held REvil decryption key

arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/ For three weeks during the REvil ransomware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1, 500 networks, including those run by hospitals, schools, and businesses. The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip-off the REvil gang and had hoped to take down their operations, sources told the Post.

Second farming cooperative shut down by ransomware this week

www.bleepingcomputer.com/news/security/second-farming-cooperative-shut-down-by-ransomware-this-week/ Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. Crystal Valley is a farm supply and grain marketing cooperative serving farmers in Minnesota and northern Iowa. Yesterday, Crystal Valley disclosed that their company was targeted with a ransomware attack on Sunday that led them to shut down IT systems, preventing payments using Visa, Mastercard, and Discover credit cards.

Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials

therecord.media/microsoft-exchange-autodiscover-bug-leaks-hundreds-of-thousands-of-domain-credentials/ Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world. Discovered by Amit Serper, AVP of Security Research at security firm Guardicore, the bug resides in the Microsoft Autodiscover protocol, a feature of Exchange email servers that allows email clients to automatically discover email servers, provide credentials, and then receive proper configurations.

Hackers leak LinkedIn 700 million data scrape

therecord.media/hackers-leak-linkedin-700-million-data-scrape/ A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data.

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

Rikolliset lähettivät laskuja johtajan nimissä

yle.fi/uutiset/3-12110248 Länsi-Uudellamaan poliisi tutkii törkeää petosta, jossa yritys joutui todennäköisesti ulkomaisten rikollisten röyhkeän huijauksen kohteeksi. Länsi-Uudellamaalla sijaitsevan yrityksen maksuliikenteestä vastaavalle henkilölle oli lähetetty sähköpostiviesti, jossa yrityksen johtoasemassa ollut henkilö oli kehottanut maksamaan noin 50 000 euroa ulkomaalaiselle tilille. Samoissa nimissä oli lähetetty myös toinen yli 100 000 euron maksupyyntö.

TikTok, GitHub, Facebook Join Open-Source Bug Bounty

threatpost.com/tiktok-github-facebook-open-source-bug-bounty/174898/ As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program (IBB) to lure threat hunters’ attention to open-source supply chains.

Liettua paljasti Xiaomin kännyköiden sensuroivan käyttäjän hakuja ja kehotti ostoboikottiin suomalaisasiantuntija pitää paljastusta vakavana

yle.fi/uutiset/3-12109988 Liettuan viranomaisten mukaan Xiaomi-puhelimien sisään on rakennettu ohjelmisto, joka sensuroi Kiinalle epämiellyttäviä sanoja ja sloganeita. Suomessa Kyberturvallisuuskeskus selvittää asiaa.

VMSA-2021-0020: Questions & Answers

core.vmware.com/vmsa-2021-0020-questions-answers-faq VMware has released patches that address a new critical security advisory, VMSA-2021-0020. This needs your immediate attention if you are using vCenter Server.

You might be interested in …

[NCSC-FI News] HP fixes bug letting attackers overwrite firmware in over 200 models

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2022-02-20

Despite years of preparation, Ukraines electric grid still an easy target for Russian hackers www.politico.com/news/2022/02/19/despite-years-of-preparation-ukraines-electric-grid-still-far-from-ready-for-russian-hackers-00010373 If Russia wants to take down the Ukrainian electric system, I have full confidence that they can, and the Ukrainian playbook in many ways is in a place where preventions not going to happen, Robert M. Lee, CEO and co-founder […]

Read More

[NCSC-FI News] Everscale blockchain wallet shutters web version after vulnerability found

The company behind Ever Surf, a wallet for the Everscale blockchain ecosystem, is shuttering its web version after a vulnerability was found by Check Point researchers. The Ever Surf team confirmed that the vulnerability allowed attackers to gain access to wallets. Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.