Daily NCSC-FI news followup 2021-09-28

Kansallisen turvallisuuden katsaus 2021

supo.fi/kansallisen-turvallisuuden-katsaus Kyberuhkista keskeisin on valtiollinen kybervakoilu. Suomeen kohdistuu jatkuvia kybervakoiluyrityksiä, eikä toiminnan odoteta laantuvan pitkälläkään aikavälillä.. katso myös supo.fi/kyberuhkat

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.

FinSpy: unseen findings

securelist.com/finspy-unseen-findings/104322/ FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011.. Apart from the Trojanized installers, we also observed infections involving usage of a UEFI or MBR bootkit. While the MBR infection has been known since at least 2014, details on the UEFI bootkit are publicly revealed in this article for the first time.

4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan

www.recordedfuture.com/chinese-apt-groups-target-afghan-telecommunications-firm/ Insikt Group has detected separate intrusion activity targeting a mail server of Roshan, one of Afghanistans largest telecommunications providers, linked to 4 distinct Chinese state-sponsored threat activity groups. . This includes activity we attribute to the Chinese state-sponsored groups RedFoxtrot and Calypso APT, as well as 2 additional clusters using the Winnti and PlugX backdoors that we have been unable to link to established groups at this time. . see also

therecord.media/suspected-chinese-state-linked-threat-actors-infiltrated-major-afghan-telecom-provider/

Poliisi tunnisti kasvoja ohjelmalla, jonka tietoturvariskejä ei selvitetty riittävän hyvin KRP sai huomautuksen tietosuojavaltuutetulta

yle.fi/uutiset/3-12118726 Poliisin tulee nyt ilmoittaa kuvien käytöstä niille, joiden henkilöllisyys on tiedossa. KRP ei käytä enää Clearview AI – -kasvojentunnistusohjelmaa. Poliisi kertoo ottavansa huomautuksen vakavasti.

Microsoft 365 MFA outage locks users out of their accounts

www.bleepingcomputer.com/news/microsoft/microsoft-365-mfa-outage-locks-users-out-of-their-accounts/ Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts.

Twitter web client outage forces users to log out, blocks logins

www.bleepingcomputer.com/news/technology/twitter-web-client-outage-forces-users-to-log-out-blocks-logins/ Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets.

NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs

www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/ The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet today detailing factors to consider when choosing a virtual private network (VPN) and top configurations for deploying it securely. . full report

media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF

US arrests 33 BEC scammers linked to Nigerian crime syndicate

therecord.media/us-arrests-33-bec-scammers-linked-to-nigerian-crime-syndicate/ The FBI has arrested 33 individuals across Texas for a series of cybercrime-related activities, including BEC and romance scams.

Ukraine takes down call centers behind cryptocurrency investor scams

www.bleepingcomputer.com/news/security/ukraine-takes-down-call-centers-behind-cryptocurrency-investor-scams/ The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency investors worldwide.

Apple AirTag Bug Enables Good Samaritan Attack

krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/ The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owners phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page or to any other malicious website.

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack

www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/ Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a “sophisticated” cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed.

Phone screenshots accidentally leaked online by stalkerware-type company

blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/ pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones.. According to Jo Coscia, the security researcher who discovered the issue while using a trial version of pcTattleTale, the company uploads the screenshots to an unsecured AWS bucket.

New Microsoft Exchange service mitigates high-risk bugs automatically

www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-service-mitigates-high-risk-bugs-automatically/ Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates.

You might be interested in …

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social […]

Read More

Daily NCSC-FI news followup 2021-10-17

Do Not Exchange! It has a Shell Inside www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside Threat Researchers recently discovered several new Microsoft Exchange vulnerabilities in ProxyShell that allow attackers to gain remote-code execution capabilities. While these vulnerabilities were disclosed to Microsoft and mostly patched prior to the technical details of the vulnerabilities becoming public, many Exchange servers were left unpatched and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.