Daily NCSC-FI news followup 2021-09-29

Russia arrests top cybersecurity executive in treason case

www.reuters.com/technology/moscow-office-group-ib-cybersecurity-firm-searched-by-police-company-2021-09-29/ Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm.

DarkHalo after SolarWinds: the Tomiris connection

securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/ Tomiris is a backdoor written in Go whose role is to continuously query its C2 server for executables to download and execute on the victim system.

New GriftHorse malware has infected more than 10 million Android phones

therecord.media/new-grifthorse-malware-has-infected-more-than-10-million-android-phones/ Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.. see also


FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html Trend Micro detected a new campaign using a recent version of the known FormBook malware, an infostealer that has been around since 2016. Several analyses have been written about FormBook in the last few years, including the expanded support for macOS.

Conti Ransomware Expands Ability to Blow Up Backups

threatpost.com/conti-ransomware-backups/175114/ The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

Vaccine passport app leaks users personal data

blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/ Security and privacy advocates may have cause to worry after all: Portpass, a vaccine passport app in Canada, has been found to have been exposing the personal data of its users for an unknown length of time.

Bandwidth CEO confirms outages caused by DDoS attack

www.zdnet.com/article/bandwidth-ceo-confirms-outages-caused-by-ddos-attack/ Voice over Internet Protocol (VoIP) services company Bandwidth.com has confirmed that it was suffering from outages after reports emerged on Monday night that the service was dealing from a DDoS attack.

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

blog.malwarebytes.com/opinion/2021/09/microsoft-cisa-and-nsa-offer-orgs-security-tools-and-advice-but-will-those-that-need-it-the-most-be-the-ones-that-use-it/ Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN.


www.cisa.gov/news/2021/09/28/cisa-releases-new-tool-help-organizations-guard-against-insider-threats The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.

Story of the creds-leaking Exchange Autodiscover flaw the one Microsoft wouldn’t fix even after 5 years

www.theregister.com/2021/09/27/microsoft_exchange_autodiscover/ Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft’s advice continues to be that customers should communicate only with servers they trust.

The Rise of One-Time Password Interception Bots

krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/ In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Cybercriminals top LOLBins

www.kaspersky.com/blog/most-used-lolbins/42180/ Cybercriminals have long used legitimate programs and operating system components to attack Microsoft Windows users, a tactic known as Living off the Land. . In doing so, theyre attempting to kill several birds with one cyberstone, reducing the cost of developing a malware toolkit, minimizing their operating system footprint, and disguising their activity among legitimate IT actions.

Facebook open-sources internal tool used to detect security bugs in Android apps

therecord.media/facebook-open-sources-internal-tool-used-to-detect-security-bugs-in-android-apps/ Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications.

You might be interested in …

Daily NCSC-FI news followup 2019-11-01

Safe downloading habits: What to teach your kids www.welivesecurity.com/2019/11/01/safe-downloading-habits-teach-kids/ Even if you are careful about what you click and download, chances are your children will be less cautious. Heres how you can help them and your entire family stay safe. Life without the internet is rather difficult to fathom, and particularly for children the online […]

Read More

Daily NCSC-FI news followup 2021-06-27

Builder for Babuk Locker ransomware leaked online therecord.media/builder-for-babuk-locker-ransomware-leaked-online/ The builder for the Babuk Locker ransomware was leaked online this week, allowing easy access to an advanced ransomware strain to any would-be criminal group looking to get into the ransomware scene with little to no development effort Google announces unified vulnerability schema to strengthen open-source security […]

Read More

Daily NCSC-FI news followup 2021-08-17

BadAlloc Vulnerability Affecting BlackBerry QNX RTOS us-cert.cisa.gov/ncas/alerts/aa21-229a On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerabilityCVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. myös: www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2021 Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Today, Mandiant disclosed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.