Daily NCSC-FI news followup 2021-09-29

Russia arrests top cybersecurity executive in treason case

www.reuters.com/technology/moscow-office-group-ib-cybersecurity-firm-searched-by-police-company-2021-09-29/ Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm.

DarkHalo after SolarWinds: the Tomiris connection

securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/ Tomiris is a backdoor written in Go whose role is to continuously query its C2 server for executables to download and execute on the victim system.

New GriftHorse malware has infected more than 10 million Android phones

therecord.media/new-grifthorse-malware-has-infected-more-than-10-million-android-phones/ Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.. see also


FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html Trend Micro detected a new campaign using a recent version of the known FormBook malware, an infostealer that has been around since 2016. Several analyses have been written about FormBook in the last few years, including the expanded support for macOS.

Conti Ransomware Expands Ability to Blow Up Backups

threatpost.com/conti-ransomware-backups/175114/ The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

Vaccine passport app leaks users personal data

blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/ Security and privacy advocates may have cause to worry after all: Portpass, a vaccine passport app in Canada, has been found to have been exposing the personal data of its users for an unknown length of time.

Bandwidth CEO confirms outages caused by DDoS attack

www.zdnet.com/article/bandwidth-ceo-confirms-outages-caused-by-ddos-attack/ Voice over Internet Protocol (VoIP) services company Bandwidth.com has confirmed that it was suffering from outages after reports emerged on Monday night that the service was dealing from a DDoS attack.

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

blog.malwarebytes.com/opinion/2021/09/microsoft-cisa-and-nsa-offer-orgs-security-tools-and-advice-but-will-those-that-need-it-the-most-be-the-ones-that-use-it/ Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN.


www.cisa.gov/news/2021/09/28/cisa-releases-new-tool-help-organizations-guard-against-insider-threats The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.

Story of the creds-leaking Exchange Autodiscover flaw the one Microsoft wouldn’t fix even after 5 years

www.theregister.com/2021/09/27/microsoft_exchange_autodiscover/ Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft’s advice continues to be that customers should communicate only with servers they trust.

The Rise of One-Time Password Interception Bots

krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/ In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Cybercriminals top LOLBins

www.kaspersky.com/blog/most-used-lolbins/42180/ Cybercriminals have long used legitimate programs and operating system components to attack Microsoft Windows users, a tactic known as Living off the Land. . In doing so, theyre attempting to kill several birds with one cyberstone, reducing the cost of developing a malware toolkit, minimizing their operating system footprint, and disguising their activity among legitimate IT actions.

Facebook open-sources internal tool used to detect security bugs in Android apps

therecord.media/facebook-open-sources-internal-tool-used-to-detect-security-bugs-in-android-apps/ Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications.

You might be interested in …

Daily NCSC-FI news followup 2020-03-03

Iltalehti: Asiantuntija varoittaa Suomea salakavalasta kyberiskusta: Onnistuessaan aika jäätävä www.iltalehti.fi/kotimaa/a/8d95f851-42fc-4955-af7b-89fbd631d808 Kyberturvallisuutta ja tiedustelua Jyväskylän yliopistossa tutkiva ja opettava filosofian tohtori Martti J. Kari toteaa, että maan vakautta vakavasti horjuttamaan pyrkivät tietoverkkojen kautta tehtävät kyberoperaatiot ovat tulevaisuudessa yhä mahdollisempia.. Hän pohjaa näkemyksensä viralliseen kansalliseen riskiarvioon, joiden mukaan kyberhyökkäysten todennäköisyys on kasvussa. Näillä hyökkäyksillä tarkoitetaan myös maan […]

Read More

Daily NCSC-FI news followup 2019-10-18

KRP epäilee: Rikosliiga hankki suomalaisia henkilötunnuksia ja pankkitilejä kuin liukuhihnalta kansainvälisessä petossarjassa yle.fi/uutiset/3-11026054 KRP:n mukaan asianomistajille aiheutuneet vahingot ovat olleet tutkittavassa kokonaisuudessa yhteensä noin 725 000 euroa. APT trends report Q3 2019 securelist.com/apt-trends-report-q3-2019/94530/ UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors. www.infosecurity-magazine.com/news/uk-government-announces/ See also […]

Read More

Daily NCSC-FI news followup 2021-10-20

Onko sinulla kiire luopua rahoistasi? poliisi.fi/blogi/-/blogs/onko-sinulla-kiire-luopua-rahoistasi Poliisin tietoon tulleiden tietoverkkoavusteisten rikosten uhriksi on joutunut jo tuhansia suomalaisia. Vaikka luulet, ettei niin voisi käydä sinulle, pysähdy ja mieti vielä hetki. Petosrikoksissa on kyse toisen erehdyttämisestä tai erehdyksen hyväksikäyttämisestä siten, että rikoksen uhrille syntyy taloudellista vahinkoa. …pelkästään muutamaan nykypäivänä yleiseen ja kohtalaisen tunnettuun petostapaan (niin sanottuihin nigerialaiskirjeisiin, […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.