Rikolliset urkkivat suomalaisten pankkitunnuksia ota talteen vinkit turvalliseen asiointiin
www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia Kela, Keskusrikospoliisi ja Kyberturvallisuuskeskus kehottavat huolellisuuteen verkkopalveluihin kirjautumisessa. Rikolliset kalastelevat pankkitunnuksia suomalaisten pankkien ja Omakanta-palvelun nimissä. Asioithan verkossa turvallisesti ja tunnista huijaukset. Kerro huijauksista myös läheisillesi.
GhostEmperor: From ProxyLogon to kernel mode
securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the underlying cluster GhostEmperor. Our investigation into this activity leads us to believe that the underlying actor is highly skilled and accomplished in their craft, both of which are evident through the use of a broad set of unusual and sophisticated anti-forensic and anti-analysis techniques. also:
How nation-state attackers like NOBELIUM are changing cybersecurity
www.microsoft.com/security/blog/2021/09/28/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity/ This is the first post in a four-part series on the NOBELIUM nation-state cyberattack. Microsoft started telling the industry about this extremely advanced cyberattack in December 2020. The NOBELIUM blog series – which mirrors Microsoft’s four-part video series “Decoding NOBELIUM”will pull the curtain back on the world of threat detection and showcase insights from cybersecurity professionals on the front lines, both Microsoft defenders and other industry experts. also: Decoding NOBELIUM: The Docuseries –
www.microsoft.com/en-us/security/business/nation-state-attacks
A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. The campaign targets people who might be concerned that they are targeted by the Pegasus spyware. This targeting raises issues of possible state involvement, but there is insufficient information available to Talos to make any determination on which state or nation. It is possible that this is simply a financially motivated actor looking to leverage headlines to gain new access.
Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands
therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/ Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management.
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data
www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/ JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.
Undetected Azure Active Directory Brute-Force Attacks
www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
TA544 Targets Italian Organizations with Ursnif Malware
www.proofpoint.com/us/blog/security-briefs/ta544-targets-italian-organizations-ursnif-malware Proofpoint threat researchers identified an increase in targeted threats impacting Italian organizations in 2021. This spike in observed threats is largely driven by a group called TA544 leveraging the Ursnif banking trojan.
All your hashes are belong to us: An overview of malware hashing algorithms
www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-algorithms VirusTotal’s “Basic Properties” tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which hash function?
API Threat Research: Elastic Stack Misconfiguration Allows Data Extraction
salt.security/blog/api-threat-research-elastic-vuln Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally. As a result of API vulnerabilities our researchers identified in the Elastic Stack implementation, they were able to launch attacks where:. 1. Any user could extract sensitive customer and system data. 2. Any user could create a denial of service condition that would render the system unavailable
50% of Servers Have Weak Security Long After Patches Are Released
www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released Many servers remain vulnerable to high-severity flaws in Microsoft Exchange Server, VMware vCenter, Oracle WebLogic, and other popular products and services.
The New Security Basics: 10 Most Common Defensive Actions
www.darkreading.com/application-security/the-new-security-basics-10-most-common-defensive-actions Companies now commonly collect security metrics from their software development life cycle, implement basic security measures, and define their obligations to protect user data as part of a basic security strategy.
German IT security watchdog examines Xiaomi mobile phone
www.reuters.com/article/germany-security-china-idUSKBN2GP1BQ Germany’s federal cybersecurity watchdog, the BSI, is conducting a technical examination of a mobile phone manufactured by China’s Xiaomi Corp, a spokesperson for the interior ministry told Reuters on Wednesday.
Turkish national charged for DDoS attacks with the WireX botnet
therecord.media/turkish-national-charged-for-ddos-attacks-with-the-wirex-botnet/ US authorities have indicted today a Turkish national for using a now-defunct malware botnet to launch distributed denial-of-service (DDoS) attacks against a Chicago-based multinational hospitality company.
Uusi huijaus kiusaa nettikirppisten käyttäjiä “Kortti niistetään niin tyhjäksi kuin pystytään”, varoittaa asiantuntija
yle.fi/uutiset/3-12119203 Verkon vertaiskauppasivustoilla leviää uusi huijaus, jonka tarkoituksena on kalastella käyttäjien luottokorttitietoja.
Huijari on kalastellut henkilökohtaisia tietoja Kelan nimissä
www.is.fi/digitoday/art-2000008301415.html Kelan nimissä on kalasteltu puhelimitse muun muassa pankkitietoja.
Digituki on edelleen tuntematon käsite monelle
www.epressi.com/tiedotteet/sosiaaliset-kysymykset/digituki-on-edelleen-tuntematon-kasite-monelle.html Ärsyttääkö digilaitteet? Tuntuuko, ettei ne tottele lainkaan? Harmittaako, kun ei saa apua niiden kanssa? Nyt on ilo kertoa, että olet todennäköisesti väärässä. Digitukea nimittäin on tarjolla monella paikkakunnalla, usein ihan maksutta.
Kyberturvallisuuskeskus saamassa uusia tehtäviä
www.tivi.fi/uutiset/tv/3b9e608c-3841-46a7-b811-d95ee2a4b034 Hallitus esittää Kyberturvallisuuskeskusta nimettäväksi EU:n laajuiseen kyberturvallisuuden koordinointikeskusten verkostoon.
Ranion Ransomware – Quiet and Persistent RaaS
www.fortinet.com/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas Ranion is a Ransom-as-a-Service (RaaS) that has enjoyed unusual longevity as it has been active since at least February 2017. In this blog, FortiGuard Labs will explain how Ranion RaaS works.
Russian hacker Q&A: An Interview With REvil-Affiliated Ransomware Contractor
www.flashpoint-intel.com/blog/interview-with-revil-affiliated-ransomware-contractor/ A threat actor who claims to work with REvil and other sophisticated ransomware collectivesrecently spoke with Russian-language website Lenta[.]ru on the condition of anonymity.
Researchers Trick Locked iPhones Into Making $1300 Purchases
www.forbes.com/sites/leemathews/2021/09/30/researchers-trick-locked-iphones-into-making-1300-purchases/ A team of academics figured out a way to trick the combination of Apple Pay and Visa cards into silently authorizing massive payments. Even though the iPhones the researchers tested were locked during the transactions they were able to pilfer £1, 000 (about $1340). also: