Daily NCSC-FI news followup 2021-10-14

Analyzing Email Services Abused for Business Email Compromise

www.trendmicro.com/en_us/research/21/j/analyzing-email-services-abused-for-business-email-compromise.html Like a number of online attacks and threats that took advantage of the changing work dynamics, business email compromise (BEC) remains one of the cybercrimes that causes the most financial losses for businesses despite the decrease in number of victims. Our continued monitoring of BEC activities showed a consistent increase in numbers during the year

Google analysed 80 million ransomware samples: Here’s what it found

www.zdnet.com/article/google-analysed-80-million-ransomware-samples-heres-what-it-found/ Google has published a new ransomware report, revealing Israel was far and away the largest submitter of samples during that period. The tech giant commissioned cybersecurity firm VirusTotal to conduct the analysis, which entailed reviewing 80 million ransomware samples from 140 countries. Lisäksi: the report

storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf. Lisäksi:

www.darkreading.com/threat-intelligence/virustotal-shares-data-on-ransomware-activity. Lisäksi:


Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

thehackernews.com/2021/10/google-were-tracking-270-state.html Google’s Threat Analysis Group (TAG) on Thursday said it’s tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50, 000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. Lisäksi:


A Telegram Bot Told Iranian Hackers When They Got a Hit

www.wired.com/story/apt35-iran-hackers-phishing-telegram-bot/ When the Iranian hacking group APT35 wants to know if one of its digital lures has gotten a bite, all it has to do is check Telegram. Whenever someone visits one of the copycat sites they’ve set up, a notification appears in a public channel on the messaging service, detailing the potential victim’s IP address, location, device, browser, and more. It’s not a push notification; it’s a phish notification.

DocuSign phishing campaign targets low-ranking employees

www.bleepingcomputer.com/news/security/docusign-phishing-campaign-targets-low-ranking-employees/ Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level.

Brazilian e-commerce firm Hariexpress leaks 1.75 billion sensitive files

www.zdnet.com/article/brazilian-e-commerce-firm-hariexpress-leaks-1-75-billion-sensitive-files Around 1.75 billion sensitive files were leaked by a Brazilian e-commerce integrator that provides services to some of the country’s largest online shopping websites.

Acer confirms breach of after-sales service systems in India

www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/ Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called “an isolated attack.”

University of Sunderland announces outage following cyberattack

www.bleepingcomputer.com/news/security/university-of-sunderland-announces-outage-following-cyberattack/ IT systems down, attributing the problem to a cyber-attack. The first signs of disruption for the university’s IT systems appeared in Tuesday morning, but remain widely impactful and unresolved.

Microsoft releases Linux version of the Windows Sysmon tool

www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/ Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity.

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

thehackernews.com/2021/10/experts-warn-of-unprotected-prometheus.html A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.

Passengers couldn’t fly after NHS vaccine passport went offline

arstechnica.com/information-technology/2021/10/passengers-couldnt-fly-after-nhs-vaccine-passport-went-offline/ England’s COVID Pass system went offline for hours on Wednesday, causing British travelers to remain stranded at airports. Some passengers couldn’t board their flights, while others suffered delays as both the National Health Service (NHS) website and app experienced issues.

Thieves abused Apple’s enterprise app programs to steal $1.4 million in crypto

appleinsider.com/articles/21/10/14/thieves-abused-apples-enterprise-app-programs-to-steal-14-million-in-crypto A scam circulating for six months has evolved to impact iOS users. The CryptoRom fraud implementation is fairly straight-forward after gaining a victim’s trust through social media or existing data apps, users are fooled into installing a modified version of a cryptocurrency exchange, baited into investing, and then defrauded out of cash.

Varo, Wilman käyttäjä käyttäjien tietoja kalastellaan

www.is.fi/digitoday/tietoturva/art-2000008331529.html Wilman tunnuksia kalastetaan väärennetyn sivun kautta. Järvenpään kaupunki varoittaa vanhempia. Hyökkääjä pyrkii keräämään käyttäjien käyttäjätunnuksia ja salasanoja. Sivusto on verkkorikollisen tekemä.

You might be interested in …

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More

Daily NCSC-FI news followup 2020-08-30

Major internet outage: Dozens of websites and apps are down edition.cnn.com/2020/08/30/tech/internet-outage-cloudflare/index.html Cloudflare, an internet service that is supposed to keep websites up and running, was down itself Sunday, taking dozens of websites and online services along with it. Hulu, the PlayStation Network, Xbox Live, Feedly, Discord, and dozens of other services reported connectivity problems Sunday […]

Read More

Daily NCSC-FI news followup 2019-12-25

Toistasataa kiinalaista pidätettiin Nepalissa epäiltynä kyberhuijauksesta yle.fi/uutiset/3-11134577 Ratsiassa takavarikoitiin yli 700 puhelinta ja 400 tietokonetta. Staying Cyber-Safe This Holiday Season www.fortinet.com/blog/industry-trends/staying-cyber-safe-this-holiday-season.html Look-alike websites, fake shipping notifications, e-cards, emergency scams, phony charities, free gift cards etc. These are the most common forms of holiday scams. Signs of Phishing: Protecting Yourself During the Holidays www.tripwire.com/state-of-security/featured/signs-of-phishing-protecting-yourself-during-the-holidays/ Some things […]

Read More