Daily NCSC-FI news followup 2021-10-19

Kyberturvallisuuskeskus kartoittaa jälleen suojaamattomia automaatiojärjestelmiä

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kartoitus2021 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus etsii tietoverkoista suojaamattomia automaatiolaitteita. Työn tavoitteena on parantaa tilannekuvaa ja kyberturvallisuutta Suomessa. Saatuja tuloksia verrataan aikaisempien vuosien tuloksiin.

Oraclen lokakuun 2021 kriittiset korjaukset

www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_33/2021 Oracle on julkaissut ennakkotiedotteen 418 tietoturvapäivityksestä yhteensä 29 eri tuotteeseensa. Mukana on myös useita kymmeniä pienemmän kriittisyysluokan päivityksiä. Suosittelemme päivittämään nopeasti ja seuraamaan valmistajan ohjeita. Lisäksi:

www.oracle.com/security-alerts/cpuoct2021.html

Social Now Among Top Three Sectors to be Imitated in Phishing Attempts in Q3 2021

blog.checkpoint.com/2021/10/19/social-now-among-top-three-sectors-to-be-imitated-in-phishing-attempts-in-q3-2021/ Our latest Brand Phishing Report for Q3 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September 2021.

Trickbot module descriptions

securelist.com/trickbot-module-descriptions/104603/ Over the years, Trickbot has acquired dozens of auxiliary modules that steal credentials and sensitive information, spread it over the local network using stolen credentials and vulnerabilities,

About 26% of all malicious JavaScript threats are obfuscated

www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/ A research that analyzed over 10, 000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.

LightBasin hacking group breaches 13 global telecoms in two years

www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/ A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

thehackernews.com/2021/10/cybersecurity-experts-warn-of-rise-in.html A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.

LightBasin: A Roaming Threat to Telecommunications Companies

www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/ CrowdStrike Services, CrowdStrike Intelligence and Falcon OverWatch have investigated multiple intrusions within the telecommunications sector from a sophisticated actor tracked as the LightBasin activity cluster, also publicly known as UNC1945.

Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability

www.bleepingcomputer.com/news/microsoft/microsoft-issues-advisory-for-surface-pro-3-tpm-bypass-vulnerability/ Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments.

South African police arrest eight romance scammers for stealing $6.85 million

therecord.media/south-african-police-arrest-eight-romance-scammers-for-stealing-6-85-million/ The South African Police Service has arrested eight suspects on charges of engaging in romance scams and stealing more than 100 million rand ($6.85 million) from victims.

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html ybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Lisäksi:

www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant. Lisäksi: threatpost.com/ta505-retooled-flawedgrace-rat/175559/

CSIRT – Law Enforcement Cooperation Workshop – 10 Years of Joint Efforts against Cybercrime

www.enisa.europa.eu/news/csirt-law-enforcement-cooperation-workshop-10-years-of-joint-efforts-against-cybercrime The European Union Agency for Cybersecurity, (ENISA) and Europol’s European Cybercrime Centre (EC3) organised the 10th Annual Workshop for CSIRTs and law enforcement.

You might be interested in …

Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known […]

Read More

Daily NCSC-FI news followup 2021-04-06

Spy Operations Target Vietnam with Sophisticated RAT threatpost.com/spy-operations-vietnam-rat/165243/ An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known […]

Read More

Daily NCSC-FI news followup 2021-10-09

FinSpy: the ultimate spying tool www.kaspersky.com/blog/finspy-for-windows-macos-linux/42383/ FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users. Heres what it can do and how to stay protected. At Kasperskys recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read […]

Read More