Daily NCSC-FI news followup 2021-10-20

Onko sinulla kiire luopua rahoistasi?

poliisi.fi/blogi/-/blogs/onko-sinulla-kiire-luopua-rahoistasi Poliisin tietoon tulleiden tietoverkkoavusteisten rikosten uhriksi on joutunut jo tuhansia suomalaisia. Vaikka luulet, ettei niin voisi käydä sinulle, pysähdy ja mieti vielä hetki. Petosrikoksissa on kyse toisen erehdyttämisestä tai erehdyksen hyväksikäyttämisestä siten, että rikoksen uhrille syntyy taloudellista vahinkoa. …pelkästään muutamaan nykypäivänä yleiseen ja kohtalaisen tunnettuun petostapaan (niin sanottuihin nigerialaiskirjeisiin, rakkaus-, sijoitus-, laina-, HelpDesk- ja toimitusjohtajapetoksiin) liittyen on kirjattu tänä vuonna noin 1 400 rikosilmoitusta ja suomalaiset ovat menettäneet petosrikollisille yli 23 miljoonaa euroa.

U.S. Government set to ban sale of hacking tools to China and Russia

therecord.media/u-s-government-set-to-ban-sale-of-hacking-tools-to-china-and-russia/ The Commerce Department introduced a new export control rule on Wednesday aimed at curbing the export or resale of hacking tools to China and Russia. The regulation had been held up for years amid concern that attempting to curb such sales would inadvertently hobble defensive cyber efforts. Lisäksi:

www.commerce.gov/news/press-releases/2021/10/commerce-tightens-export-controls-items-used-surveillance-private. Lisäksi:

www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/

OWASP’s 2021 List Shuffle: A New Battle Plan and Primary Foe

thehackernews.com/2021/10/owasps-2021-list-shuffle-new-battle.html In this increasingly chaotic world, there have always been a few constants that people could reliably count on:. The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the top ten most common and dangerous vulnerabilities that attackers are actively exploiting. Lisäksi: owasp.org/Top10/

Political-themed actor using old MS Office flaw to drop multiple RATs

www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/ A novel threat actor with unclear motivesis running a crimeware campaign delivering multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. Lisäksi:

blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html. Lisäksi:

threatpost.com/apt-commodity-rats-microsoft-bug/175601/

Zerodium wants zero-day exploits for Windows VPN clients

www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/ In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. Lisäksi:

therecord.media/zerodium-seeking-zero-days-in-expressvpn-nordvpn-and-surfshark-vpn-apps/

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

threatpost.com/vpn-exposes-data-1m/175612/ Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information (PII) of more than a million users in just the latest high-profile VPN security failure.

q-logger skimmer keeps Magecart attacks going

blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/ Although global e-commerce is continuing to grow rapidly, it seems as though Magecart attacks via digital skimmers have not followed the same trend. This is certainly true if we only look at recent newsworthy attacks; indeed when a victim is a large business or popular brand we typically are more likely to remember it.

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/ Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi.

DoS attacks against Russian firms have almost tripled in 2021

www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/ A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. Lisäksi:

rt-solar.ru/analytics/reports/2403/

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors

www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/ Researchers with Google’s Threat Analysis Group (TAG), who first spotted the campaign in late 2019, found that multiple hack-for-hire actors recruited via job ads on Russian-speaking forums were behind these attacks.

Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.

Twitter suspends hacker who allegedly stole data of 45 million Argentinians

www.zdnet.com/article/twitter-suspends-hacker-who-stole-data-of-46-million-argentinians/ Twitter has suspended a hacker who allegedly stole all of the data from Argentina’s database holding the IDs and information of all 45 million citizens of the country.

Thanks to COVID-19, New Types of Documents are Lost in The Wild

isc.sans.edu/diary/rss/27952 ..there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information. For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files. Lisäksi:

www.rfi.fr/en/france/20210924-health-officials-identify-suspects-behind-macron-s-qr-data-leak-health-pass-digital-security

Lasten digitaalista hyvinvointia ja turvallisuutta parannetaan yhteistyöllä – Microsoftin, Accenturen ja Pelastakaa Lasten viidesluokkalaisille suunnattu oppimisalusta otetaan käyttöön vuonna 2022

www.epressi.com/tiedotteet/avustukset-ja-vapaaehtoistyo/lasten-digitaalista-hyvinvointia-ja-turvallisuutta-parannetaan-yhteistyolla-microsoftin-accenturen-ja-pelastakaa-lasten-viidesluokkalaisille-… Monenlainen digilaitteiden käyttö voi olla lapsille hauskaa ja hyödyllistä, mutta digipalvelujen käyttöön liittyymyös haasteita ja vaikeita tilanteita. Lisäksi:

www.pelastakaalapset.fi/kehittamis-ja-asiantuntijatyo/digitaalinen-hyvinvointi-ja-lapsen-oikeudet/digitaalinen-hyvinvointi-ja-turvallisuus-kouluille/

You might be interested in …

[NCSC-FI News] Mikko Hyppöseltä painava viesti Ukrainalle: “Kun sota on ohi…”

Länsimielisten hakkereiden saavutukset ovat tietoturvagurun mielestä uskomattomia. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers

In court documents unsealed on Wednesday, an FBI agent wrote that the WatchGuard firewalls hacked by Sandworm were “vulnerable to an exploit that allows unauthorized remote access to the management panels of those devices.” It wasn’t until after the court document was public that WatchGuard published this FAQ, which for the first time made reference […]

Read More

[NCSC-FI News] Western Digital app bug gives elevated privileges in Windows, macOS

Western Digital’s EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks EdgeRover is a centralized content management solution for Western Digital and SanDisk products, unifying multiple digital storage devices under a single […]

Read More