Daily NCSC-FI news followup 2021-10-20

Onko sinulla kiire luopua rahoistasi?

poliisi.fi/blogi/-/blogs/onko-sinulla-kiire-luopua-rahoistasi Poliisin tietoon tulleiden tietoverkkoavusteisten rikosten uhriksi on joutunut jo tuhansia suomalaisia. Vaikka luulet, ettei niin voisi käydä sinulle, pysähdy ja mieti vielä hetki. Petosrikoksissa on kyse toisen erehdyttämisestä tai erehdyksen hyväksikäyttämisestä siten, että rikoksen uhrille syntyy taloudellista vahinkoa. …pelkästään muutamaan nykypäivänä yleiseen ja kohtalaisen tunnettuun petostapaan (niin sanottuihin nigerialaiskirjeisiin, rakkaus-, sijoitus-, laina-, HelpDesk- ja toimitusjohtajapetoksiin) liittyen on kirjattu tänä vuonna noin 1 400 rikosilmoitusta ja suomalaiset ovat menettäneet petosrikollisille yli 23 miljoonaa euroa.

U.S. Government set to ban sale of hacking tools to China and Russia

therecord.media/u-s-government-set-to-ban-sale-of-hacking-tools-to-china-and-russia/ The Commerce Department introduced a new export control rule on Wednesday aimed at curbing the export or resale of hacking tools to China and Russia. The regulation had been held up for years amid concern that attempting to curb such sales would inadvertently hobble defensive cyber efforts. Lisäksi:

www.commerce.gov/news/press-releases/2021/10/commerce-tightens-export-controls-items-used-surveillance-private. Lisäksi:

www.bleepingcomputer.com/news/security/us-govt-to-ban-export-of-hacking-tools-to-authoritarian-regimes/

OWASP’s 2021 List Shuffle: A New Battle Plan and Primary Foe

thehackernews.com/2021/10/owasps-2021-list-shuffle-new-battle.html In this increasingly chaotic world, there have always been a few constants that people could reliably count on:. The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the top ten most common and dangerous vulnerabilities that attackers are actively exploiting. Lisäksi: owasp.org/Top10/

Political-themed actor using old MS Office flaw to drop multiple RATs

www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/ A novel threat actor with unclear motivesis running a crimeware campaign delivering multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. Lisäksi:

blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html. Lisäksi:

threatpost.com/apt-commodity-rats-microsoft-bug/175601/

Zerodium wants zero-day exploits for Windows VPN clients

www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/ In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. Lisäksi:

therecord.media/zerodium-seeking-zero-days-in-expressvpn-nordvpn-and-surfshark-vpn-apps/

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

threatpost.com/vpn-exposes-data-1m/175612/ Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information (PII) of more than a million users in just the latest high-profile VPN security failure.

q-logger skimmer keeps Magecart attacks going

blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/ Although global e-commerce is continuing to grow rapidly, it seems as though Magecart attacks via digital skimmers have not followed the same trend. This is certainly true if we only look at recent newsworthy attacks; indeed when a victim is a large business or popular brand we typically are more likely to remember it.

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/ Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi.

DoS attacks against Russian firms have almost tripled in 2021

www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/ A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. Lisäksi:

rt-solar.ru/analytics/reports/2403/

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors

www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/ Researchers with Google’s Threat Analysis Group (TAG), who first spotted the campaign in late 2019, found that multiple hack-for-hire actors recruited via job ads on Russian-speaking forums were behind these attacks.

Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.

Twitter suspends hacker who allegedly stole data of 45 million Argentinians

www.zdnet.com/article/twitter-suspends-hacker-who-stole-data-of-46-million-argentinians/ Twitter has suspended a hacker who allegedly stole all of the data from Argentina’s database holding the IDs and information of all 45 million citizens of the country.

Thanks to COVID-19, New Types of Documents are Lost in The Wild

isc.sans.edu/diary/rss/27952 ..there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information. For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files. Lisäksi:

www.rfi.fr/en/france/20210924-health-officials-identify-suspects-behind-macron-s-qr-data-leak-health-pass-digital-security

Lasten digitaalista hyvinvointia ja turvallisuutta parannetaan yhteistyöllä – Microsoftin, Accenturen ja Pelastakaa Lasten viidesluokkalaisille suunnattu oppimisalusta otetaan käyttöön vuonna 2022

www.epressi.com/tiedotteet/avustukset-ja-vapaaehtoistyo/lasten-digitaalista-hyvinvointia-ja-turvallisuutta-parannetaan-yhteistyolla-microsoftin-accenturen-ja-pelastakaa-lasten-viidesluokkalaisille-… Monenlainen digilaitteiden käyttö voi olla lapsille hauskaa ja hyödyllistä, mutta digipalvelujen käyttöön liittyymyös haasteita ja vaikeita tilanteita. Lisäksi:

www.pelastakaalapset.fi/kehittamis-ja-asiantuntijatyo/digitaalinen-hyvinvointi-ja-lapsen-oikeudet/digitaalinen-hyvinvointi-ja-turvallisuus-kouluille/

You might be interested in …

Daily NCSC-FI news followup 2021-03-04

Selecting a Protective DNS Service media.defense.gov/2021/Mar/03/2002593055/-1/-1/0/CSI_PROTECTIVE%20DNS_UOO117652-21.PDF Due to the centrality of DNS for cybersecurity, the Department of Defense (DoD) included DNS filtering as a requirement in its Cybersecurity Maturity Model Certification (CMMC) standard (SC.3.192). Three Top Russian Cybercrime Forums Hacked krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/ Over the past few weeks, three of the longest running and most venerated Russian-language […]

Read More

Daily NCSC-FI news followup 2021-02-07

Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge www.theregister.com/2021/02/07/in_brief_security/ Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more. Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its […]

Read More

Daily NCSC-FI news followup 2020-09-10

Viranomainen varoittaa huijausviestistä – varo tätä sähköpostia www.is.fi/digitoday/tietoturva/art-2000006630773.html Apple ID -tunnusten kalastelu on nyt aktiivista. Huijauksen mukaan vastaanottajan Apple ID:tä olisi käytetty luvattomasti muualla Applen iCloud-palveluun kirjautumiseksi. Tämän väitetään tapahtuneen Moskovasta käsin. Mukana on keinotekoinen ip-osoite sekä päivämäärä ja kellonaika. Ne saattavat vaihdella viestistä toiseen. Katso myös meidän twiitti: https://twitter.com/CERTFI/status/1303604786361774080 Ransomware accounted for 41% of […]

Read More