Daily NCSC-FI news followup 2021-10-26

FBI: Ranzy Locker ransomware hit at least 30 US companies this year

www.bleepingcomputer.com/news/security/fbi-ranzy-locker-ransomware-hit-at-least-30-us-companies-this-year/ The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.’

Suspected cyberattack temporarily disrupts gas stations across Iran

therecord.media/suspected-cyberattack-temporarily-disrupts-gas-stations-across-iran/ A software glitch believed to have been caused by a cyberattack has disrupted gas stations across Iran and defaced gas pump screens and gas price billboards. The incident, which took place earlier this morning, impacted the IT network of NIOPDC, a state-owned gas distribution company that manages more than 3, 500 gas stations across Iran.

Tori.fi:ssä tietovuoto

www.iltalehti.fi/tietoturva/a/fe54b215-1b25-47d4-a738-5378616c4b70 Tori.fi vahvistaa Iltalehdelle, että käyttäjien piilotettuja puhelinnumeroita on päässyt vuotamaan. Tori.fi vaatii puhelinnumeron ilmoittamista myynti-ilmoitusta tehdessä, vaikka sitä ei ilmoituksessa näytettäisikään. Tästä huolimatta numeroita on päätynyt huijareiden käsiin.

FBI Raids Chinese Point-of-Sale Giant PAX Technology

krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/ U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations.

FCC revokes license for China Telecom Americas amid national security concerns

therecord.media/fcc-revokes-license-for-china-telecom-americas-amid-national-security-concerns/ The U.S. Federal Communications Commission voted unanimously to revoke China Telecom Americas U.S. operating license on Tuesday, citing national security concerns. Among the reasons cited for the switch: China Telecom’s status as a subsidiary of a state-owned enterprise and the possibility that the company could provide a conduit for hackers intent on launching cyber attacks in this country.

Operation Secondary Infektion Impersonates Swedish Riksdag, Targets European Audiences

www.recordedfuture.com/operation-secondary-infektion-impersonates-swedish-riksdag/ Recorded Future’s Insikt Group has located an image of a photoshopped screenshot, purportedly from the website of the Swedish Riksdag (Parliament) and circulating on a Swedish-language forum website and among Ukrainian sources, claiming that Sweden and Ukraine look to join NATO as soon as possible. We believe that this is an effort to sow mistrust of Sweden’s political figures domestically, create uncertainty and false optimism among Ukrainians, and shape negative perceptions of NATO and Ukraine among Russian audiences. This campaign is highly likely an instance of the likely Russian state-sponsored information operation “Secondary Infektion”. Full analysis here:


Researcher cracked 70% of WiFi networks sampled in Tel Aviv

www.bleepingcomputer.com/news/security/researcher-cracked-70-percent-of-wifi-networks-sampled-in-tel-aviv/ A researcher has managed to crack 70% of a 5, 000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack.

Police arrest 150 dark web vendors of illegal drugs and guns

www.bleepingcomputer.com/news/security/police-arrest-150-dark-web-vendors-of-illegal-drugs-and-guns/ Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021. “At the time, German authorities arrested the marketplace’s alleged operator and seized the criminal infrastructure, providing investigators across the world with a trove of evidence, ” the Europol said today.

Protect your business from password sprays with Microsoft DART recommendations

www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/ Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to find new ways to detect these types of attacks and help protect its customers.

You might be interested in …

Daily NCSC-FI news followup 2021-08-24

Bahraini activists targeted with new iOS zero-click exploit therecord.media/bahraini-activists-targeted-with-new-ios-zero-click-exploit/ A new Citizen Lab investigation published today has revealed the existence of a new iOS zero-click exploit that has been abused since at least February this year to hack into the iPhones of several Bahraini activists and political dissidents. Citizen Lab, a political, human rights, and […]

Read More

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Daily NCSC-FI news followup 2021-08-18

Pimeään verkkoon ilmestyi kaikki Vastaamo-tiedot löytävä hakukone – “Kyseessä on joku, joka haluaa vahingoittaa” www.is.fi/digitoday/tietoturva/art-2000008200963.html PIMEÄN internetin Tor-verkkoon on ilmestynyt hakukone, joka mahdollistaa hakujen tekemisen koko Vastaamon potilastietokannasta. Tämä tarkoittaa sitä, että ihmisiä on mahdollista hakea tietokannasta esimerkiksi nimellä, paikkakunnalla tai postinumerolla. Hakukone näyttää haun jälkeen käyttäjälle Vastaamon asiakkaan terapiatiedot. F-Securen tutkimusjohtaja Mikko Hyppösen mukaan […]

Read More