Daily NCSC-FI news followup 2021-10-27

Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains

therecord.media/free-decrypters-released-for-atomsilo-babuk-and-lockfile-ransomware-strains/ Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strainsAtomSilo, Babuk, and LockFile. The AtomSilo and LockFile decrypters are being offered as one single download because of the similarities between the two ransomware strains.

Babuk ransomware decryptor released to recover files for free

www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/ Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free. According to Avast Threat Labs, the Babuk decryptor was created using leaked source code and decryption keys.

Workers sent home after ransomware attack on major automotive parts manufacturer

therecord.media/workers-sent-home-after-ransomware-attack-on-major-automotive-parts-manufacturer/ German multinational company Eberspächer Group has sent a part of its factory workforce home on paid leave while its management and IT teams are dealing with a ransomware attack that crippled its IT systems over the weekend. The Eberspächer Group currently employs more than 10, 000 workers, operates production plants in 80 locations across 28 countries, and is known for building air conditioning, heating, and exhaust systems, which it supplies to almost all of today’s top car brands.

Ransomware gang claims attack on NRA

therecord.media/ransomware-gang-claims-attack-on-nra/ The operators of the Grief ransomware have listed today the US National Rifle Association (NRA) as a victim of one of their attacks. The organization’s name was listed on a dark web portal, often called a “leak site, ” where the Grief gang typically lists companies they infected and which haven’t paid their ransom demands.

Spammers use Squirrelwaffle malware to drop Cobalt Strike

www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/ A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. The new malware tool spreads via spam campaigns dropping Qakbot and Cobalt Strike in the most recent campaigns.

Hackers arrested for infiltrating’ Ukraine’s health database

www.bleepingcomputer.com/news/security/hackers-arrested-for-infiltrating-ukraine-s-health-database/ The Security Service of Ukraine (SSU) has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine (NHSU) and entered false vaccination entries for other people. The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3, 000 hryvnias ($114).

Nightmare Email Attacks (and Tips for Blocking Them)

www.paloaltonetworks.com/blog/2021/10/email-attacks-mitigation-tips/ This type of attack is known as a business email compromise, or BEC. Each year, Unit 42 security consultants spend thousands of hours on BEC investigations, combing through logs to identify unauthorized activity, determine how unauthorized access occurred and find security gaps that need to be addressed.

Cyber-attack hits UK internet phone providers

www.bbc.com/news/technology-59053876 An “unprecedented” and co-ordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body. Industry body Comms Council UK said several of its members had been targeted by distributed denial of service (DDoS) attacks in recent weeks.

Twitter employees required to use security keys after 2020 hack

www.bleepingcomputer.com/news/security/twitter-employees-required-to-use-security-keys-after-2020-hack/ Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year’s hack. “Over the past year, we’ve accelerated efforts to increase the use of security keys to prevent phishing attacks, ” they said.

Top 5 Cloud Native Security Challenges

blog.checkpoint.com/2021/10/27/top-5-cloud-native-security-challenges/ As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints, to compliance fines and new threats of attack. Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials. While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. In this blog, we’ll look at the top 5 cloud native security challenges and briefly cover ways to mitigate risk.

Multiple vulnerabilities in Apple iOS 14 and iPadOS 14 prior to iOS 14.8.1 and iPadOS 14.8.1

support.apple.com/en-us/HT212868 Update available to iOS and iPadOS, update to 14.8.1

Multiple vulnerabilities in Apple iOS 15 and iPadOS 15 prior to iOS 15.1 and iPadOS 15.1

support.apple.com/en-us/HT212867 Update available to iOS and iPadOS, update to 15.1

You might be interested in …

Daily NCSC-FI news followup 2020-01-25

Kyberhäiriötilanteisiin kannattaa valmistautua jo etukäteen varautumista koskevat suositukset ja sääntely koottiin yhteen www.epressi.com/tiedotteet/tietoturva/kyberhairiotilanteisiin-kannattaa-valmistautua-jo-etukateen-varautumista-koskevat-suositukset-ja-saantely-koottiin-yhteen.html Huoltovarmuusorganisaation Digipooli ja Tietoliikenteen ja tietotekniikan keskusliitto FiCom ry ovat julkaisseet suositukset kyberturvallisuudestaan huolehtiville yrityksille sekä IT- ja tietoturvapalveluiden tarjoajille. Suosituksia tarjoillaan kolmeen vaiheeseen: ennen sopimista, palvelun ylläpidossa ja häiriötilanteissa huomioitaviin asioihin. Does Your Domain Have a Registry Lock? krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/ Hackers target […]

Read More

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. = Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even […]

Read More