Daily NCSC-FI news followup 2021-10-29

Google Chrome is Abused to Deliver Malware as Legit’ Win 10 App

threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/ Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

Hive ransomware now encrypts Linux and FreeBSD systems

www.bleepingcomputer.com/news/security/hive-ransomware-now-encrypts-linux-and-freebsd-systems/ The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.

Pink, a botnet that competed with the vendor to control the massive infected devices

blog.netlab.360.com/pink-en/ Pink is the largest botnet we have first hand observed in the last six years, during peak time, it had a total infection of over 1.6 million devices (96% are located in China) Pink targets mainly mips based fiber router, and has very strong and robust architecture

AFP confiscates AU$1.7m from Sydney man who stole Netflix, Spotify, Hulu accounts

www.zdnet.com/article/afp-confiscates-au1-7m-from-sydney-man-who-stole-netflix-spotify-hulu-accounts/ A Sydney man will face over two years in prison for stealing thousands of log-ins and passwords for online subscription services.

Schreiber Foods back to normal after ransomware attack shuts down milk plants

www.zdnet.com/article/schreiber-foods-back-to-normal-after-ransomware-attack-shut-down-milk-plants/ Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack took down their systems earlier last weekend.

Google fixes 15th and 16th Chrome zero-day this year

therecord.media/google-fixes-15th-and-16th-chrome-zero-day-this-year/ Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.

Europol detains suspects behind LockerGoga, MegaCortex, and Dharma ransomware attacks

therecord.media/europol-detains-suspects-behind-lockergoga-megacortex-and-dharma-ransomware-attacks/ Europol said it detained 12 suspects this week it believes were part of a professional criminal group that orchestrated a long string of ransomware attacks that targeted large companies and which hit more than 1, 800 victims across 71 countries since 2019. also:

www.europol.europa.eu/newsroom/news/12-targeted-for-involvement-in-ransomware-attacks-against-critical-infrastructure. also:


TrickBot malware dev extradited to U.S. faces 60 years in prison

www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/ A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison.

Laajoista kansalaisia koskevista tietoturvahäiriöistä ja -tilanteista tiedotetaan 112 Suomi -sovelluksen avulla

www.epressi.com/tiedotteet/tietoturva/laajoista-kansalaisia-koskevista-tietoturvahairioista-ja-tilanteista-tiedotetaan-112-suomi-sovelluksen-avulla.html Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus kertoo jatkossa laajoista kansalaisia koskevista tietoturvahäiriöistä ja -tapahtumista myös 112 Suomi -mobiilisovelluksessa.

You might be interested in …

Daily NCSC-FI news followup 2020-08-26

Reverse Engineering and observing an IoT botnet www.gdatasoftware.com/blog/2020/08/36243-reverse-engineering-and-observing-an-iot-botnet IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer an attacker a variety of possibilities to attack companies or households. The possibilities are endless. If we think […]

Read More

Daily NCSC-FI news followup 2021-10-23

Popular NPM library hijacked to install password-stealers, miners www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/ Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. The UA-Parser-JS library is used to parse a browser’s user agent to identify a visitor’s browser, engine, OS, […]

Read More

Daily NCSC-FI news followup 2021-11-08

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as […]

Read More