Daily NCSC-FI news followup 2021-11-05

Malware found in coa and rc, two npm packages with 23M weekly downloads

therecord.media/malware-found-in-coa-and-rc-two-npm-packages-with-23m-weekly-downloads/ The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware. Both packages were compromised around the same time and were the result of attackers gaining access to a package developer’s account. “The compromised [developer] account has been temporarily disabled and we are actively investigating the incident and monitoring for similar activity, ” the npm team said on Thursday, shortly after detecting the coa compromise following a wave of reports about failed builds. Since then, the npm security team has removed all the compromised coa and rc versions to prevent developers from accidentally infecting themselves.

Action needed by self-managed customers in response to CVE-2021-22205

about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/ CVE-2021-22205 is a critical severity vulnerability (CVSS 10.0) that is a result of improper validation of image files by a 3rd-party file parser Exif-Tool, resulting in a remote command execution vulnerability that can lead to the compromise of your GitLab instance. This issue was remediated and patched in the GitLab 13.10.3, 13.9.6, and 13.8.8 release from April 14, 2021. We have confirmed reports of the vulnerability being exploited on self-hosted public-facing GitLab instances. GitLab.com users are not affected.

Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice

www.state.gov/reward-offers-for-information-to-bring-darkside-ransomware-variant-co-conspirators-to-justice/ The U.S. Department of State announces a reward offer of up to $10, 000, 000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group. In addition, the Department is also offering a reward offer of up to $5, 000, 000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.

FBI: Ransomware gangs hit several tribal-owned casinos in the last year

www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hit-several-tribal-owned-casinos-in-the-last-year/ The FBI’s Cyber Division said in a private industry notification issued earlier this week that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems. These attacks are part of a long series of similar incidents going back to 2016, with damages estimated in the millions of dollars in recent months.

LähiTapiola maksaa taitavalle hakkerille jopa 50 000 dollarin palkkion [TILAAJILLE]

www.kauppalehti.fi/uutiset/lahitapiola-maksaa-taitavalle-hakkerille-jopa-50000-dollarin-palkkion/8a40c7fe-89a7-4e35-b476-631c8c167efe Vakuutusyhtiö LähiTapiola on hyväntahtoisten hakkereiden ystävä. Sillä on jatkuvasti pyörivä Bug Bounty -ohjelma, joka kannustaa hakkereita etsimään tietoturva-aukkoja yhtiön järjestelmistä. Palkkion suuruus vaihtelee viiden- ja viidenkymmenentuhannen dollarin välillä. Palkkio on sitä suurempi, mitä vakavamman haavoittuvuuden hakkeri löytää. “Tämä on vähän kuin Afrikan savannilla”, Niemelä sanoo. “Jos leijona tulee ja lähtee gnulauman perään, emme me ainakaan viimeisiä ole, niitä jotka jäävät kiinni. Pitää olla siellä edustassa, että se leijona ei saa meitä kiinni, vaan nappaa heikomman. Rikolliset keskittyvät helppoihin kohteisiin, ei niihin, jotka suojautuvat.”

Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents

www.darkreading.com/attacks-breaches/new-lure-impersonates-popular-amazon-brand-and-combines-email-phishing-with-a-voice-scam- A new multistage phishing campaign spoofs Amazon’s order notification page and includes a phony customer service voice number where the attackers request the victim’s credit card details to correct the errant “order.”

Beijing fingers foreign spies for data mischief, with help from consulting firm

www.theregister.com/2021/11/05/china_claims_foreign_spies_stole_data/ Chinese media wonders why it hasn’t been reported in the West – hang on, you’re reading this…

Hackers are stealing data today so quantum computers can crack it in a decade

www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/ The US government is starting a generation-long battle against the threat next-generation computers pose to encryption.

Tuliko sinullekin sähköposti Googlelta? Se kannattaa lukea tarkasti

www.is.fi/digitoday/tietoturva/art-2000008384255.html GOOGLE tekee merkittävän muutoksen lukuisiin käyttäjätileihin lähiaikoina. Yhtiö ottaa kaksivaiheisen tunnistuksen automaattisesti käyttöön näillä tileillä ja on lähettänyt asiasta sähköpostia muutoksen piirissä oleville käyttäjilleen. Sähköpostin otsikko alkaa sanoin “Kirjautumistapasi muuttuu…”.

Positive Technologies says US sanctions had little or no effect on its business

therecord.media/positive-technologies-says-us-sanctions-had-little-or-no-effect-on-its-business/ Russian cybersecurity firm Positive Technologies said on Thursday that it is not concerned about the recent sanctions announced by the US government earlier this week, as the previous US sanctions did not have any “significant impact” on its operations.

[New research] SSL certificates could be leaking company secrets

blog.detectify.com/2021/11/04/new-research-are-ssl-certificates-leaking-company-secrets/ SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organisation potentially leaking confidential information and creating new entry points for attackers.

Rahanpesuskandaali ravistelee Twitchiä mukana tuhansia striimaajia?

www.tivi.fi/uutiset/tv/dfe9a64a-98bf-41bb-a4fd-5dde26be15c5 Luottokorttitietoja varastaneet hakkerit ovat hyödyntäneet Twitch-striimaajia rahanpesuoperaatiossaan.

151:stä Play-kaupan sovelluksesta löytyi kavala vaara ladattu yli 10 miljoonaa kertaa

www.is.fi/digitoday/mobiili/art-2000008381959.html ANDROIDIN virallisesta sovelluskaupasta Google Playsta on poistettu tämän vuoden kuluessa jo 151 samaan kampanjaan kuuluvaa sovellusta, jotka yrittivät panna uhrinsa maksamaan kalliista tekstiviestipalveluista. Asiasta kertoo tietoturvayhtiö Avast, joka kutsuu haittakampanjaa nimellä UltimaSMS.

You might be interested in …

Daily NCSC-FI news followup 2020-01-16

APT40 is run by the Hainan department of the Chinese Ministry of State Security intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/ Either a Hainan intelligence officer has a side-hustle running a business empire of at least 13 fast-growing, high-tech information security companies, and that business empire has a side-hustle recruiting people with knowledge of the languages spoken in APT40 target countries […]

Read More

Daily NCSC-FI news followup 2020-11-07

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Lisäksi: www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/ New Pay2Key ransomware encrypts networks within one […]

Read More

Daily NCSC-FI news followup 2021-07-11

Chinas Great Firewall is blocking around 311k domains, 41k by accident therecord.media/chinas-great-firewall-is-blocking-around-311k-domains-41k-by-accident/ In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of Chinas Great Firewall internet censorship capabilities. In a research project that lasted nine months, from April to […]

Read More