Daily NCSC-FI news followup 2021-11-16

Google Chrome 96 breaks Twitter, Discord, video rendering and more

www.bleepingcomputer.com/news/google/google-chrome-96-breaks-twitter-discord-video-rendering-and-more/ Google Chrome 96 was released yesterday, and users are reporting problems with Twitter, Discord, and Instagram caused by the new version.

UK Covid App Goes Offline

www.pandasecurity.com/en/mediacenter/technology/uk-covid-app-goes-offline/ People are now hugely reliant on their Covid passports. So when NHS England experienced a system outage, app users experienced some serious problems. Travellers could not check in for their flights at airports, and others were turned away from venues demanding proof at the entrance.

Evolving trends in Iranian threat actor activity MSTIC presentation at CyberWarCon 2021

www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/ Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. . At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled The Iranian evolution: Observed changes in Iranian malicious network operations.

Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes

sysdig.com/blog/muhstik-malware-botnet-analysis/ Malware is continuously mutating, targeting new services and platforms. The Sysdig Security Research team has identified the famous Muhstik Botnet with new behavior, attacking a Kubernetes Pod with the plan to control the Pod and mine cryptocurrency.

New secret-spilling hole in Intel CPUs sends company patching (again)

arstechnica.com/gadgets/2021/11/intel-releases-patch-for-high-severity-bug-that-exposes-a-cpus-master-key/ Researchers figure out how to obtain the “fuse encryption key” unique to each CPU.

Facebook says hackers in Pakistan targeted Afghan users amid government collapse

www.reuters.com/world/asia-pacific/exclusive-facebook-says-hackers-pakistan-targeted-afghan-users-amid-government-2021-11-16/ Hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Taliban’s takeover of the country, the company’s threat investigators said in an interview with Reuters.

WordPress sites are being hacked in fake ransomware attacks

www.bleepingcomputer.com/news/security/wordpress-sites-are-being-hacked-in-fake-ransomware-attacks/ A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.

NPM fixes private package names leak, serious authorization bug

www.bleepingcomputer.com/news/security/npm-fixes-private-package-names-leak-serious-authorization-bug/ The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently.

Uusi huijaus: Uhri höynäytetään soittamaan rikollisille ja sitten tapahtuu ikäviä

www.is.fi/digitoday/tietoturva/art-2000008408726.html Huijauksessa on samoja piirteitä kuin suomalaisille tutuissa teknisen tuen huijauksissa.

Ghostwriter Looks Like a Purely Russian OpExcept It’s Not

www.wired.com/story/ghostwriter-hackers-belarus-russia-misinformationo/ Security researchers have found signs that the pervasive hacking and misinformation campaign comes not from Moscow but from Minsk.

Spotify, Discord, and others are coming back online after a brief Google Cloud outage

www.theverge.com/2021/11/16/22785599/google-cloud-outage-spotify-discord-snapchat-google-cloud A Google Cloud networking issue made a mess of the internet for a moment

Adult cam site StripChat exposes the data of millions of users and cam models

therecord.media/adult-cam-site-stripchat-exposes-the-data-of-millions-of-users-and-cam-models/ StripChat, one of the internets top 5 adult cam sites, has suffered a security breach and has leaked the personal data of millions of users and adult models.

Miksi suomalaiset eivät opi? Nettihuijareiden saama saalis kipuaa tänä vuonna ennätykseen tuhansilta suomalaisilta on viety jo 33 miljoonaa euroa

yle.fi/uutiset/3-12189926 Poliisihallituksen tietojen mukaan suomalaiset ovat menettäneet nettihuijaireille varojaan jo 33 miljoonan euron verran. Huijareiden ansoihin on langennut etenkin ikäihmisiä, mutta myös nuoria aikuisia. Jotkut ovat menettäneet koko omaisuutensa.

Tässä 7 yleistä huijausta varoita läheisiäsi

www.iltalehti.fi/tietoturva/a/dbe81c49-ff61-4c77-9ec9-c624b10ab16f Verkkopankkitunnuksia kalastellaan yhä aktiivisesti.

The self-driving smart suitcase that the person behind you can hijack!

nakedsecurity.sophos.com/2021/11/16/the-self-driving-smart-suitcase-that-the-person-behind-you-can-hijack/

Identifying Pompompurin: Attribution of the hacker behind the FBI email hoax

shadowbyte.com/blog/2021/pompompurin-fbi-email-hack/

Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

securityintelligence.com/posts/zero-day-discovered-enterprise-help-desk/

You might be interested in …

Daily NCSC-FI news followup 2021-04-30

DarkPath scam group loses 134 domains impersonating the WHO therecord.media/darkpath-scam-group-loses-134-domains-impersonating-the-who/ United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath. Group-IB told The Record that after notifying the UN’s International Computing Centre, they worked with “a wide network of regulators […]

Read More

Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more […]

Read More

Daily NCSC-FI news followup 2019-09-11

Ryuk Related Malware Steals Confidential Military, Financial Files www.bleepingcomputer.com/news/security/ryuk-related-malware-steals-confidential-military-financial-files/ A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. Microsoft to Improve Office 365 Phishing Email Notifications www.bleepingcomputer.com/news/security/microsoft-to-improve-office-365-phishing-email-notifications/ Microsoft is currently working on enhancing the notification system for quarantined malware […]

Read More