Daily NCSC-FI news followup 2021-11-25

Saitko oudon tekstiviestin? Älä avaa linkkiä pankkitunnuksesi voivat vuotaa

www.iltalehti.fi/tietoturva/a/5df48e85-7b1c-4985-86bc-aca1205d359b Huijausviestejä lähettävä Flubot-kampanja oli erittäin aktiivinen viime kesänä Suomessa. Nyt näitä viestejä on jälleen alettu lähettää suomalaisille. Tekstiviestinä saapuvassa viestissä voidaan väittä, että vastaanottaja on saanut esimerkiksi ääniviestin, joka pyydetään kuuntelemaan viestissä olevan linkin kautta. Tätä linkkiä ei tule avata, sillä se johtaa huijaussivustolle, jonka yläkulmaan on sijoitettu logo, joka muuttuu vierailevan liittymän operaattorin perusteella.

Check Point Research discover vulnerabilities in smartphones chips embedded in 37% of smartphones around the world

blog.checkpoint.com/2021/11/24/check-point-research-discover-vulnerabilities-in-smartphones-chips-embedded-in-37-of-smartphones-around-the-world/ Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones from Xiaomi, Oppo, Realme, Vivo and more. In this study, we reverse-engineered the MediaTek audio DSP firmware and discovered several vulnerabilities that are accessible from the Android user space. The goal of our research was to find a way to attack the audio DSP from an Android phone.

Warning Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

thehackernews.com/2021/11/warning-hackers-exploiting-new-windows.html Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it “detected malware samples in the wild that are attempting to take advantage of this vulnerability.”

Android APT spyware, targeting Middle East victims, enhances evasiveness

news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/ Newly-discovered variants of an Android spyware that previously was attributed to an advanced persistent threat actor group called C-23 (also known as GnatSpy, FrozenCell, or VAMP). have incorporated new features into their malicious apps that make them more resilient to actions by users, who might try to remove them manually, and to security and web hosting companies that attempt to block access to, or shut down, their command-and-control server domains.

New Linux malware hides in cron jobs with invalid dates

www.bleepingcomputer.com/news/security/new-linux-malware-hides-in-cron-jobs-with-invalid-dates/ Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers.

Hackers target biomanufacturing with stealthy Tardigrade malware

www.bleepingcomputer.com/news/security/hackers-target-biomanufacturing-with-stealthy-tardigrade-malware/ An advanced hacking group is actively targeting biomanufacturing facilities with a new custom malware called ‘Tardigrade.’. The actor uses the custom malware to spread in compromised networks and exfiltrates data for extensive periods without being noticed. According to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) today, the actor has been actively targeting entities in the field since the Spring of 2021.

Threat actors find and compromise exposed services in 24 hours

www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/ Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.

How cybercriminals adjusted their scams for Black Friday 2021

www.bleepingcomputer.com/news/security/how-cybercriminals-adjusted-their-scams-for-black-friday-2021/ Black Friday is approaching, and cybercriminals are honing their malware droppers, phishing lures, and fake sites while shoppers prepare to open their wallets. As researchers at Kaspersky point out, scammers are already targeting people with fake tickets for the FIFA World Cup 2022. The security firm shared a detailed report highlighting the most common threats expected to surface during this year’s Black Friday, as well as the Christmas shopping season.

How Threat Actors Get Into OT Systems

www.darkreading.com/edge-articles/how-threat-actors-get-into-ot-systems The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Apple sues NSO Group to curb the abuse of state-sponsored spyware

www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/ Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

Apple Details How It Will Warn Victims Of State-Sponsored Attacks

www.forbes.com/sites/emmawoollacott/2021/11/25/apple-details-how-it-will-warn-victims-of-state-sponsored-attacks/ After filing suit against Israel’s NSO group, responsible for the Pegasus spyware used in state-sponsored surveillance schemes, Apple has released details of how it will alert users to the fact that they’ve been targeted. The alerts are aimed at individuals who may have been specifically picked out for anti-government activities. “These users are individually targeted because of who they are or what they do, ” the company warns.

Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries

therecord.media/israel-restricts-cyberweapons-export-list-by-two-thirds-from-102-to-37-countries/ The Israeli government has restricted the list of countries to which local security firms are allowed to sell surveillance and offensive hacking tools by almost two-thirds, cutting the official cyber export list from 102 to 37 entries.

You might be interested in …

Daily NCSC-FI news followup 2020-05-02

Scammers Using COVID-19/Coronavirus Lure to Target Medical Suppliers www.fortinet.com/blog/threat-research/scammers-using-covid-19-coronavirus-lure-to-target-medical-suppliers.html FortiGuard Labs has discovered a new malicious spearphishing campaign, once again using the COVID-19/Coronavirus pandemic as a lure. This latest email campaign targets a medical device supplier, wherein the attacker is inquiring about various materials needed to address the COVID-19 pandemic due to high demand for […]

Read More

Daily NCSC-FI news followup 2021-11-11

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access threatpost.com/critical-citrix-bug-etwork-cloud-app-access/176183/ The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances. HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/ HTML smuggling, a highly evasive malware delivery technique […]

Read More

Daily NCSC-FI news followup 2019-09-20

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite www.wired.com/story/air-force-defcon-satellite-hacking/ When the Air Force showed up at the Defcon hacker conference in Las Vegas last month, it didnt come empty-handed. It brought along an F-15 fighter-jet data systemone that security researchers thoroughly dismantled, finding serious vulnerabilities along the way. The USAF was […]

Read More