Daily NCSC-FI news followup 2021-12-05

Malicious Excel XLL add-ins push RedLine password-stealing malware

www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/ Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP credentials and files from an infected device. In addition to stealing data, RedLine can execute commands, download and run further malware, and create screenshots of the active Windows screen. All of this data is collected and sent back to the attackers to be sold on criminal marketplaces or used for other malicious and fraudulent activity.

Microsoft phishing uses fake Office 365 spam alerts

www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/Convincing A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.

New Twitter phishing campaign targets verified accounts

www.bleepingcomputer.com/news/security/new-twitter-phishing-campaign-targets-verified-accounts/ A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter’s recent removal of the checkmarks from a number of verified accounts, citing that these were ineligible for the legendary status, and were verified in error.

OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe

www.xda-developers.com/oneplus-nord-2-vulnerability-root-shell/ OnePlus might have cemented its name among the major Android OEMs, but its phones are no stranger to security flaws. This time, the company has left a rather interesting (read: worrying) vulnerability unpatched on the OnePlus Nord 2 since its release. Although exploiting the loophole requires physical access to the device, the attacker can effectively gain an unrestricted root shell before the user can even enter their credentials. Notably, the newly released Pac-Man edition of the Nord 2 is affected as well.

Apple AirTags being used by thieves to track high-end cars to steal

arstechnica.com/cars/2021/12/apple-airtags-being-used-by-thieves-to-track-high-end-cars-to-steal/ When Apple debuted its new AirTag tracker earlier this year, part of our review focused on the privacy implications of the device. We called the device “a rare privacy misstep from Apple.” This week, Canadian police announced that car thieves have been using AirTags to track vehicles they want to steal.

Setting app permissions in iOS 15

www.kaspersky.com/blog/ios-15-permissions-guide/43041/ With each version of iOS, we’ve seen developers try to protect user data better. However, the core principle remains unchanged: You, the user, gets to decide what information to share with which apps. With that in mind, we’ve put together an in-depth review of app permissions in iOS 15 to help you decide which requests to allow and which to deny.

The Fall of a Russian Cyberexecutive Who Went Against the Kremlin

www.bloomberg.com/news/features/2021-12-03/who-is-ilya-sachkov-russian-cyber-ceo-linked-to-2016-election-fancy-bear-leaks Ilya Sachkov, who’s been charged with treason in Russia, is alleged to have given the U.S. information about the “Fancy Bear” operation that sought to influence the U.S. election.

Kun hakkerointi vaati sukeltamista: amerikkalaiset vakoilivat Neuvostoliiton puhelinkaapelin valtameren pohjassa

www.tivi.fi/uutiset/tv/a73d1dc9-3055-4b56-a9d3-4289747e67f5 Vedenalaisten kaapelien salakuuntelu alkoi yli 50 vuotta sitten.

You might be interested in …

Daily NCSC-FI news followup 2021-09-22

Russian state hackers use new TinyTurla malware as secondary backdoor www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Security researchers at Cisco Talos say that TinyTurla is a […]

Read More

Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts? securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in […]

Read More

Daily NCSC-FI news followup 2021-04-07

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/ During the first day of Pwn2Own 2021, contestants won $440, 000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the […]

Read More