Daily NCSC-FI news followup 2022-01-17

Check Point Research issues Q4 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up personal data

blog.checkpoint.com/2022/01/17/dhl-replaces-microsoft-as-most-imitated-brand-in-phishing-attempts-in-q4-2021/ Our latest Brand Phishing Report for Q4 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals personal information or payment credentials during October, November and December 2021. In Q4, global logistics and distribution company DHL ended Microsofts long-standing reign as the brand most frequently imitated by cybercriminals in attempts to steal credentials or deploy malware via sophisticated phishing techniques. Twenty-three percent of all brand phishing attempts were related to DHL, up from just 9% in the previous quarter.

Finding hidden cameras with your smartphones ToF sensor

www.kaspersky.com/blog/finding-spy-cameras-with-smartphone/43391/ Spy cameras in rented apartments or hotel rooms: fact or fiction? Fact, unfortunately. In a quite recent case, a family from New Zealand, having rented an apartment in Ireland, discovered a hidden camera livestreaming from the living room. To spot a camera with the naked eye often requires X-ray vision, as it will almost certainly be carefully camouflaged. For those of us who arent Superman, there are special devices to help detect spy devices by electromagnetic radiation or Wi-Fi signal, but they are not standard travel items. And to get the most out of them you will need special skills or expert assistance.

Actions to take when the cyber threat is heightened

www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation. This guidance explains in what circumstances the cyber threat might change, andoutlines the steps an organisation can take in response to a heightened cyber threat.

The State of Credential Stuffing Attacks

securityintelligence.com/articles/credential-stuffing-attacks-2021/ Credential stuffing has become a preferred tactic among digital attackers over the past few years. As reported by Help Net Security, researchers detected 193 billion credential stuffing attacks globally in 2020. Financial services groups suffered 3.4 billion of those attacks. Thats an increase of more than 45% year over year in that sector. In H1 2021, fraudsters focused on digital accounts by breaking into existing user accounts or creating new accounts, per Business Wire. Nearly three in 10 of those attacks consisted of credential stuffing.

OP varoittaa kahdesta huijaus­viestistä: Älä tee mitään, mitä pyydetään

www.is.fi/digitoday/tietoturva/art-2000008545292.html OP-PANKKI varoittaa huijausviesteistä, joita on liikkeellä kahdentyyppisiä. Ensimmäisessä, säikyttämään pyrkivässä huijaustyypissä väitetään, että tililtä on lähdössä maksu yksityishenkilölle. Tätä huijausta nähtiin jo noin puolitoista viikkoa sitten. Toisessa huijauksessa pyydetään aktivoimaan mobiilipalvelu turvalliseen asiointiin vedoten.

Yritykset harjoittelevat yhdessä kybervarautumista varten ehdotettu myös koodarien iskuryhmää

www.tivi.fi/uutiset/tv/70e5b613-8218-4666-aa1a-51ccd5c0369d Huoltovarmuuskeskuksen ylläpitämässä Digipoolissa yritykset harjoittelevat varautumista kyberhäiriötilanteisiin ja jakavat aiheesta tietoa keskenään. Digipooli on joukko vapaaehtoisesti mukana olevia huoltovarmuuskriittisiä yrityksiä, kuten Suomen suurimpia it-taloja sekä toimijoita esimerkiksi kaupan ja energiatuotannon alalta. Tällä hetkellä yrityksiä on poolissa noin 60.

What We Know and Dont Know about the Cyberattacks Against Ukraine

zetter.substack.com/p/what-we-know-and-dont-know-about Last week dozens of government agencies in Ukraine were targeted in a web site defacement campaign in which hackers replaced their main web page with a politically charged message. Although the message asserted that the hackers had also stolen data from the agencies, the government was quick to announce that data had not been stolen. Over the weekend, however, Microsoft announced that it detected destructive wiper malware on the systems of dozens of government entities in Ukraine including some whose web sites were defaced.

EU Targets Fictitious Finnish Power Company in Cyberattack Test

www.bloomberg.com/news/articles/2022-01-15/eu-targets-fictitious-finnish-power-company-in-cyberattack-test The European Union began testing its cyber-defense responsiveness on Friday with a simulated attack on a fictitious Finnish power company as the bloc seeks to strengthen its digital defenses amid concern about a potential attacks. The start of the cyber exercise came the same day Ukraine fell victim to an actual attack that brought down around 70 government websites.

Cyber espionage campaign targets renewable energy companies

www.bleepingcomputer.com/news/security/cyber-espionage-campaign-targets-renewable-energy-companies/ A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide. The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions.

Same-origin violation vulnerability in Safari 15 could leak a users website history and identity

portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity The issue was introduced in Safaris implementation of the IndexedDB API in its latest offering, version 15. IndexedDB is a browser API for client-side storage designed to hold significant amounts of data. To prevent data leaks from cross-site scripting (XSS) attacks, IndexedDB follows the same-origin policy, controlling which resources can access each piece of data.

Earth Lusca threat actor targets governments and cryptocurrency companies alike

therecord.media/earth-lusca-threat-actor-targets-governments-and-cryptocurrency-companies-alike/ Cybersecurity researchers said they discovered a Chinese cyber-espionage group that, besides spying on strategic targets, also dabbled in financially-motivated attacks for their own profits. Named Earth Lusca, the group has spent the past years spying on targets that could be considered of interest to the Chinese government.

Log4Shell Attacks Getting “Smarter”

isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Ever since news of the Log4Shell vulnerability broke, we saw a stream of attacks attempting to exploit this vulnerability in log4j (CVE-2021-44228). Initial attempts where rather “blunt”, and attempted to insert the JNDI exploit string into various fields without much concern how and where the string may be logged. More recently, we did some however some more specific exploits targeting specific software configurations. Most notably, exploit have been released for Unifi’s network controller and VMWare.

eNom data center migration mistakenly knocks sites offline

www.bleepingcomputer.com/news/security/enom-data-center-migration-mistakenly-knocks-sites-offline/ A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours. Customers started to complain that they could no longer access their websites and emails due to Domain Name System (DNS) issues.

2G’s security weaknesses are still a problem, even for modern phones

www.zdnet.com/article/2gs-security-weaknesses-are-still-a-problem-even-for-modern-phones/ Google recently added an option to switch off insecure 2G connectivity in Android smartphone modems, a move that has been welcomed by digital civil liberties group the Electronic Frontier Foundation (EFF). It applauded Google for adding the new setting in Android 12 and has now called on Apple to implement the feature, too. 2G is an early digital cellular network standard that emerged in the early 1990s, when Nokia still ruled mobile. As EFF notes, 2G was developed when standards bodies didn’t account for threats like rogue cell towers or the need for strong encryption.

Zoho patches new critical authentication bypass in Desktop Central

www.bleepingcomputer.com/news/security/zoho-patches-new-critical-authentication-bypass-in-desktop-central/ Zoho has addressed a new critical severity vulnerability that affects the company’s Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. ManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.

You might be interested in …

Daily NCSC-FI news followup 2021-04-07

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/ During the first day of Pwn2Own 2021, contestants won $440, 000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

[NCSC-FI News] CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. Source: Read More (NCSC-FI daily news followup)

Read More