Daily NCSC-FI news followup 2022-01-23

Dutch cybersecurity agency warns of lingering Log4j risks

www.bleepingcomputer.com/news/security/dutch-cybersecurity-agency-warns-of-lingering-log4j-risks/ In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats. Even though the aftermath of recent incidents connected to Log4Shell exploitation was “not too bad” because many organizations have acted quickly to mitigate these critical vulnerabilities, the NCSC says that threat actors are most likely still planning to breach new targets.

FAA sets rules for some Boeing 787 landings near 5G service

techxplore.com/news/2022-01-faa-boeing-5g.html Federal safety officials are directing operators of some Boeing planes to adopt extra procedures when landing on wet or snowy runways near impending 5G service because, they say, interference from the wireless networks could mean that the planes need more room to land.

European Parliament uses Google Analytics, which is illegal in the EU (Handelsblatt)

catless.ncl.ac.uk/Risks/33/03/#subj5 Data of European citizens may not be stored in the USA without further considerations. This is stated in a ruling by the European Court of Justice (ECJ) from the summer of 2020. However, many companies violate this requirement on a daily basis, as does the European Parliament. Parliament had installed cookies from Google Analytics and the payment service provider Stripe on its website. Alkuperäinen (saksaksi):

www.handelsblatt.com/politik/international/dsgvo-europaparlament-missachtet-datenschutz-warnung-an-unternehmen/27964838.html

FBI warns of malicious QR codes used to steal your money

www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/ The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control. After the victims scan what looks like legitimate codes, they get sent to attackers’ phishing sites, where they are prompted to enter their login and financial info. Once entered, it gets sent to the cybercriminals who can use it to steal money using hijacked banking accounts.

Rikollisilla uusi suosikki huijaus tulee yleensä näiden firmojen nimissä

www.is.fi/digitoday/art-2000008555667.html KULJETUSYHTIÖ DHL nousi lokajoulukuussa 2021 eniten hyödynnetyksi tuotemerkiksi rikollisten kalastellessa uhrien henkilö- tai pankkitietoja. Asiaa selvitti tietoturvayhtiö Check Point julkaisemassaan Brand Phishing -raportissa. 23 prosenttia kaikista brändiväärennöksistä käytti DHL:n nimeä. DHL ohitti huijarien aiemman suosikin Microsoftin, jota käytettiin 20 prosentissa väärennöksiä. Kaksikolla on selvä pesäero listan kolmanteen, WhatsAppiin, joka esiintyi 11 prosentissa väärennöksiä. DHL ei ole yllättävä nimi listan kärjessä. Yrityksen nimissä on huijattu ahkerasti myös Suomessa pitkin viime vuotta. Esimerkiksi FluBot-haittaohjelman levittäjät turvautuivat DHL:n brändiin. Alkup.

www.checkpoint.com/press/2022/dhl-replaces-microsoft-as-most-imitated-brand-in-phishing-attempts-in-q4-2021/

Microsoft turns off Excel 4.0 macros by default, because they’re mostly used for malware

www.xda-developers.com/microsoft-excel-4-0-macros-disabled/ XLM macros are disabled by default in Excel version 16.0.14527.20000 and newer, which rolled out in October in the Current Channel and December in the Monthly Enterprise Channel. The Semi-Annual Enterprise Channel (Preview) and Semi-Annual Enterprise Channel will receive the change in March and July, respectively.

Mixed VBA & Excel4 Macro In a Targeted Excel Sheet

isc.sans.edu/diary/Mixed+VBA+%26+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264 Yesterday, Nick, one of our readers, shared with us a very interesting Excel sheet and asked us to check if it was malicious. Guess what? Of course, it was and he accepted to be mentioned in a diary. Thanks to him! This time, we also have the context and how the file was used. It was delivered to the victim and this person was called beforehand to make it more confident with the file. A perfect example of social engineering attack. The Excel sheet contains details of a real-estate project. The Excel sheet is called “Penthouse_8271.xls” and, once opened, you see this..

Dark Souls 3 players risk having their PC bricked if they play online

www.dexerto.com/gaming/dark-souls-3-players-risk-having-their-pc-bricked-if-they-play-online-1746144/ However, on January 22, 2022, it was discovered that a new exploit could potentially affect PC players who are connected to the internet while playing. Basically, it can turn DS 3 into a Trojan Horse virus vulnerable to malicious hackers.

You might be interested in …

[NCSC-FI News] The Email Bait and Phish: Instagram Phishing Attack

Mixing business with pleasure is seen as a negative for a few reasons that many people know well, but there is another important reason you may not be aware of two words: credential phishing Take caution when using business credentials to login across multiple apps; especially social apps that cross over into personal use. The […]

Read More

[NCSC-FI News] Five zero days affecting Aethon hospital autonomous robots patched

Multibillion-dollar engineering firm ST Engineering said it has patched five zero day vulnerabilities affecting its Aethon TUG autonomous mobile robots, devices that are now used widely in hospitals across the world. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2021-08-27

Big bad decryption bug in OpenSSL but no cause for alarm nakedsecurity.sophos.com/2021/08/27/big-bad-decryption-bug-in-openssl-but-no-cause-for-alarm/ The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. OpenSSL, as its name suggests, is mainly used by network software that uses the TLS protocol (transport layer security), formerly known as SSL (secure sockets layer), to protect data […]

Read More