Ulkoministeriö on saanut selvitettyä siihen kohdistuneen vakoilutapauksen
um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerio-on-saanut-selvitettya-siihen-kohdistuneen-vakoilutapauksen Suomalaisiin diplomaatteihin on kohdistettu kybervakoilua paljon julkisuutta saaneella NSO Groupin Pegasus -vakoiluhaittaohjelmalla. Kyseessä on erittäin kehittynyt haittaohjelma, joka on pystytty tuomaan käyttäjän Apple- tai Android-puhelimeen hänen huomaamattaan ja ilman käyttäjän toimenpiteitä. Vakoiluohjelma on voinut mahdollistaa hyvin laajasti puhelimessa olevan tiedon ja sen . ominaisuuksien hyväksikäytön. Myös www.hs.fi/kotimaa/art-2000008573488.html
Threat actor of in-Tur-est
www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/threat-actor-of-in-tur-est.html Our journey began when hunting for newly registered domains with TLS certificates that use the term qov, spoofing the legitimate term gov. Spoofing the word gov has previously been a favoured technique of several unrelated threat actors, such as Blue Athena (a.k.a. Sofacy, APT28)1. On 31st January 2021, we observed the subdomain mail[.]mod[.]qov[.]rs being used to phish for . Serbian Ministry of Defence credentials. The phishing page shown in Figure 1 when visited not only logged credentials, but logged visits to the phishing page itself.
Microsoft Outlook RCE zero-day exploits now selling for $400,000
www.bleepingcomputer.com/news/security/microsoft-outlook-rce-zero-day-exploits-now-selling-for-400-000/ The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook. An RCE in an email client would grant attackers access to all available accounts.
Popular apps left biometric data, IDs of millions of users in danger
cybernews.com/security/popular-apps-left-biometric-data-ids-of-millions-of-users-in-danger/ Service providers using Onfido, an identification verification (IDV) service, let a major flaw in their security go unchecked, in the form of an exposed admin token that potentially left app users biometric data exposed. Using this safety gap, threat actors could have downloaded personally identifiable information (PII), including copies of client-submitted IDs, passports, and driver’s licenses.
BlackCat ransomware targeting US, European retail, construction and transportation orgs
www.zdnet.com/article/blackcat-ransomware-targeting-us-european-retail-construction-and-transportation-orgs/ Palo Alto said that as of December 2021, BlackCat has the 7th largest number of victims listed on their leak site among ransomware groups that Unit 42 tracks.
After Russian Arrests, REvil Activity Persists
blog.reversinglabs.com/blog/after-russian-arrests-revil-rolls-on Almost two weeks after Russian authorities orchestrated high profile arrests of cyber criminals affiliated with the notorious ransomware group, there has been little change in the availability of malicious files and implants associated with the group, ReversingLabs data shows. Also
krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/
Finland warns of Facebook accounts hijacked via Messenger phishing
www.bleepingcomputer.com/news/security/finland-warns-of-facebook-accounts-hijacked-via-messenger-phishing/ Finland’s National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims’ friends in Facebook Messenger chats.
Hackers are taking over CEO accounts with rogue OAuth apps
www.bleepingcomputer.com/news/security/hackers-are-taking-over-ceo-accounts-with-rogue-oauth-apps/ Threat analysts have observed a new campaign named OiVaVoii, targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.
Merirosvot iskevät nyt laivojen ja satamien sähköisiin järjestelmiin kyberpiraatit pystyvät sekoittamaan koko maailmankaupan
yle.fi/uutiset/3-12292088 Kyberhyökkäykset ovat kasvava uhka kansainväliselle merenkululle. Asialla on perinteisiä merirosvoja ja muita rikollisia, mutta myös valtioita, joilla on poliittisia tavoitteita.
Ulkoministeriö on saanut selvitettyä siihen kohdistuneen vakoilutapauksen
um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/ulkoministerio-on-saanut-selvitettya-siihen-kohdistuneen-vakoilutapauksen Suomalaisiin diplomaatteihin on kohdistettu kybervakoilua paljon julkisuutta saaneella NSO Groupin Pegasus -vakoiluhaittaohjelmalla. Kyseessä on erittäin kehittynyt haittaohjelma, joka on pystytty tuomaan käyttäjän Apple- tai Android-puhelimeen hänen huomaamattaan ja ilman käyttäjän toimenpiteitä. Vakoiluohjelma on voinut mahdollistaa hyvin laajasti puhelimessa olevan tiedon ja sen . ominaisuuksien hyväksikäytön. Myös www.hs.fi/kotimaa/art-2000008573488.html
Threat actor of in-Tur-est
www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/threat-actor-of-in-tur-est.html Our journey began when hunting for newly registered domains with TLS certificates that use the term qov, spoofing the legitimate term gov. Spoofing the word gov has previously been a favoured technique of several unrelated threat actors, such as Blue Athena (a.k.a. Sofacy, APT28)1. On 31st January 2021, we observed the subdomain mail[.]mod[.]qov[.]rs being used to phish for . Serbian Ministry of Defence credentials. The phishing page shown in Figure 1 when visited not only logged credentials, but logged visits to the phishing page itself.
Microsoft Outlook RCE zero-day exploits now selling for $400,000
www.bleepingcomputer.com/news/security/microsoft-outlook-rce-zero-day-exploits-now-selling-for-400-000/ The same conditions apply for the exploit payouts for Mozilla Thunderbird as in the case of Microsoft Outlook. An RCE in an email client would grant attackers access to all available accounts.
Popular apps left biometric data, IDs of millions of users in danger
cybernews.com/security/popular-apps-left-biometric-data-ids-of-millions-of-users-in-danger/ Service providers using Onfido, an identification verification (IDV) service, let a major flaw in their security go unchecked, in the form of an exposed admin token that potentially left app users biometric data exposed. Using this safety gap, threat actors could have downloaded personally identifiable information (PII), including copies of client-submitted IDs, passports, and driver’s licenses.
BlackCat ransomware targeting US, European retail, construction and transportation orgs
www.zdnet.com/article/blackcat-ransomware-targeting-us-european-retail-construction-and-transportation-orgs/ Palo Alto said that as of December 2021, BlackCat has the 7th largest number of victims listed on their leak site among ransomware groups that Unit 42 tracks.
After Russian Arrests, REvil Activity Persists
blog.reversinglabs.com/blog/after-russian-arrests-revil-rolls-on Almost two weeks after Russian authorities orchestrated high profile arrests of cyber criminals affiliated with the notorious ransomware group, there has been little change in the availability of malicious files and implants associated with the group, ReversingLabs data shows. Also
krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/
Finland warns of Facebook accounts hijacked via Messenger phishing
www.bleepingcomputer.com/news/security/finland-warns-of-facebook-accounts-hijacked-via-messenger-phishing/ Finland’s National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims’ friends in Facebook Messenger chats.
Hackers are taking over CEO accounts with rogue OAuth apps
www.bleepingcomputer.com/news/security/hackers-are-taking-over-ceo-accounts-with-rogue-oauth-apps/ Threat analysts have observed a new campaign named OiVaVoii, targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.
Merirosvot iskevät nyt laivojen ja satamien sähköisiin järjestelmiin kyberpiraatit pystyvät sekoittamaan koko maailmankaupan
yle.fi/uutiset/3-12292088 Kyberhyökkäykset ovat kasvava uhka kansainväliselle merenkululle. Asialla on perinteisiä merirosvoja ja muita rikollisia, mutta myös valtioita, joilla on poliittisia tavoitteita.
