Daily NCSC-FI news followup 2021-12-06

France warns of Nobelium cyberspies attacking French orgs www.bleepingcomputer.com/news/security/france-warns-of-nobelium-cyberspies-attacking-french-orgs/ The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year’s SolarWinds hack has been targeting French organizations since February 2021. While ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not determined how Nobelium compromised email […]

Read More

Daily NCSC-FI news followup 2021-12-05

Malicious Excel XLL add-ins push RedLine password-stealing malware www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/ Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP […]

Read More

Daily NCSC-FI news followup 2021-12-04

Why the Future Needs Passwordless Authentication securityintelligence.com/future-needs-passwordless-authentication/ As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed. Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity. […]

Read More

Daily NCSC-FI news followup 2021-12-03

Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers therecord.media/germany-warns-of-ransomware-attacks-over-christmas-citing-emotet-return-unpatched-exchange-servers/ The German cybersecurity authority has told German organizations to expect ransomware and other cyber-attacks over the Christmas and end-of-year holidays, citing the return of the Emotet botnet and the large number of Microsoft Exchange email servers that have been left unpatched. […]

Read More

Daily NCSC-FI news followup 2021-12-02

Suur­isku verkko­rikollisuuteen: 1­803 pidätetty, 67, 5 miljoonaa euroa pelastettu www.is.fi/digitoday/tietoturva/art-2000008447466.html Euroopan poliisivirasto Europol tiedottaa kansainvälisestä suuroperaatiosta verkkorikollisuutta vastaan. Sarjassaan seitsemäs Emma-operaatio (European Money Mule Action) käsitti 27 maata, Suomi mukaan lukien, ja keskittyi rikollisuuden avulla hankittujen rahojen pesemiseen niin sanottujen muulien avulla. See also: www.europol.europa.eu/newsroom/news/european-money-mule-action-leads-to-1-803-arrests Emotet now spreads via fake Adobe Windows App Installer packages […]

Read More

Daily NCSC-FI news followup 2021-12-01

APT groups from China, Russia, and India adopt novel attack technique therecord.media/apt-groups-from-china-russia-and-india-adopt-novel-attack-technique/ State-sponsored hacking groups, also known as advanced persistent threats (ATPs), have adopted this year a new attack technique called “RTF Template Injection, ” which has brought a new twist and made their attacks harder to detect and stop. In a report today, email […]

Read More

Daily NCSC-FI news followup 2021-11-30

Kaspersky – APT annual review 2021 securelist.com/apt-annual-review-2021/105127/ In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters. For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last […]

Read More

Daily NCSC-FI news followup 2021-11-29

APT37 targets journalists with Chinotto multi-platform malware www.bleepingcomputer.com/news/security/apt37-targets-journalists-with-chinotto-multi-platform-malware/ North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices. APT37 (aka Reaper) has been active since at least 2012 and is an […]

Read More

Daily NCSC-FI news followup 2021-11-28

North Korean hackers posed as Samsung recruiters to target security researchers therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/ North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report. “The emails included a PDF […]

Read More

Daily NCSC-FI news followup 2021-11-27

Hackers are targeting this Microsoft Windows Installer flaw, say security researchers www.zdnet.com/article/hackers-are-targeting-this-microsoft-windows-installer-flaw-say-security-researchers/ Flaw can be exploited to give an attacker administrator rights on a compromised system, despite efforts to fix the problem. Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer. Microsoft released a patch […]

Read More