Daily NCSC-FI news followup 2021-09-08

Government still gauging impact of Wednesday’s denial-of-service attacks www.stuff.co.nz/business/300402182/government-still-gauging-impact-of-wednesdays-denialofservice-attacks ANZ and Kiwibank appear to have made progress recovering from a cyber attack that made their online services inaccessible for many New Zealanders on Wednesday. AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle www.theregister.com/2021/09/08/att_alien_labs_warns_of/ Now, AT&T’s Alien Labs has shone […]

Read More

Daily NCSC-FI news followup 2021-09-07

Important clarifications regarding arrest of climate activist protonmail.com/blog/climate-activist-arrest/ We would like to provide important clarifications regarding the case of the climate activist who was recently arrested by French police on criminal charges. […] In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no […]

Read More

Daily NCSC-FI news followup 2021-09-06

Conti affiliates use ProxyShell Exchange exploit in ransomware attacks news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ An investigation into recent attacks by a Conti affiliate reveals that that the attackers initially accessed targeted organizations networks with ProxyShell, an exploit of vulnerabilities in Microsoft Exchange that have been the subject of multiple critical updates over the past several months. The attacker otherwise […]

Read More

Daily NCSC-FI news followup 2021-09-05

Malware found preinstalled in classic push-button phones sold in Russia therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/ In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. PST, […]

Read More

Daily NCSC-FI news followup 2021-09-04

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/ A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation meaning they can be used to track their wearers. The State of SSL/TLS Certificate Usage in […]

Read More

Daily NCSC-FI news followup 2021-09-03

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html Bloomberg News investigation has filled in significant new details, including why Sunnyvale, California-based Juniper, a top maker of computer networking equipment, used the NSA algorithm in the first place, and who was behind the attack.. Pentagon tied some future contracts […]

Read More

Daily NCSC-FI news followup 2021-09-02

UK VoIP telco receives ‘colossal ransom demand’, reveals REvil cybercrooks suspected of ‘organised’ DDoS attacks on UK VoIP companies www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/ In a statement, chair of Comms Council UK Eli Katz told us: “Comms Council UK is aware of the Denial of Service attacks currently targeting IP-based communications service providers in the UK and that a […]

Read More

Daily NCSC-FI news followup 2021-09-01

Cryptophishing on the Luno exchange www.kaspersky.com/blog/cryptophishing-in-luno/41538/ Since the advent of cryptocurrency, scammers of every stripe have sought to get rich from stealing virtual coins. With cybercriminals duping both buyers of mining equipment and cryptoinvestors, we spotlight a scam targeting users of the Luno cryptoexchange. The Luno cryptocurrency exchange has been in existence since 2013, and […]

Read More

Daily NCSC-FI news followup 2021-08-31

Attracting flies with Honey(gain): Adversarial abuse of proxyware blog.talosintelligence.com/2021/08/proxyware-abuse.html With internet-sharing applications, or “proxyware,” users download software that allows them to share a percentage of their bandwidth with other internet users for a fee, with the companies that created this software acting as a go-between. As proxyware has grown in popularity, attackers have taken notice […]

Read More

Daily NCSC-FI news followup 2021-08-30

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16 blog.malwarebytes.com/podcast/2021/08/hackers-tractors-and-a-few-delayed-actors-how-hacker-sick-codes-learned-too-much-about-john-deere-lock-and-code-s02e16/ No one ever wants a group of hackers to say about their company: We had the keys to the kingdom.. But thats exactly what the hacker Sick Codes said on this weeks episode […]

Read More