Comments on: Cyber security news September 2021

By: Tomi Engdahl

Tomi Engdahl — Sat, 02 Oct 2021 20:38:33 +0000

New Android trojan malware has infected more than 10 million Android devices
GriftHorse campaign operators made tens of millions of dollars from their victims
https://www.techspot.com/news/91491-new-android-trojan-malware-has-infected-more-than.html

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:06:56 +0000

Researchers Trick Locked iPhones Into Making $1300 Purchases https://www.forbes.com/sites/leemathews/2021/09/30/researchers-trick-locked-iphones-into-making-1300-purchases/
A team of academics figured out a way to trick the combination of Apple Pay and Visa cards into silently authorizing massive payments.
Even though the iPhones the researchers tested were locked during the transactions they were able to pilfer £1, 000 (about $1340). also:
https://practical_emv.gitlab.io/

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:06:36 +0000

Uusi huijaus kiusaa nettikirppisten käyttäjiä “Kortti niistetään niin tyhjäksi kuin pystytään”, varoittaa asiantuntija
https://yle.fi/uutiset/3-12119203
Verkon vertaiskauppasivustoilla leviää uusi huijaus, jonka tarkoituksena on kalastella käyttäjien luottokorttitietoja.

Huijari on kalastellut henkilökohtaisia tietoja Kelan nimissä https://www.is.fi/digitoday/art-2000008301415.html
Kelan nimissä on kalasteltu puhelimitse muun muassa pankkitietoja.

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:05:30 +0000

Turkish national charged for DDoS attacks with the WireX botnet https://therecord.media/turkish-national-charged-for-ddos-attacks-with-the-wirex-botnet/
US authorities have indicted today a Turkish national for using a now-defunct malware botnet to launch distributed denial-of-service
(DDoS) attacks against a Chicago-based multinational hospitality company.

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:05:08 +0000

German IT security watchdog examines Xiaomi mobile phone https://www.reuters.com/article/germany-security-china-idUSKBN2GP1BQ
Germany’s federal cybersecurity watchdog, the BSI, is conducting a technical examination of a mobile phone manufactured by China’s Xiaomi Corp, a spokesperson for the interior ministry told Reuters on Wednesday.

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:04:00 +0000

Undetected Azure Active Directory Brute-Force Attacks https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:03:41 +0000

JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:03:11 +0000

Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/
Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management.

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:02:01 +0000

GhostEmperor: From ProxyLogon to kernel mode https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the underlying cluster GhostEmperor. Our investigation into this activity leads us to believe that the underlying actor is highly skilled and accomplished in their craft, both of which are evident through the use of a broad set of unusual and sophisticated anti-forensic and anti-analysis techniques.
also:
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf

By: Tomi Engdahl

Tomi Engdahl — Fri, 01 Oct 2021 07:01:26 +0000

Rikolliset urkkivat suomalaisten pankkitunnuksia ota talteen vinkit turvalliseen asiointiin https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia
Kela, Keskusrikospoliisi ja Kyberturvallisuuskeskus kehottavat huolellisuuteen verkkopalveluihin kirjautumisessa. Rikolliset kalastelevat pankkitunnuksia suomalaisten pankkien ja Omakanta-palvelun nimissä. Asioithan verkossa turvallisesti ja tunnista huijaukset. Kerro huijauksista myös läheisillesi.