Alerts

TrickBot Bypasses Online Banking 2FA Protection via Mobile App

March 26th, 2020 National CSIRT-CY Security Alerts.

The TrickBot gang is using a malicious Android application they developed to bypass two-factor authentication (2FA) protection used by various banks after stealing transaction authentication numbers.

The Android app dubbed TrickMo by IBM X-Force researchers is actively being updated and it is currently being pushed via the infected desktops of German victims with the help of web injects in online banking sessions.

TrickBot’s operators have designed TrickMo to intercept a wide range of transaction authentication numbers (TANs) including one-time password (OTP), mobile TAN (mTAN), and pushTAN authentication codes after victims install it on their Android devices.

Tor Browser 9.0.7 Patches Bug That Could Deanonymize Users

March 26th, 2020 National CSIRT-CY Security Alerts.

The Tor Project released Tor Browser 9.0.7 today with a permanent fix for a bug that allowed JavaScript code to run on the Safest security level in some situations while using the previous Tor Browser version.

Since Tor Browser users are relying on its security features to anonymously browse the Internet, having their identity exposed by a JavaScript that could be used for fingerprinting or unveiling their true location defeated the browser’s private browsing promise without tracking, surveillance, or censorship.

After updating to the latest version, all JavaScript code is again disabled automatically on non-HTTPS sites while browsing the web with the Tor Browser on the Safest security level.

Three More Ransomware Families Create Sites to Leak Stolen Data

March 24th, 2020 National CSIRT-CY Security Alerts.

Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.

Ever since Maze created their “news” site to publish stolen data of their victims who choose not to pay, other ransomware actors such as Sodinokibi/REvil, Nemty, and DoppelPaymer have been swift to follow.

Over the past two days, BleepingComputer has learned of another three ransomware families who have now launched their data leak sites, which are listed below.

Malware Disguised as Google Updates Pushed via Hacked News Sites

March 23rd, 2020 National CSIRT-CY Security Alerts.

Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans.

After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites.

These landing pages are designed to look like a legitimate Google Chrome update page and are used by the attackers to instruct potential victims to download an update for their browser.

Requirements for Remote Work

March 21st, 2020 National CSIRT-CY Security Alerts.

1. Security requirements for remote work

1.1 Security Policy

The organisation must have a security policy for using devices for remote work.
The policy must be in place and enforced.

Helpline: 1490

TrickBot Bypasses Online Banking 2FA Protection via Mobile App

Tor Browser 9.0.7 Patches Bug That Could Deanonymize Users

Three More Ransomware Families Create Sites to Leak Stolen Data

Malware Disguised as Google Updates Pushed via Hacked News Sites

Requirements for Remote Work

1. Security requirements for remote work

1.1 Security Policy

National CSIRT Activity Roll

Presentation “Security Awareness For Remote Workers” by National CSIRT-CY

58th TF-CSIRT hosted by the National CSIRT-CY

Mobile and Memory Forensics Training from ENISA

58th TF-CSIRT Meeting in Paphos hosted by the National CSIRT-CY

Course on Cybersecurity Organisational and Defensive Capabilities