Daily NCSC-FI news followup 2019-06-13

Tivi: Louhen palvelimissa tietomurto, palveluja alhaalla jo neljättä päivää Uskomattoman hidasta toimintaa

www.tivi.fi/uutiset/louhen-palvelimissa-tietomurto-palveluja-alhaalla-jo-neljatta-paivaa-uskomattoman-hidasta-toimintaa/1f174864-f64a-46d7-9aab-dbdab45801c5 Suomalaisen webhotelli-yhtiö Louhen palvelut ovat kärsineet vakavista ongelmista tietomurron takia. Louhi tiedottaa verkkosivuillaan, että seitsemän webhotellipalvelinta on kärsinyt ongelmista. Niiden johdosta verkkosivut ja sähköpostipalvelut eivät ole toimineet. Tapahtuneen tietomurron johdosta palvelut tullaan siirtämään korvaaville alustoille niin pian kuin mahdollista, Louhi tiedottaa.

Ransomware attack paralyses Lake City email, landlines and credit card services

hotforsecurity.bitdefender.com/blog/ransomware-attack-paralyses-lake-city-email-landlines-and-credit-card-services-21329.html Lake City has warned citizens that administrative systems, including email and credit card systems, are down following a ransomware attack on the Florida municipality. The attack, called Triple Threat in a press release issued by the city, reportedly combined three attack vectors to infect government endpoints, crippling the citys administrative email systems, as well as landlines and credit card payments. Emergency services, however, remain untouched, according to the release.

Telegram Hit by DDoS Cyber-Attack, Users May Experience Connection Issues

gadgets.ndtv.com/apps/news/telegram-hit-by-ddos-cyber-attack-users-may-experience-connection-issues-2052233 Messaging service provider Telegram has been hit by a “powerful” distributed denial-of-service (DDoS) attack and users in the United States and other countries may experience connection issues, the company said in a tweet on Wednesday.

Hide N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP

unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/ The Hide N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB). This post details a variant of the family first seen on the 21st of February 2019, incorporating two new exploits CVE-2018-20062 which targets ThinkPHP installations, and CVE-2019-7238, a Remote Code Execution (RCE) vulnerability in Sonatype Nexus Repository Manager (NXRM) 3 software installations.

THE HACKERONE TOP 10 MOST IMPACTFUL AND REWARDED VULNERABILITY TYPES

www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types HackerOne customers have received more than 120,000 (and counting!) valid security vulnerabilities across more than 1,400 programs of all sizes. Combined, they represent a clear picture of the real-world risks we face today. For the first time ever, HackerOne is providing our list of the top 10 rewarded vulnerability types as indicated by bounty awards and customer impact, all based on weaknesses resolved through 2018. The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types is an interactive site allowing you to explore bounty award levels, severity scores, total report volumes, and more. You can also filter by industry.

Energia-alalla kyberuhka voi tarkoittaa soluttautumista Suomen infrastruktuuriin energia-ala kehitti yhteiset toimintatavat uhkien torjuntaan

www.tekniikkatalous.fi/uutiset/tt/4b5ac7bb-fe21-4ed6-83fc-cd48a419405a Kyberturvallisuusuhat kohdistuvat yhä enemmän myös energiateollisuuteen. VTT, Kyberturvallisuuskeskus, Huoltovarmuuskeskus ja energia-alan avaintoimijat ovat nyt määritelleet yhteiset toimintatavat kyberuhkien torjumiseksi, kerrotaan VTT:n tiedotteessa.

Kyberhyökkäys haittaa toimintaa Lahden terveysasemilla, kaupunginsairaalassa, hammashoitoloissa ja sosiaalipalveluissa

www.ess.fi/uutiset/paijathame/art2547677 Lahden kaupungin ja Päijät-Hämeen hyvinvointiyhtymän välisten tietoliikenneyhteyksien puuttuminen haittaa toimintaa Ahtialan ja Launeen terveysasemilla, kaupunginsairaalassa, Lahden hammashoitoloissa ja sosiaalipalveluissa. Tietoliikenneyhteydet katkaistiin, jotta voitaisiin estää kaupunkiin kohdistetun kyberhyökkäyksen laajeneminen. Sosiaali- ja terveydenhuollon kaikkien tietojärjestelmien käyttö ei ole mahdollista Lahden kaupungin alueen verkossa olevissa yhtymän työasemissa. Häiriö ei vaikuta toimintaan Nastolan terveysasemalla, koska Nastola ei ole Lahden verkossa.

May 2019s Most Wanted Malware: Patch Now to Avoid the BlueKeep Blues

blog.checkpoint.com/2019/06/13/may-2019-most-wanted-malware-bluekeep-microsoft-rdp-cryptocurrency-malware/ In May, the most significant event in the threat landscape was not a new type of malware: it was a serious vulnerability in older versions of Windows operating systems that if exploited by criminals could lead to the type of mega-scale ransomware attacks we saw in 2017 with WannaCry and NotPetya. The vulnerability is the BlueKeep Microsoft RDP flaw (CVE-2019-0708) in Windows 7 and Windows Server 2008 machines, which affects nearly 1 million machines accessible to the public internet, and many more within organizations networks. The reason this vulnerability is critical because it requires no user interaction in order to be exploited. RDP is already an established, popular attack vector which has been used to install ransomware such as Samsam

Emotet: the malware behind 45% of malicious URLs

www.pandasecurity.com/mediacenter/malware/emotet-evolution-botnet/ In November last year, several Chilean financial institutions were beset by a cyberthreat. It was the banking malware Emotet, known as the nightmare of global banking. The Chilean bank Consorcio announced that, whilst no customer funds had been affected, some of the banks own funds still hadnt been recovered. According to PandaLabs, once Emotet gets onto a network, it infects all the computers connected to it in minutes, and these computers then await orders from the Trojans C&C. It is normally used to steal credentials and to send out spam, but it can also be used to encrypt the entire network.

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners

blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/ Regular cybercriminals appear to be taking a page from targeted attack actors playbooks or rather, toolkits to maximize their profits from illicit activities like cryptojacking. One of the differences between regular cybercrime and targeted attacks is intent: The former will almost always have immediate financial gain as its main motivation while the latter will have other goals, for example, intellectual property theft. Furthermore, the mindsets of the threat actors can be very different. Regular cybercriminals will typically need to think of how they can compromise as many individual devices as possible (for example, to deliver ransomware, coin miners, or banking trojans) while targeted attack threat actors will need to plan how to infiltrate and gain full access to corporate networks and remain as discreet as possible

Evernote Critical Flaw Opened Personal Data of Millions to Attack

threatpost.com/evernote-critical-flaw-opened-personal-data-of-millions-to-attack/145666/ A critical flaw in the popular note-taking Evernote extension could have allowed attackers to steal personal data including emails and financial transactions of millions. Specifically impacted was the Evernote Web Clipper extension for the Chrome browser, which lets users capture full-page article, images, selected text, emails and more. The Evernote extension is extremely popular, putting the personal data of than 4.6 million users at risk, researchers said.

Tällä alalla on merkittävät kyberuhkat toteutuessaan vaikuttavat koko yhteiskuntaan

www.tivi.fi/uutiset/tv/c765f676-1a8b-409f-9971-eea2bcf2daf2 Energia-alaan liittyvät kyberturvallisuusriskit uhkaisivat toteutuessaan alan koko toimintaa, energiantuotannosta siirtoon ja jakeluun, ja lopulta koko yhteiskunnan toimintaa. Kyberturvallisuusuhat kohdistuvat yhä enemmän myös energiateollisuuteen. VTT, Kyberturvallisuuskeskus, Huoltovarmuuskeskus ja energia-alan avaintoimijat ovat nyt määritelleet yhteiset toimintatavat kyberuhkien torjumiseksi, kerrotaan VTT:n tiedotteessa.. Myös:

www.vtt.fi/medialle/uutiset/energia-ala-kehitti-yhteiset-toimintatavat-kyberuhkia-vastaan

Millions of Exim Mail Servers Are Currently Being Attacked

www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-are-currently-being-attacked/ Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers. The flaw tracked as CVE-2019-10149 and named “The Return of the WIZard” by Qualys, the research outfit which discovered it, makes it possible for attackers to remotely run arbitrary commands as root in most cases on exposed servers after exploitation.

DNS Observatory Offers Researchers New Insight into Global DNS Activity

www.darkreading.com/vulnerabilities—threats/dns-observatory-offers-researchers-new-insight-into-global-dns-activity/d/d-id/1334953 The Domain Name System (DNS), which is part of essentially every transaction on the Internet, has also become a critical part of many online attacks. Now, a monitoring framework presented at IETF 104 in March is providing new insight into the way DNS queries are received and answered across the Internet, as well as how that process might have an impact on security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.