Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä

www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden.

The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely

www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations in other countries, following a breach of security. About 1,000 people are currently on technical unemployment until the company resumes operations. Technical unemployment allows workers to claim temporary unemployment benefits when they are put out of work for a limited period, by circumstances beyond their control. Union representatives Jan Baetens told De Standa

Yle: Lahden kyberhyökkäystutkinta: livahtiko haittaohjelma tuhanteen tietokoneeseen yksittäisen käyttäjän toiminnan vuoksi?

yle.fi/uutiset/3-10832288 myös: “KRP vahvistaa: Lahden tietojärjestelmän saastuttanut ohjelma on troijalainen, tekijä vielä epäselvä” (

yle.fi/uutiset/3-10833458 )

Tietoliikennekatkos haittaa toimintaa osalla terveysasemia, kaupunginsairaalassa, hammashoitoloissa ja sosiaalipalveluissa

www.phhyky.fi/fi/tietoliikennekatkos-haittaa-toimintaa-osalla-terveysasemia-kaupunginsairaalassa-hammashoitoloissa-ja-sosiaalipalveluissa/ Sosiaali- ja terveydenhuollon kaikkien tietojärjestelmien käyttö ei ole mahdollista Lahden kaupungin alueen verkossa olevissa yhtymän työasemissa. Häiriö ei vaikuta toimintaan Nastolan terveysasemalla, koska Nastola ei ole Lahden verkossa.

Nanocore RAT is a general purpose malware with specific client factories available to everyone and easily accessible. During our cyber-defense activities we discovered attack attempts against Italian companies operating in the Luxury sector. For instance, we intercepted malicious email claiming to come from a well known Italian Bank and then we started to analyze it.

blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

dragos.com/blog/industry-news/threat-proliferation-in-ics-cybersecurity-xenotime-now-targeting-electric-sector-in-addition-to-oil-and-gas/ The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.

Data Insights on the BlueKeep Vulnerability

www.bitsight.com/blog/data-insights-on-bluekeep-vulnerability Microsoft has made several links between BlueKeep and the EternalBlue vulnerability used by the WannaCry worm several years ago. The comparison between these two vulnerabilities is pertinent, as both can be exploited without user authentication and require no additional interaction. In other words, both are wormable vulnerabilities.

Security bug would have allowed hackers access to Google’s internal network

www.zdnet.com/article/security-bug-would-have-allowed-hackers-access-to-googles-internal-network/ A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.

You might be interested in …

Daily NCSC-FI news followup 2020-12-22

Kyberturvallisuuskeskuksen uusi julkaisu: Opas tietomurtojen havaitsemiseen www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen Tässä ohjeessa keskitytään erityisesti tietomurron havaitsemiseen lokitietojen avulla. Esimerkkeinä käytetään Windows Event Log – -­tapahtumalokeja tai muita Windows-­käyttöjärjestelmän lokitapahtumia. Valittuja esimerkkitapahtumia on havaittu tutkituissa tietomurroista tunkeutujien jäljiltä. PDF: www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Opas-tietomurtojen-havaitsemiseen.pdf SolarWinds hackers breached US Treasury officials’ email accounts www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/ US Senator Ron Wyden said that dozens of US Treasury […]

Read More

Daily NCSC-FI news followup 2020-06-12

Slovak police found wiretapping devices connected to the Govnet government network securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html Slovak police seized wiretapping devices connected to Govnet government network and arrested four individuals, including the head of a government agency. Power company Enel Group suffers Snake Ransomware attack www.bleepingcomputer.com/news/security/power-company-enel-group-suffers-snake-ransomware-attack/ European energy company giant Enel Group suffered a ransomware attack a few days […]

Read More

Daily NCSC-FI news followup 2019-11-19

Why Were the Russians So Set Against This Hacker Being Extradited? krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/ The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States.. When Israeli authorities turned down requests to send him back to Russia supposedly to face separate […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.