Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä

www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden.

The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely

www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations in other countries, following a breach of security. About 1,000 people are currently on technical unemployment until the company resumes operations. Technical unemployment allows workers to claim temporary unemployment benefits when they are put out of work for a limited period, by circumstances beyond their control. Union representatives Jan Baetens told De Standa

Yle: Lahden kyberhyökkäystutkinta: livahtiko haittaohjelma tuhanteen tietokoneeseen yksittäisen käyttäjän toiminnan vuoksi?

yle.fi/uutiset/3-10832288 myös: “KRP vahvistaa: Lahden tietojärjestelmän saastuttanut ohjelma on troijalainen, tekijä vielä epäselvä” (

yle.fi/uutiset/3-10833458 )

Tietoliikennekatkos haittaa toimintaa osalla terveysasemia, kaupunginsairaalassa, hammashoitoloissa ja sosiaalipalveluissa

www.phhyky.fi/fi/tietoliikennekatkos-haittaa-toimintaa-osalla-terveysasemia-kaupunginsairaalassa-hammashoitoloissa-ja-sosiaalipalveluissa/ Sosiaali- ja terveydenhuollon kaikkien tietojärjestelmien käyttö ei ole mahdollista Lahden kaupungin alueen verkossa olevissa yhtymän työasemissa. Häiriö ei vaikuta toimintaan Nastolan terveysasemalla, koska Nastola ei ole Lahden verkossa.

Nanocore RAT is a general purpose malware with specific client factories available to everyone and easily accessible. During our cyber-defense activities we discovered attack attempts against Italian companies operating in the Luxury sector. For instance, we intercepted malicious email claiming to come from a well known Italian Bank and then we started to analyze it.

blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

dragos.com/blog/industry-news/threat-proliferation-in-ics-cybersecurity-xenotime-now-targeting-electric-sector-in-addition-to-oil-and-gas/ The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.

Data Insights on the BlueKeep Vulnerability

www.bitsight.com/blog/data-insights-on-bluekeep-vulnerability Microsoft has made several links between BlueKeep and the EternalBlue vulnerability used by the WannaCry worm several years ago. The comparison between these two vulnerabilities is pertinent, as both can be exploited without user authentication and require no additional interaction. In other words, both are wormable vulnerabilities.

Security bug would have allowed hackers access to Google’s internal network

www.zdnet.com/article/security-bug-would-have-allowed-hackers-access-to-googles-internal-network/ A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.

You might be interested in …

Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain […]

Read More

Daily NCSC-FI news followup 2019-11-08

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it? www.theregister.co.uk/2019/11/07/ubiquiti_networks_phone_home/ Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.. It all kicked off when the US-based manufacturer confirmed that a software update released this […]

Read More

Daily NCSC-FI news followup 2020-12-04

KUTSU TRAFICOMIN KYBERTURVALLISUUSKESKUKSEN MEDIAWEBINAARIIN: ONKO KODIN ÄLYLAITE AVOIN OVI HAKKERILLE? www.epressi.com/tiedotteet/teknologia/kutsu-traficomin-kyberturvallisuuskeskuksen-mediawebinaariin-onko-kodin-alylaite-avoin-ovi-hakkerille.html Verkossa olevat älylaitteet voivat olla kanava koteihin suuntautuviin tietoturvahyökkäyksiin. Siksi tuotteiden valmistajien ja markkinoijien täytyy varmistaa laitteidensa tietoturvataso. Miten vuosi sitten Liikenne- ja viestintävirasto Traficomin julkistama Tietoturvamerkki on otettu vastaan yrityksissä? Miten se auttaa kuluttajia löytämään tietoturvallisen älylaitteen?. Ilmoittaudu mediawebinaariimme viimeistään ti 8.12. klo […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.