Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä

www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden.

The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely

www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations in other countries, following a breach of security. About 1,000 people are currently on technical unemployment until the company resumes operations. Technical unemployment allows workers to claim temporary unemployment benefits when they are put out of work for a limited period, by circumstances beyond their control. Union representatives Jan Baetens told De Standa

Yle: Lahden kyberhyökkäystutkinta: livahtiko haittaohjelma tuhanteen tietokoneeseen yksittäisen käyttäjän toiminnan vuoksi?

yle.fi/uutiset/3-10832288 myös: “KRP vahvistaa: Lahden tietojärjestelmän saastuttanut ohjelma on troijalainen, tekijä vielä epäselvä” (

yle.fi/uutiset/3-10833458 )

Tietoliikennekatkos haittaa toimintaa osalla terveysasemia, kaupunginsairaalassa, hammashoitoloissa ja sosiaalipalveluissa

www.phhyky.fi/fi/tietoliikennekatkos-haittaa-toimintaa-osalla-terveysasemia-kaupunginsairaalassa-hammashoitoloissa-ja-sosiaalipalveluissa/ Sosiaali- ja terveydenhuollon kaikkien tietojärjestelmien käyttö ei ole mahdollista Lahden kaupungin alueen verkossa olevissa yhtymän työasemissa. Häiriö ei vaikuta toimintaan Nastolan terveysasemalla, koska Nastola ei ole Lahden verkossa.

Nanocore RAT is a general purpose malware with specific client factories available to everyone and easily accessible. During our cyber-defense activities we discovered attack attempts against Italian companies operating in the Luxury sector. For instance, we intercepted malicious email claiming to come from a well known Italian Bank and then we started to analyze it.

blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

dragos.com/blog/industry-news/threat-proliferation-in-ics-cybersecurity-xenotime-now-targeting-electric-sector-in-addition-to-oil-and-gas/ The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.

Data Insights on the BlueKeep Vulnerability

www.bitsight.com/blog/data-insights-on-bluekeep-vulnerability Microsoft has made several links between BlueKeep and the EternalBlue vulnerability used by the WannaCry worm several years ago. The comparison between these two vulnerabilities is pertinent, as both can be exploited without user authentication and require no additional interaction. In other words, both are wormable vulnerabilities.

Security bug would have allowed hackers access to Google’s internal network

www.zdnet.com/article/security-bug-would-have-allowed-hackers-access-to-googles-internal-network/ A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.

You might be interested in …

Daily NCSC-FI news followup 2020-03-27

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more www.zdnet.com/article/best-password-managers/ Everyone needs a password manager. Period, full stop. It’s the only possible way to maintain unique, hard-to-guess credentials for every secure site you, your family members, and your team access daily. Booz Allen analyzed 200+ Russian hacking operations to better understand their […]

Read More

Daily NCSC-FI news followup 2019-10-08

CISO series: Lessons learned from the Microsoft SOCPart 3a: Choosing SOC tools www.microsoft.com/security/blog/2019/10/07/ciso-series-lessons-learned-from-the-microsoft-soc-part-3a-choosing-soc-tools/ Over the course of the series, weve discussed how we operate our SOC at Microsoft. In the last two posts, Part 2a, Organizing people, and Part 2b: Career paths and readiness, we discussed how to support our most valuable resourcespeoplebased on successful […]

Read More

Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.