Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä

www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden.

The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely

www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations in other countries, following a breach of security. About 1,000 people are currently on technical unemployment until the company resumes operations. Technical unemployment allows workers to claim temporary unemployment benefits when they are put out of work for a limited period, by circumstances beyond their control. Union representatives Jan Baetens told De Standa

Yle: Lahden kyberhyökkäystutkinta: livahtiko haittaohjelma tuhanteen tietokoneeseen yksittäisen käyttäjän toiminnan vuoksi?

yle.fi/uutiset/3-10832288 myös: “KRP vahvistaa: Lahden tietojärjestelmän saastuttanut ohjelma on troijalainen, tekijä vielä epäselvä” (

yle.fi/uutiset/3-10833458 )

Tietoliikennekatkos haittaa toimintaa osalla terveysasemia, kaupunginsairaalassa, hammashoitoloissa ja sosiaalipalveluissa

www.phhyky.fi/fi/tietoliikennekatkos-haittaa-toimintaa-osalla-terveysasemia-kaupunginsairaalassa-hammashoitoloissa-ja-sosiaalipalveluissa/ Sosiaali- ja terveydenhuollon kaikkien tietojärjestelmien käyttö ei ole mahdollista Lahden kaupungin alueen verkossa olevissa yhtymän työasemissa. Häiriö ei vaikuta toimintaan Nastolan terveysasemalla, koska Nastola ei ole Lahden verkossa.

Nanocore RAT is a general purpose malware with specific client factories available to everyone and easily accessible. During our cyber-defense activities we discovered attack attempts against Italian companies operating in the Luxury sector. For instance, we intercepted malicious email claiming to come from a well known Italian Bank and then we started to analyze it.

blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

dragos.com/blog/industry-news/threat-proliferation-in-ics-cybersecurity-xenotime-now-targeting-electric-sector-in-addition-to-oil-and-gas/ The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.

Data Insights on the BlueKeep Vulnerability

www.bitsight.com/blog/data-insights-on-bluekeep-vulnerability Microsoft has made several links between BlueKeep and the EternalBlue vulnerability used by the WannaCry worm several years ago. The comparison between these two vulnerabilities is pertinent, as both can be exploited without user authentication and require no additional interaction. In other words, both are wormable vulnerabilities.

Security bug would have allowed hackers access to Google’s internal network

www.zdnet.com/article/security-bug-would-have-allowed-hackers-access-to-googles-internal-network/ A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.