Daily NCSC-FI news followup 2019-06-19

Apu: Kyberhyökkäys tietoverkkoihin voisi pimentää Suomen oletko varautunut?


Kiinan tiedustelupalvelu värvää vakoilijoita LinkedInissä myös suomalaisia ulkopolitiikan asiantuntijoita lähestytty

yle.fi/uutiset/3-10838995 Raportin on laatinut Ulkopoliittisen instituutin ohjelmajohtaja Mika Aaltola.

Quick Detect: Exim “Return of the Wizard” Attack

isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ =Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka “Return of the Wizard”). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well.

ESS: Hyvinvointiyhtymä lähetti turhia laskuja, sotkun syytä selvitetään – vastuun välttely tapahtuneesta alkoi saman tien

www.ess.fi/uutiset/paijathame/art2549228 Virhelaskut liittyivät yhtymässä tehtyyn tietojärjestelmän päivitykseen, jossa huoltokatkon aikana syntyi virheellistä laskuttamista. Näin tapahtui, koska vanhaa maksuliikennettä alettiin automaattisesti käsitellä osittain uudelleen.

ESS: Kirjastojärjestelmä on saatu toimimaan Lahden kirjastoissa viimeviikkoinen kyberhyökkäys vaikuttaa kaupungin palveluihin yli juhannuksen


Ryuk Ransomware Adds IP and Computer Name Blacklisting

www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.. When BleepingComputer asked Kremez why he felt they were making these checks, he told us that it was likely to avoid encrypting computers in Russia.

Oracle patches another actively-exploited WebLogic zero-day

www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/ Oracle released an out-of-band security update to fix a vulnerability in WebLogic servers that was being actively exploited in the real world to hijack users’ systems.. Attacks using this vulnerability were first reported by Chinese security firm Knownsec 404 Team on June 15, last Saturday.

You might be interested in …

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Daily NCSC-FI news followup 2019-11-08

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it? www.theregister.co.uk/2019/11/07/ubiquiti_networks_phone_home/ Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.. It all kicked off when the US-based manufacturer confirmed that a software update released this […]

Read More

Daily NCSC-FI news followup 2020-06-30

Yes, Apple/Google COVID-19 Tracking Is Now On Your PhoneHere’s The Problem www.forbes.com/sites/zakdoffman/2020/06/29/serious-new-blow-for-apple-and-google-as-covid-19-phone-tracking-is-rejected/ Australia has now rejected the Apple and Google framework embedded in the latest versions of Android and iOS, deciding to keep its COVIDSafe app independent. The reason is simple, the Apple/Google model “fundamentally changes the locus of control and takes out the middle […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.