Daily NCSC-FI news followup 2019-06-19

Apu: Kyberhyökkäys tietoverkkoihin voisi pimentää Suomen oletko varautunut?


Kiinan tiedustelupalvelu värvää vakoilijoita LinkedInissä myös suomalaisia ulkopolitiikan asiantuntijoita lähestytty

yle.fi/uutiset/3-10838995 Raportin on laatinut Ulkopoliittisen instituutin ohjelmajohtaja Mika Aaltola.

Quick Detect: Exim “Return of the Wizard” Attack

isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/ =Thanks to our reader Alex for sharing some of his mail logs with the latest attempts to exploit CVE-2019-10149 (aka “Return of the Wizard”). The vulnerability affects Exim and was patched about two weeks ago. There are likely still plenty of vulnerable servers, but it looks like attackers are branching out and are hitting servers not running Exim as well.

ESS: Hyvinvointiyhtymä lähetti turhia laskuja, sotkun syytä selvitetään – vastuun välttely tapahtuneesta alkoi saman tien

www.ess.fi/uutiset/paijathame/art2549228 Virhelaskut liittyivät yhtymässä tehtyyn tietojärjestelmän päivitykseen, jossa huoltokatkon aikana syntyi virheellistä laskuttamista. Näin tapahtui, koska vanhaa maksuliikennettä alettiin automaattisesti käsitellä osittain uudelleen.

ESS: Kirjastojärjestelmä on saatu toimimaan Lahden kirjastoissa viimeviikkoinen kyberhyökkäys vaikuttaa kaupungin palveluihin yli juhannuksen


Ryuk Ransomware Adds IP and Computer Name Blacklisting

www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.. When BleepingComputer asked Kremez why he felt they were making these checks, he told us that it was likely to avoid encrypting computers in Russia.

Oracle patches another actively-exploited WebLogic zero-day

www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/ Oracle released an out-of-band security update to fix a vulnerability in WebLogic servers that was being actively exploited in the real world to hijack users’ systems.. Attacks using this vulnerability were first reported by Chinese security firm Knownsec 404 Team on June 15, last Saturday.

You might be interested in …

Daily NCSC-FI news followup 2020-01-21

Infiltrating Networks: Easier Than Ever Due to Evil Markets www.bleepingcomputer.com/news/security/infiltrating-networks-easier-than-ever-due-to-evil-markets/ Attackers don’t always need to breach the networks of their victims themselves to plant malware as there are plenty of professional intruders offering their services on underground markets.. Various levels of access are offered for prices starting $1,000 and increasing depending on how deep the […]

Read More

Daily NCSC-FI news followup 2019-09-24

New NetWire RAT Variant Being Spread Via Phishing www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. LookBack Forges Ahead: […]

Read More

Daily NCSC-FI news followup 2020-04-29

Rogue affiliates are running fake antivirus expiration scams www.bleepingcomputer.com/news/security/rogue-affiliates-are-running-fake-antivirus-expiration-scams/ Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale. Microsoft warns of malware surprise pushed via pirated movies www.bleepingcomputer.com/news/security/microsoft-warns-of-malware-surprise-pushed-via-pirated-movies/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.