Daily NCSC-FI news followup 2019-06-24

How to remove Ryuk Ransomware (Uninstall guide)

csirt.cy/how-to-remove-ryuk-ransomware-uninstall-guide/ Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time.. According to the latest news reports, Ryuk ransomware is still rapidly spreading throughout the Internet sphere and infecting users worldwide. The Federal Bureau of Investigation, also known as FBI, has made a research and found out that this cyber threat has launched dangerous attacks on more than 100 different types of businesses in The United States of America.

Cloudflare is Having an Outage Affecting Sites Everywhere

www.bleepingcomputer.com/news/technology/cloudflare-is-having-an-outage-affecting-sites-everywhere/ Cloudflare is currently suffering an outage this morning that is affecting web sites around the world. This outage is not affecting all regions and only certain domains, including BleepignComputer, so some of you will be able to see this article and others won’t until the issue is resolved. According to Cloudflare, over 16 million Internet sites utilize their services for performance enhancement, DDoS mitigation, or other features. Due to this an outage can have a large impact on the entire Internet. Cloudflare has opened an incident report for this outage title “Route Leak Impacting Cloudflare”.. See also: www.cloudflarestatus.com/incidents/46z55mdhg0t5,

www.theregister.co.uk/2019/06/24/cloudflare_route_leak/ and


Saitko sähköpostitse jonkun näistä tiedostoista? Ole varovainen

www.is.fi/digitoday/tietoturva/art-2000006149767.html Kaikkiin tuntemattomiin sähköpostitse tuleviin tiedostoihin tulee aina suhtautua varauksella. Tietoturvayhtiö Kaspersky Lab kehottaa kuitenkin harjoittamaan äärimmäistä varovaisuutta näiden neljän liitetiedostotyypin kohdalla. Tiedostotyypit: Zip ja rar, Office, Pdf sekä Iso- ja img.

Saitko suositusta palvelusta epäilyttävän sähköpostin? Tästä on kyse

www.tivi.fi/uutiset/tv/5107ff91-0ffa-4116-a8a3-71b485068309 Matkailusovellus TripAdvisor vaatii joitakin käyttäjiä vaihtamaan salasanansa. Toimenpide koskee niitä käyttäjiä, joiden kirjautumistiedot ovat löytyneet yleiseen tietoon tulleiden tietovuotojen seasta.

Varo, näin huijarit iskevät yrityksiin kesälomakaudella

www.yrittajat.fi/uutiset/609062-varo-nain-huijarit-iskevat-yrityksiin-kesalomakaudella Kesä on huijareiden kulta-aikaa, koska töissä on paljon sijaisia. Yrityksiin kohdistetaan sähköpostihuijauksia, valelaskuja ja ns. toimitusjohtajahuijauksia.

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

threatpost.com/ip-theft-enables-attackers/145912/ One of the more commonly exploited vectors used by attackers today is poorly secured third-party supply-chain vendors. Adversaries often take aim at organizations that have unfettered access to a multitude of customers, to get a foothold inside their primary target.

Microsoft: We’re fighting Windows malware spread via Excel in email with bad macro

www.zdnet.com/article/microsoft-were-fighting-windows-malware-spread-via-excel-in-email-with-bad-macro/ Don’t enable macros, Microsoft warns, because a new malware campaign is aiming at fully patched Windows PCs.

Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail

www.zdnet.com/article/anonymous-hacker-exposed-after-dropping-usb-drive-while-throwing-molotov-cocktail/ In a bizarre investigation, Belgium police have identified a member of the Anonymous Belgium hacker collective while investigating an arson case at a local bank. The perpetrator, a 35-year-old man from the Belgian city of Roeselare, was initially arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, a suburb of Roeselare, back in 2014.

User data stolen from human hacking forum Social Engineered, published on rival site

www.zdnet.com/article/user-data-stolen-from-human-hacking-forum-social-engineered-published-on-rival-site/ A forum dedicated to the art of social engineering, Social Engineered, has been compromised and its users’ data leaked on a rival website. The data breach occurred on June 13, 2019. The details of the forum users, including 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords stored as salted MD5 hashes were published and leaked online.. See also:


Election Security

www.schneier.com/blog/archives/2019/06/election_securi_3.html Stanford University’s Cyber Policy Center has published a long report on the security of US elections. Summary: it’s not good.

Managing insider threats context is critical

www.itproportal.com/features/managing-insider-threats-context-is-critical/ Insider threat is a complex risk to manage; context is required to separate malicious actors from careless employees. The topic of insider threat is fast rising up on the corporate agenda. While you might think a companys own employees would be less likely to pose security risks than external attackers, analysis by Computing has found that insider threat was a factor in half of reported breaches.

GandCrab Threat Actors Retire…Maybe

www.fortinet.com/blog/threat-research/gandcrab-threat-actors-retire.html GandCrab was a Ransomware-as-a-Service malware managed by a criminal organization known to be confident and vocal, while running a rapidly evolving ransomware campaign. Through their aggressive, albeit unusual, marketing strategies and constant recruitment of affiliates, they were able to globally distribute a high volume of their malware. However, through a recent forum post, the GandCrab team has now publicly announced the end of a little more than a year of ransomware operations, citing staggering profit figures. However, considering how witty and novel this threat group has been throughout the course of their campaign, it wouldnt be a surprise if this retirement announcement was just another of their many public stunts. If theres one thing that sets these threat actors apart from other groups, it is that they are unpredictable; so there is always the possibility that they might re-surface in one form or another. In the meantime, FortiGuard Labs will continue to monitor for any new activities from this group.

The Return of the WiZard Vulnerability: Crooks Start Hitting

blog.yoroi.company/research/the-return-of-the-wizard-vulnerability-crooks-start-hitting/ In the past days, a really important issue has been disclosed to the public: Return of the WiZard vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server technologies, extremely diffused all around the globe and in Italy too.

Karu löydös Chrome-selaimesta: Näyttää kovasti vakoiluohjelmalta

www.is.fi/digitoday/art-2000006152557.html Lukemattomat seurantaohjelmistot tarkkailevat sinua verkossa. Moninaiset verkkosivut päästävät mainos- ja datayritykset kiinni käyttäjän selaushistoriaasi ja sijaintiisi tietokoneelle asennettavien evästetiedostojen avulla. Yksi selain suosii evästeitä kuitenkin muita enemmän. Maailman suosituin verkkoselain Chrome sallii oletuksena käyttäjän laajan tarkkailun. The Washington Postin kolumnisti kertoo löydöksistään, kun hän raotti Chromen konepeltiä. Chrome tarjoili vain yhden viikon käyttöjakson aikana yli 11000 seurantaan tarkoitettua evästettä. See also:


Virustorjunnat laitettiin viivalle suomalaistuote keräsi kehuja

www.tivi.fi/uutiset/tv/cf5371c4-0655-40af-9e60-12a7341ec43d Saksalainen Av-test laittoi suosituimmat Windows 10 – -virustorjuntaohjelmistot järjestykseen kolmella pääkriteerillä: suojaus, suorituskyky, ja käytettävyys. Kahdeksan testatuista ohjelmista sai täydet pisteet jokaisesta kategoriasta. Testit on kuitenkin tehty laboratotioympäristössä, tosimaailmassa erilaiset muuttujat voivat muuttaat tuloksia. Vaikka jokin ohjelma torjuikin virukset testissä sataprosenttisesti, ei se välttämättä pysty samaan kotioloissa.

Business Decision Makers Focus on the Wrong Security Issues

www.bleepingcomputer.com/news/security/business-decision-makers-focus-on-the-wrong-security-issues/ Individuals with security roles have a different opinion about the cloud threats organizations should be wary about and defend against than the more practical approaches actually seen in security incidents. The main worries among 1,250 decision makers on cloud-related security issues interviewed for a study commissioned by Symantec were data breaches and malware injection, yet statistical attack data tells a different story.

You might be interested in …

Daily NCSC-FI news followup 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations – Alert (AA20-352A) us-cert.cisa.gov/ncas/alerts/aa20-352a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor […]

Read More

Daily NCSC-FI news followup 2021-02-13

Who is to blame for the malicious Barcode Scanner that got on the Google Play store? blog.malwarebytes.com/android/2021/02/who-is-to-blame-for-the-malicious-barcode-scanner-that-got-on-the-google-play-store/ In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update, we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR.. All initial signs led […]

Read More

Daily NCSC-FI news followup 2019-08-28

Avast and French police take over malware botnet and disinfect 850,000 computers decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ Cybercrime: Ransomware attacks have more than doubled this year www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/ TrickBot Modifications Target U.S. Mobile Users www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users TrickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims voice and text communications. WootCloud Discovers ARES […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.