Daily NCSC-FI news followup 2019-07-11

(10.7.) Kemin tietoliikenneverkossa päällä pitkä vikatilanne ongelmia erityisesti terveyspalveluissa, kun potilastietoihin ei päästä käsiksi

www.kaleva.fi/uutiset/pohjois-suomi/kemin-tietoliikenneverkossa-paalla-pitka-vikatilanne-ongelmia-erityisesti-terveyspalveluissa-kun-potilastietoihin-ei-paasta-kasiksi/823324/ Myös: www.radiopooki.fi/uutiset/lappi/a-181258 (Kemin tietoverkkoviat korjattu). Myös:

www.kaleva.fi/uutiset/pohjois-suomi/kemin-kaupungin-tietoliikenneverkko-toimii-jalleen-normaalisti/823346/. Myös:

www.kaleva.fi/uutiset/pohjois-suomi/kemia-riivanneen-tietoliikenneverkon-hairion-syy-saatiin-selvitettya/823367/. (Kemin kaupungin tiedote):


Vulnerable GE anesthesia machines can be manipulated by attackers

www.helpnetsecurity.com/2019/07/10/vulnerable-ge-anesthesia-machines/ A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices settings and silence alarms, CyberMDX researchers have found.. CVE-2019-10966 affects versions 7100 and 7900 of the GE Aestive and GE Aespire machines, primarily used in the U.S.

Fake voices ‘help cyber-crooks steal cash’

www.bbc.com/news/technology-48908736 A security firm says deepfaked audio is being used to steal millions of pounds.. Symantec said it had seen three cases of seemingly deepfaked audio of different chief executives used to trick senior financial controllers into transferring cash.. The AI system could be trained using the “huge amount” of audio the average chief executive would have innocently made available, Symantec said.

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

www.tripwire.com/state-of-security/featured/apple-walkie-talkie-app-exploited-iphones/ Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.

Wondering how to whack Zoom’s dodgy hidden web server on your Mac? No worries, Apple’s done it for you

www.theregister.co.uk/2019/07/11/apple_removes_zooms_dodgy_hidden_web_server_on_mac/ Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.

Google admits partners leaked more than 1,000 private conversations with Google Assistant

www.cnbc.com/2019/07/11/google-admits-leaked-private-voice-conversations.html Google on Wednesday admitted that partners who work to analyze voice snippets from the Google Assistant leaked more than 1,000 private conversations to a Belgian news outlet.. also:

threatpost.com/google-home-recordings-domestic-violence/146424/. Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used.

Twitter Experiencing a Worldwide Outage Caused by a Service Disruption


US mayors group adopts resolution not to pay any more ransoms to hackers

www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/ The US Conference of Mayors unanimously adopted yesterday a resolution not to pay any more ransom demands to hackers following ransomware infections.


www.wired.com/story/magecart-amazon-cloud-hacks/ A new report from threat detection firm RiskIQ details how Magecart hackers have found a way to scan Amazon S3 buckets. – cloud repositories that hold data and other backend necessities for sites and companiesfor any that are misconfigured to allow anyone with an Amazon Web Services account to not just read their contents but write to them, implementing whatever changes they want.

Fake CS: GO, PUBG, Rust Cheats Push Password-Stealing Trojan


FinSpy commercial spyware

www.kaspersky.com/blog/finspy-commercial-spyware/27606/ Although a desktop version of the spyware exists (not only for Windows, but also for macOS and Linux), the greatest danger largely comes from mobile implants: FinSpy can be installed on both iOS and Android, with the same set of functions available for each platform. The app gives an attacker almost total control over the data on an infected device.

Hacked surveillance firm pitches NYC with invasive camera tech to track driver journeys

www.zdnet.com/article/hacked-surveillance-firm-pitches-nyc-with-ml-cameras-to-track-driver-journeys/ Scanning technology already in use at the Mexican border was pitched as a way to build profiles of driver habits.

German banks are moving away from SMS one-time passcodes

www.zdnet.com/article/german-banks-are-moving-away-from-sms-one-time-passcodes/#ftag=RSSbaffb68 New EU legislation might help kill SMS 2FA / 2SV / OTP.. The reason why German banks are dropping support for SMS OTP is because of legislation that the EU passed in 2015, set to enter into effect on September 14, this year.

AMD’s SEV tech that protects cloud VMs from rogue servers may as well stand for… Still Extremely Vulnerable

www.theregister.co.uk/2019/07/10/amd_secure_enclave_vulnerability/ Evil hypervisors can work out what apps are running, extract data from encrypted guests

Bad McAfee Exploit Prevention Update Blocked Windows Logins

www.bleepingcomputer.com/news/security/bad-mcafee-exploit-prevention-update-blocked-windows-logins/ An update for the McAfee Endpoint Security (ENS) security software was released today that caused major headaches for system administrators all over the world as it prevented users from being able to login to their computers.

LooCipher: Can Encrypted Files Be Recovered From Hell?

www.fortinet.com/blog/threat-research/loocipher-can-encrypted-files-be-recovered.html LooCipher is a new ransomware being distributed in the wild. While there have been articles discussing its main behaviour, how this new ransomware is being spread, and how it communicates with its command and control server to send victim machine information, this blog will focus on LooCiphers file encryption mechanism and take a look at the possibility of decrypting affected files without paying the ransom. This data block is then shuffled to form the 16-byte key that this ransomware uses for encrypting files with the AES-ECB encryption algorithm. This key is used for all file encryption. This is unlike most ransomwares, which generate a different key for each file they encrypt.

You might be interested in …

Daily NCSC-FI news followup 2020-10-27

Uusi työkalu johdolle kyberuhkien hallintaan www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/uusi-tyokalu-johdolle-kyberuhkien-hallintaan Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen kehittämä Kybermittari auttaa yritysjohtoa saamaan kyberriskit kattavammin hallintaan ja turvaamaan liiketoiminnan jatkuvuuden. DN: Suuri tietomurto ruotsalaiseen turvallisuusalan yritykseen, verkkoon on vuodettu muun muassa pankki­holvien piirustuksia www.hs.fi/ulkomaat/art-2000006700788.html Ruotsalaiseen, kansainvälisesti toimivaan turvallisuusalan yhtiöön on tehty mittava tietomurto, jossa verkkoon on vuodettu esimerkiksi pankkiholvien piirustuksia ja hälytysjärjestelmien […]

Read More

Daily NCSC-FI news followup 2021-02-01

Someväitteiden mukaan Vastaamo-uhrien pankkitilejä tyhjennetty – todellisuudessa kyse lienee kierosta huijauksesta Nordean ja OP:n nimissä www.is.fi/digitoday/tietoturva/art-2000007776104.html Suomessa on meneillään kehittynyt OP:n ja Nordean nimissä tehtävä tietojenkalastelu, joka sattuu samaan aikaan Vastaamon asiakastietojen aktiivisen leviämisen kanssa. – Vastaamo-tiedoissa ei ole ollut sellaisia tietoja, jotka tämän mahdollistaisivat. Siellä ei ole ollut esimerkiksi käyttäjätunnus ja salasana -pareja tai […]

Read More

Daily NCSC-FI news followup 2020-02-06

Protecting users from insecure downloads in Google Chrome security.googleblog.com/2020/02/protecting-users-from-insecure_6.html Today were announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, well start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.