Daily NCSC-FI news followup 2019-07-11

(10.7.) Kemin tietoliikenneverkossa päällä pitkä vikatilanne ongelmia erityisesti terveyspalveluissa, kun potilastietoihin ei päästä käsiksi

www.kaleva.fi/uutiset/pohjois-suomi/kemin-tietoliikenneverkossa-paalla-pitka-vikatilanne-ongelmia-erityisesti-terveyspalveluissa-kun-potilastietoihin-ei-paasta-kasiksi/823324/ Myös: www.radiopooki.fi/uutiset/lappi/a-181258 (Kemin tietoverkkoviat korjattu). Myös:

www.kaleva.fi/uutiset/pohjois-suomi/kemin-kaupungin-tietoliikenneverkko-toimii-jalleen-normaalisti/823346/. Myös:

www.kaleva.fi/uutiset/pohjois-suomi/kemia-riivanneen-tietoliikenneverkon-hairion-syy-saatiin-selvitettya/823367/. (Kemin kaupungin tiedote):


Vulnerable GE anesthesia machines can be manipulated by attackers

www.helpnetsecurity.com/2019/07/10/vulnerable-ge-anesthesia-machines/ A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices settings and silence alarms, CyberMDX researchers have found.. CVE-2019-10966 affects versions 7100 and 7900 of the GE Aestive and GE Aespire machines, primarily used in the U.S.

Fake voices ‘help cyber-crooks steal cash’

www.bbc.com/news/technology-48908736 A security firm says deepfaked audio is being used to steal millions of pounds.. Symantec said it had seen three cases of seemingly deepfaked audio of different chief executives used to trick senior financial controllers into transferring cash.. The AI system could be trained using the “huge amount” of audio the average chief executive would have innocently made available, Symantec said.

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

www.tripwire.com/state-of-security/featured/apple-walkie-talkie-app-exploited-iphones/ Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.

Wondering how to whack Zoom’s dodgy hidden web server on your Mac? No worries, Apple’s done it for you

www.theregister.co.uk/2019/07/11/apple_removes_zooms_dodgy_hidden_web_server_on_mac/ Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.

Google admits partners leaked more than 1,000 private conversations with Google Assistant

www.cnbc.com/2019/07/11/google-admits-leaked-private-voice-conversations.html Google on Wednesday admitted that partners who work to analyze voice snippets from the Google Assistant leaked more than 1,000 private conversations to a Belgian news outlet.. also:

threatpost.com/google-home-recordings-domestic-violence/146424/. Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used.

Twitter Experiencing a Worldwide Outage Caused by a Service Disruption


US mayors group adopts resolution not to pay any more ransoms to hackers

www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/ The US Conference of Mayors unanimously adopted yesterday a resolution not to pay any more ransom demands to hackers following ransomware infections.


www.wired.com/story/magecart-amazon-cloud-hacks/ A new report from threat detection firm RiskIQ details how Magecart hackers have found a way to scan Amazon S3 buckets. – cloud repositories that hold data and other backend necessities for sites and companiesfor any that are misconfigured to allow anyone with an Amazon Web Services account to not just read their contents but write to them, implementing whatever changes they want.

Fake CS: GO, PUBG, Rust Cheats Push Password-Stealing Trojan


FinSpy commercial spyware

www.kaspersky.com/blog/finspy-commercial-spyware/27606/ Although a desktop version of the spyware exists (not only for Windows, but also for macOS and Linux), the greatest danger largely comes from mobile implants: FinSpy can be installed on both iOS and Android, with the same set of functions available for each platform. The app gives an attacker almost total control over the data on an infected device.

Hacked surveillance firm pitches NYC with invasive camera tech to track driver journeys

www.zdnet.com/article/hacked-surveillance-firm-pitches-nyc-with-ml-cameras-to-track-driver-journeys/ Scanning technology already in use at the Mexican border was pitched as a way to build profiles of driver habits.

German banks are moving away from SMS one-time passcodes

www.zdnet.com/article/german-banks-are-moving-away-from-sms-one-time-passcodes/#ftag=RSSbaffb68 New EU legislation might help kill SMS 2FA / 2SV / OTP.. The reason why German banks are dropping support for SMS OTP is because of legislation that the EU passed in 2015, set to enter into effect on September 14, this year.

AMD’s SEV tech that protects cloud VMs from rogue servers may as well stand for… Still Extremely Vulnerable

www.theregister.co.uk/2019/07/10/amd_secure_enclave_vulnerability/ Evil hypervisors can work out what apps are running, extract data from encrypted guests

Bad McAfee Exploit Prevention Update Blocked Windows Logins

www.bleepingcomputer.com/news/security/bad-mcafee-exploit-prevention-update-blocked-windows-logins/ An update for the McAfee Endpoint Security (ENS) security software was released today that caused major headaches for system administrators all over the world as it prevented users from being able to login to their computers.

LooCipher: Can Encrypted Files Be Recovered From Hell?

www.fortinet.com/blog/threat-research/loocipher-can-encrypted-files-be-recovered.html LooCipher is a new ransomware being distributed in the wild. While there have been articles discussing its main behaviour, how this new ransomware is being spread, and how it communicates with its command and control server to send victim machine information, this blog will focus on LooCiphers file encryption mechanism and take a look at the possibility of decrypting affected files without paying the ransom. This data block is then shuffled to form the 16-byte key that this ransomware uses for encrypting files with the AES-ECB encryption algorithm. This key is used for all file encryption. This is unlike most ransomwares, which generate a different key for each file they encrypt.

You might be interested in …

Daily NCSC-FI news followup 2020-01-25

Kyberhäiriötilanteisiin kannattaa valmistautua jo etukäteen varautumista koskevat suositukset ja sääntely koottiin yhteen www.epressi.com/tiedotteet/tietoturva/kyberhairiotilanteisiin-kannattaa-valmistautua-jo-etukateen-varautumista-koskevat-suositukset-ja-saantely-koottiin-yhteen.html Huoltovarmuusorganisaation Digipooli ja Tietoliikenteen ja tietotekniikan keskusliitto FiCom ry ovat julkaisseet suositukset kyberturvallisuudestaan huolehtiville yrityksille sekä IT- ja tietoturvapalveluiden tarjoajille. Suosituksia tarjoillaan kolmeen vaiheeseen: ennen sopimista, palvelun ylläpidossa ja häiriötilanteissa huomioitaviin asioihin. Does Your Domain Have a Registry Lock? krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/ Hackers target […]

Read More

Daily NCSC-FI news followup 2019-07-12

Buhtrap group uses zeroday in latest espionage campaigns www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/ ESET research reveals notorious crime group also conducting espionage campaigns for the past five years Over 17,000 Domains Infected with Code that Steals Card Data www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/ Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured […]

Read More

Daily NCSC-FI news followup 2020-08-04

Google and Amazon overtake Apple as most imitated brands for phishing in Q2 2020 blog.checkpoint.com/2020/08/04/google-and-amazon-overtake-apple-as-most-imitated-brands-for-phishing-in-q2-2020/ When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: Because thats where the money is. The same logic applies to the question, Why are there so many phishing attacks? […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.