Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. Katso myös:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/edistyneet-kiristyshyokkaykset-yleistyvat-varo-joutumasta-saaliiksi

A School District in New Mexico Discloses Ransomware Attack

www.tripwire.com/state-of-security/security-data-protection/gadsden-independent-school-district-discloses-malware-attack/ Gadsden Independent School District (GISD) announced that it was working to recover from a malware infection on its network.. Local news reported that the school suffered a ransomware attack in which crypto-malware encrypted the districts servers and domain controllers. See also:

www.tripwire.com/state-of-security/security-data-protection/cyber-security/22-ransomware-prevention-tips/

Georgia hit with ransomware yet again

nakedsecurity.sophos.com/2019/07/31/georgia-hit-with-malware-yet-again/ The most recent slap: attackers preyed on the Georgia Department of Public Safety (DPS), according to Government Technology Magazine. The DPS encompasses agencies including the Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division, which carries out safety inspections.. CISO Allen told Government Technology that paying ransom to crooks isnt the DPSs policy. . See also US Mayors commit to not paying ransom:

nakedsecurity.sophos.com/2019/07/15/ransomware-attackers-us-mayors-say-you-should-go-jump-in-a-lake/. See also US Gov’t and NGOs urge to defend against ransomware

arstechnica.com/information-technology/2019/07/cybersecurity-officials-warn-state-and-local-agencies-again-to-fend-off-ransomware/

Lancaster Uni cordons off breached systems a week after thousands of folks’ data pinched

www.theregister.co.uk/2019/07/31/lancaster_uni/ Following the breach, which affected somewhere between 12,000 and 20,000 people, the northwest England uni has begun pulling staff access to its LUSI (Lancaster University Student Information) records system, which was developed in-house and first went live around five years ago.

North Carolina County Lost $1.7 Million in BEC Scam

www.bleepingcomputer.com/news/security/north-carolina-county-lost-17-million-in-bec-scam/ After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors building the county’s new high school.. After learning that they made the payment to a fraudulent bank account, Cabarrus County notified their banks, who was able to recover a total of $776,518.40 of the stolen $2.5 million.

Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit

isc.sans.edu/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry%3A+Fire-3+Phishing+Kit/25188 Financial companies are heavily targeted with various more or less targeted phishing attempts. The attacks are often trying to collect e-mail credentials for business-email-compromise (BEC) attacks. The attacker will log in to the victims cloud-based email account to either add a Forward address or read the users e-mail.

Akamai said it picked up around 3.5 billion credential stuffing attempts over the past 18 months

www.theregister.co.uk/2019/07/31/black_hats_hate_banks_says_akamai/ See also (PDF)

www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-financial-services-attack-economy-report-2019.pdf. Content delivery network Akamai Technologies reckons that despite the time and effort spent convincing people not to fall for phishing and other frauds, the bigger threat might actually be credential-stuffing attacks.. Credential stuffing is more or less a synonym for brute-forcing access into a passworded system, except using previously breached login credentials rather than a rainbow table or some other setup of commonly reused username/password combinations.

Chrome 76 Dumps Default Adobe Flash Player Support

threatpost.com/chrome-76-default-adobe-flash/146843/ Google has launched the latest iteration of the Chrome browser for Windows, Mac and Linux, which blocks Adobe Flash Player default support and comes with more than 40 security fixes.. Though plans to deprecate Adobe Flash in Chrome have been brewing for years, Chrome 76 takes an official first step in turning off Flash Player by default, though users can still manually turn it on in their settings. The plans fit into Googles previously announced road map, which has a goal of ultimately killing off Adobe Flash support in December 2020.

New UK Home Sec calling for an end to end-to-end encryption

www.theregister.co.uk/2019/07/31/home_sec_priti_patel_five_eyes_encryption_controversy/ Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning’s Daily Telegraph to call for end-to-end encryption to be broken with backdoors inserted for illicit law enforcement access.

Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

thehackernews.com/2019/07/oxid-eshop-ecommerce.html Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.

Security lapse exposed weak points on Hondas internal network

techcrunch.com/2019/07/31/security-lapse-exposed-weak-points-on-hondas-internal-network/ An exposed database at automotive giant Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the companys weak points.. The server contained 134 million rows of employee systems data from the companys endpoint security service, containing technical details of each computer and device connected to the internal network.. There was no password on the database, allowing anyone to access and read the data.

You might be interested in …

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

Daily NCSC-FI news followup 2020-10-13

Windows Update can be abused to execute malicious programs www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/ MDSec researcher David Middlehurst discovered that Windows Update client (wuauclt) can also be used by attackers to execute malicious code on Windows 10 systems. Middlehurst also found a sample using it in the wild. Microsoft October Patch Tuesday fixes 87 bugs, six publicly disclosed www.bleepingcomputer.com/news/security/microsoft-october-patch-tuesday-fixes-87-bugs-six-publicly-disclosed/ […]

Read More

Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa. Italian police arrest two over hacking at defence group Leonardo www.reuters.com/article/idUSL8N2IL08W A manager and a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.