Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. Katso myös:


A School District in New Mexico Discloses Ransomware Attack

www.tripwire.com/state-of-security/security-data-protection/gadsden-independent-school-district-discloses-malware-attack/ Gadsden Independent School District (GISD) announced that it was working to recover from a malware infection on its network.. Local news reported that the school suffered a ransomware attack in which crypto-malware encrypted the districts servers and domain controllers. See also:


Georgia hit with ransomware yet again

nakedsecurity.sophos.com/2019/07/31/georgia-hit-with-malware-yet-again/ The most recent slap: attackers preyed on the Georgia Department of Public Safety (DPS), according to Government Technology Magazine. The DPS encompasses agencies including the Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division, which carries out safety inspections.. CISO Allen told Government Technology that paying ransom to crooks isnt the DPSs policy. . See also US Mayors commit to not paying ransom:

nakedsecurity.sophos.com/2019/07/15/ransomware-attackers-us-mayors-say-you-should-go-jump-in-a-lake/. See also US Gov’t and NGOs urge to defend against ransomware


Lancaster Uni cordons off breached systems a week after thousands of folks’ data pinched

www.theregister.co.uk/2019/07/31/lancaster_uni/ Following the breach, which affected somewhere between 12,000 and 20,000 people, the northwest England uni has begun pulling staff access to its LUSI (Lancaster University Student Information) records system, which was developed in-house and first went live around five years ago.

North Carolina County Lost $1.7 Million in BEC Scam

www.bleepingcomputer.com/news/security/north-carolina-county-lost-17-million-in-bec-scam/ After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors building the county’s new high school.. After learning that they made the payment to a fraudulent bank account, Cabarrus County notified their banks, who was able to recover a total of $776,518.40 of the stolen $2.5 million.

Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit

isc.sans.edu/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry%3A+Fire-3+Phishing+Kit/25188 Financial companies are heavily targeted with various more or less targeted phishing attempts. The attacks are often trying to collect e-mail credentials for business-email-compromise (BEC) attacks. The attacker will log in to the victims cloud-based email account to either add a Forward address or read the users e-mail.

Akamai said it picked up around 3.5 billion credential stuffing attempts over the past 18 months

www.theregister.co.uk/2019/07/31/black_hats_hate_banks_says_akamai/ See also (PDF)

www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-financial-services-attack-economy-report-2019.pdf. Content delivery network Akamai Technologies reckons that despite the time and effort spent convincing people not to fall for phishing and other frauds, the bigger threat might actually be credential-stuffing attacks.. Credential stuffing is more or less a synonym for brute-forcing access into a passworded system, except using previously breached login credentials rather than a rainbow table or some other setup of commonly reused username/password combinations.

Chrome 76 Dumps Default Adobe Flash Player Support

threatpost.com/chrome-76-default-adobe-flash/146843/ Google has launched the latest iteration of the Chrome browser for Windows, Mac and Linux, which blocks Adobe Flash Player default support and comes with more than 40 security fixes.. Though plans to deprecate Adobe Flash in Chrome have been brewing for years, Chrome 76 takes an official first step in turning off Flash Player by default, though users can still manually turn it on in their settings. The plans fit into Googles previously announced road map, which has a goal of ultimately killing off Adobe Flash support in December 2020.

New UK Home Sec calling for an end to end-to-end encryption

www.theregister.co.uk/2019/07/31/home_sec_priti_patel_five_eyes_encryption_controversy/ Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning’s Daily Telegraph to call for end-to-end encryption to be broken with backdoors inserted for illicit law enforcement access.

Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

thehackernews.com/2019/07/oxid-eshop-ecommerce.html Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.

Security lapse exposed weak points on Hondas internal network

techcrunch.com/2019/07/31/security-lapse-exposed-weak-points-on-hondas-internal-network/ An exposed database at automotive giant Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the companys weak points.. The server contained 134 million rows of employee systems data from the companys endpoint security service, containing technical details of each computer and device connected to the internal network.. There was no password on the database, allowing anyone to access and read the data.

You might be interested in …

Daily NCSC-FI news followup 2020-12-10

Ransomware forces hosting provider Netgain to take down data centers www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/ Netgain offers hosting and cloud IT solutions, including managed IT services and desktop-as-a-service environments, to companies in the healthcare and accounting industry.. According to [a customer], thousands of Netgain servers were affected by the ransomware attack, and that Netgain is working around the clock […]

Read More

Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social […]

Read More

Daily NCSC-FI news followup 2021-05-18

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html Internal Apple documents reviewed by The New York Times, interviews with 17 current and former Apple employees and four security experts, and new filings made in a court case in the United States last week provide rare insight into the compromises Mr. Cook […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.