Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. Katso myös:


A School District in New Mexico Discloses Ransomware Attack

www.tripwire.com/state-of-security/security-data-protection/gadsden-independent-school-district-discloses-malware-attack/ Gadsden Independent School District (GISD) announced that it was working to recover from a malware infection on its network.. Local news reported that the school suffered a ransomware attack in which crypto-malware encrypted the districts servers and domain controllers. See also:


Georgia hit with ransomware yet again

nakedsecurity.sophos.com/2019/07/31/georgia-hit-with-malware-yet-again/ The most recent slap: attackers preyed on the Georgia Department of Public Safety (DPS), according to Government Technology Magazine. The DPS encompasses agencies including the Georgia State Patrol, Georgia Capitol Police and the Motor Carrier Compliance Division, which carries out safety inspections.. CISO Allen told Government Technology that paying ransom to crooks isnt the DPSs policy. . See also US Mayors commit to not paying ransom:

nakedsecurity.sophos.com/2019/07/15/ransomware-attackers-us-mayors-say-you-should-go-jump-in-a-lake/. See also US Gov’t and NGOs urge to defend against ransomware


Lancaster Uni cordons off breached systems a week after thousands of folks’ data pinched

www.theregister.co.uk/2019/07/31/lancaster_uni/ Following the breach, which affected somewhere between 12,000 and 20,000 people, the northwest England uni has begun pulling staff access to its LUSI (Lancaster University Student Information) records system, which was developed in-house and first went live around five years ago.

North Carolina County Lost $1.7 Million in BEC Scam

www.bleepingcomputer.com/news/security/north-carolina-county-lost-17-million-in-bec-scam/ After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors building the county’s new high school.. After learning that they made the payment to a fraudulent bank account, Cabarrus County notified their banks, who was able to recover a total of $776,518.40 of the stolen $2.5 million.

Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit

isc.sans.edu/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry%3A+Fire-3+Phishing+Kit/25188 Financial companies are heavily targeted with various more or less targeted phishing attempts. The attacks are often trying to collect e-mail credentials for business-email-compromise (BEC) attacks. The attacker will log in to the victims cloud-based email account to either add a Forward address or read the users e-mail.

Akamai said it picked up around 3.5 billion credential stuffing attempts over the past 18 months

www.theregister.co.uk/2019/07/31/black_hats_hate_banks_says_akamai/ See also (PDF)

www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-financial-services-attack-economy-report-2019.pdf. Content delivery network Akamai Technologies reckons that despite the time and effort spent convincing people not to fall for phishing and other frauds, the bigger threat might actually be credential-stuffing attacks.. Credential stuffing is more or less a synonym for brute-forcing access into a passworded system, except using previously breached login credentials rather than a rainbow table or some other setup of commonly reused username/password combinations.

Chrome 76 Dumps Default Adobe Flash Player Support

threatpost.com/chrome-76-default-adobe-flash/146843/ Google has launched the latest iteration of the Chrome browser for Windows, Mac and Linux, which blocks Adobe Flash Player default support and comes with more than 40 security fixes.. Though plans to deprecate Adobe Flash in Chrome have been brewing for years, Chrome 76 takes an official first step in turning off Flash Player by default, though users can still manually turn it on in their settings. The plans fit into Googles previously announced road map, which has a goal of ultimately killing off Adobe Flash support in December 2020.

New UK Home Sec calling for an end to end-to-end encryption

www.theregister.co.uk/2019/07/31/home_sec_priti_patel_five_eyes_encryption_controversy/ Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning’s Daily Telegraph to call for end-to-end encryption to be broken with backdoors inserted for illicit law enforcement access.

Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

thehackernews.com/2019/07/oxid-eshop-ecommerce.html Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.

Security lapse exposed weak points on Hondas internal network

techcrunch.com/2019/07/31/security-lapse-exposed-weak-points-on-hondas-internal-network/ An exposed database at automotive giant Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the companys weak points.. The server contained 134 million rows of employee systems data from the companys endpoint security service, containing technical details of each computer and device connected to the internal network.. There was no password on the database, allowing anyone to access and read the data.

You might be interested in …

Daily NCSC-FI news followup 2020-02-05

Malware infection attempts appear to be shrinking… possibly because miscreants are less spammy and more focused on specific targets www.theregister.co.uk/2020/02/04/sonicwall_threat_report/ Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall. FBI Warns of DDoS Attack on State Voter Registration Site www.bleepingcomputer.com/news/security/fbi-warns-of-ddos-attack-on-state-voter-registration-site/ The US Federal Bureau of Investigation (FBI) […]

Read More

Daily NCSC-FI news followup 2020-02-16

Rikolliset huijasivat 2,6 miljoonaa Puerto Ricon hallitukselta www.tivi.fi/uutiset/tv/be9c0d32-bac0-42b0-ae4d-2ea0bca660cc Puerto Ricossa on paljastunut tapaus, jossa hakkerit ovat onnistuneet saamaan omalle tililleen peräti 2,6 miljoonaa paikallisen hallinnon rahoja. Tarkkaa huijauskeinoa ei ole paljastettu, mutta Softpedian mukaan hakkerit onnistuivat jollakin konstilla vaihtamaan yhden tilinumeron, ja sitä kautta rahat valuivat vääriin käsiin. Israelilaissotilaita houkuteltiin naisten avulla – seksikuvien sijasta […]

Read More

Daily NCSC-FI news followup 2019-07-29

Video: Analyzing Compressed PowerShell Scripts isc.sans.edu/diary/Video%3A+Analyzing+Compressed+PowerShell+Scripts/25178 In diary entry “Analyzing Compressed PowerShell Scripts”, we took a look at a malicious Word document with compressed PowerShell script.. See also: isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/ DMARC’s Abysmal Adoption Explains Why Email Spoofing is Still a Thing www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/ Around 79.7% don’t use DMARC, according to a report that surveyed the DMARC policies […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.