Daily NCSC-FI news followup 2019-08-22

TechCrunch: T-Mobile hit by hours-long nationwide outage

techcrunch.com/2019/08/21/t-mobile-outage/

Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi”

yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin.

Fonectalla laaja tietovuoto: Tavallisella käyttäjä­tunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arka­luontoisiin henkilö­tietoihin

www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on voinut nähdä useiden satojen rekistereiden täyden sisällön. Mukana on arkaluonteisia henkilötietoja.

Firstofitskind spyware sneaks into Google Play

www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play twice

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/ Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The Gamaredon Group: A TTP Profile Analysis

www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks.

npm Pulls Malicious Package that Stole Login Passwords

www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/ A malicious package (bb-builder) was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on.

AMEO ‘concerned’ about nation-state attacks on power grids

www.zdnet.com/article/ameo-concerned-about-nation-state-attacks-on-power-grids/ Distributed energy resources such a rooftop solar will create ‘a fairly wicked supply chain issue’. How will the sector address organisation culture issues as IT and operational technology are merged?

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/ NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.

You might be interested in …

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi: yle.fi/uutiset/3-11637719 Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja […]

Read More

Daily NCSC-FI news followup 2019-12-17

Visa Security Alert – CYBERCRIME GROUPS TARGETING FUEL DISPENSER MERCHANTS click.broadcasts.visa.com/xfm/?30761/0/0624013ddc6f39785bf56d504f3b812e/lonew In summer 2019, Visa Payment Fraud Disruption (PFD) identified three unique attacks targeting merchant point-of-sale (POS) systems that were likely carried out by sophisticated cybercrime groups. Two of the attacks targeted the POS systems of North American fuel dispenser merchants. PFD recently reported on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.