Daily NCSC-FI news followup 2019-08-26

Poliisi varoittaa ihmisiä yhä yleisemmiksi käyvistä verkkorikoksista. Esimerkiksi niin sanottuja pomohuijauksia yritetään yllättäviinkin kohteisiin.

www.tivi.fi/uutiset/tv/dd810717-424e-4651-b482-e5c5014dcdd5 Tänä vuonna on tehty jo 196 rikosilmoitusta epäillystä toimitusjohtajapetoksesta ja poliisin arvion mukaan yritykset ja muut rikosten kohteeksi joutuneet toimijat ovat menettäneet rikosten takia rahaa arviolta 4,2 miljoonaa euroa.

Valtio aikoo fuusioida edellisen hallituksen sote- ja maakuntayhdistyksen yhteydessä perustamat it-yhtiöt Vimanan ja SoteDigin. Asian vahvistaa Tiville alivaltiosihteeri Päivi Nerg valtiovarainministeriöstä.

www.tivi.fi/uutiset/tv/9170be5d-9e91-430a-960e-feae7e2db207

Apple Releases iOS 12.4.1 to Patch Security Flaw Behind Jailbreak (CVE-2019-8605)

www.bleepingcomputer.com/news/security/apple-releases-ios-1241-to-patch-security-flaw-behind-jailbreak/

Cisco has released a hardware tool, called 4CAN, developed to help researchers to discover vulnerabilities in automotive systems.

securityaffairs.co/wordpress/90317/hacking/4can-automotive-testing-tool.html

New Nemty Ransomware May Spread via Compromised RDP Connections

www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/

WeDidIt! – Fundraising Platform Exposes 7.5 Million Records Online

securitydiscovery.com/wedidit-fundraising-platform/ 7.5 million records including full names names, user account numbers, home addresses, emails, and other identifiable details.

Detecting Bluetooth Credit Card Skimmers

www.schneier.com/blog/archives/2019/08/detecting_credi_1.html

Australia Plans to Block Domains That Host Terrorist Material During Crisis Situations

gizmodo.com/australia-plans-to-block-domains-that-host-terrorist-ma-1837560178

Microsoft is offering a Windows 7 extended security update to some users

www.zdnet.com/article/microsoft-is-offering-some-enterprise-users-a-one-year-windows-7-extended-security-update-promo/ Microsoft is running a limited-time promotion for EA and EAS customers which will give them a year of Windows 7 extended security updates for no additional charge.

Clickjacking scripts found on 613 popular sites, academics say

www.zdnet.com/article/clickjacking-scripts-found-on-613-popular-sites-academics-say/ Alexa top 250K websites — we detected 437 third-party scripts that intercepted user clicks on 613 websites, which in total receive around 43 million visits on a daily basis,” researchers said.

ThreatList: Half of All Social Media Logins Are Fraud

threatpost.com/half-social-media-logins-fraud/147688/ More than half of logins (53 percent) on social-media sites are fraudulent; and 25 percent of all new account applications on social media are fake, according to a recent analysis

Daily NCSC-FI news followup 2020-12-15

Yhdysvalloissa on hakkeroitu lisää hallinnon järjestelmiä kotimaan turvallisuusvirasto oli viimeisimmän kyberhyökkäyksen uhri yle.fi/uutiset/3-11697114 Yhdysvaltain kotimaan turvallisuusviraston vastuulla on maan suojeleminen perinteisiä sekä verkkohyökkäyksiä vastaan. No One Knows How Deep Russia’s Hacking Rampage Goes www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury/ Dark Halo Leverages SolarWinds Compromise to Breach Organizations www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ Volexity is releasing additional research and indicators associated with compromises impacting customers […]

Daily NCSC-FI news followup 2019-09-19

Telecommunications Breakdown: How Russian Telco Infrastructure was Exposed www.upguard.com/breaches/mts-nokia-telecom-inventory-data-exposure UpGuard can now disclose that a storage device containing 1.7 terabytes of information detailing telecommunications installations throughout the Russian Federation has been secured, preventing any future malicious use. This data includes schematics, administrative credentials, email archives, and other materials relating to telecom infrastructure projects.. Until recently […]

Daily NCSC-FI news followup 2021-01-28

Cybersecurity to the Rescue: Pseudonymisation for Personal Data Protection www.enisa.europa.eu/news/enisa-news/cybersecurity-to-the-rescue-pseudonymisation-for-personal-data-protection ENISA’s new report explores pseudonymisation techniques and use cases for healthcare and information sharing in cybersecurity Who’s Making All Those Scam Calls? www.nytimes.com/2021/01/27/magazine/scam-call-centers.html Malware Analysis Report (AR21-027A) – MAR-10319053-1.v1 – Supernova us-cert.cisa.gov/ncas/analysis-reports/ar21-027a ANNOUNCING PWN2OWN VANCOUVER 2021 www.zerodayinitiative.com/blog/2021/1/25/announcing-pwn2own-vancouver-2021 Introducing data breach guidance for individuals and families […]