Daily NCSC-FI news followup 2019-08-26

Poliisi varoittaa ihmisiä yhä yleisemmiksi käyvistä verkkorikoksista. Esimerkiksi niin sanottuja pomohuijauksia yritetään yllättäviinkin kohteisiin.

www.tivi.fi/uutiset/tv/dd810717-424e-4651-b482-e5c5014dcdd5 Tänä vuonna on tehty jo 196 rikosilmoitusta epäillystä toimitusjohtajapetoksesta ja poliisin arvion mukaan yritykset ja muut rikosten kohteeksi joutuneet toimijat ovat menettäneet rikosten takia rahaa arviolta 4,2 miljoonaa euroa.

Valtio aikoo fuusioida edellisen hallituksen sote- ja maakuntayhdistyksen yhteydessä perustamat it-yhtiöt Vimanan ja SoteDigin. Asian vahvistaa Tiville alivaltiosihteeri Päivi Nerg valtiovarainministeriöstä.

www.tivi.fi/uutiset/tv/9170be5d-9e91-430a-960e-feae7e2db207

Apple Releases iOS 12.4.1 to Patch Security Flaw Behind Jailbreak (CVE-2019-8605)

www.bleepingcomputer.com/news/security/apple-releases-ios-1241-to-patch-security-flaw-behind-jailbreak/

Cisco has released a hardware tool, called 4CAN, developed to help researchers to discover vulnerabilities in automotive systems.

securityaffairs.co/wordpress/90317/hacking/4can-automotive-testing-tool.html

New Nemty Ransomware May Spread via Compromised RDP Connections

www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/

WeDidIt! – Fundraising Platform Exposes 7.5 Million Records Online

securitydiscovery.com/wedidit-fundraising-platform/ 7.5 million records including full names names, user account numbers, home addresses, emails, and other identifiable details.

Detecting Bluetooth Credit Card Skimmers

www.schneier.com/blog/archives/2019/08/detecting_credi_1.html

Australia Plans to Block Domains That Host Terrorist Material During Crisis Situations

gizmodo.com/australia-plans-to-block-domains-that-host-terrorist-ma-1837560178

Microsoft is offering a Windows 7 extended security update to some users

www.zdnet.com/article/microsoft-is-offering-some-enterprise-users-a-one-year-windows-7-extended-security-update-promo/ Microsoft is running a limited-time promotion for EA and EAS customers which will give them a year of Windows 7 extended security updates for no additional charge.

Clickjacking scripts found on 613 popular sites, academics say

www.zdnet.com/article/clickjacking-scripts-found-on-613-popular-sites-academics-say/ Alexa top 250K websites — we detected 437 third-party scripts that intercepted user clicks on 613 websites, which in total receive around 43 million visits on a daily basis,” researchers said.

ThreatList: Half of All Social Media Logins Are Fraud

threatpost.com/half-social-media-logins-fraud/147688/ More than half of logins (53 percent) on social-media sites are fraudulent; and 25 percent of all new account applications on social media are fake, according to a recent analysis