Daily NCSC-FI news followup 2019-10-07

Mikko Hyppönen: Unohda nämä kaksi turvasääntöä

www.is.fi/digitoday/tietoturva/art-2000006262088.html F-Securen tietoturvajohtaja Mikko Hyppönen haluaa kumota yleisen uskomuksen siitä, että kalastelun tai nettihuijauksen uhriksi joutuneet ihmiset olisivat tyhmiä tai tapahtunut olisi heidän omaa vikaansa.. Hyppösen mukaan verkkokonnien keksimät uudet keinot ovat tehneet kahdesta klassisesta turvallisen verkkosivuston tunnusmerkistä vanhentuneita. Nämä ovat osoiterivillä oleva lukon kuva sekä osoiterivillä näkyvä turvallisena pidetty nettiosoite. Ihmisiä on vuosikausia kehotettu nimenomaan kiinnittämään huomio niihin.. Nämä säännöt eivät enää päde, Hyppönen sanoo.

No one could prevent another WannaCry-style attack, says DHS official

techcrunch.com/2019/10/06/government-prevent-wannacry-style-dhs/ Jeanette Manfra, the assistant director for cybersecurity for Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers around the world infected with ransomware, was uniquely challenging because it spread so quickly.. I dont know that we could ever prevent something like that, said Manfra, referring to another WannaCry-style attack. We just have something that completely manifests itself as a worm. I think the original perpetrators didnt expect probably that sort of impact, she added.

Report: Alabama hospitals pay hackers in ransomware attack

www.apnews.com/0721066fa85941418067badd7c747372 An Alabama hospital system that quit accepting new patients after a ransomware attack said Saturday it had gotten a key to unlock its computer systems.. A statement from DCH Health Systems didnt say how the three-hospital system got the information needed to unlock its data. But The Tuscaloosa News quoted spokesman Brad Fisher as saying the hospital system paid the attackers.

F-Secure aloittaa yt:t karsii jopa 50 työpaikkaa

www.tivi.fi/uutiset/tv/9490d5b6-9083-4469-9079-07dcd729e08c F-Secure järjestelee toimintojaan uudelleen. Järjestelyjen avulla F-Secure toteuttaa MWR InfoSecurityn yritysoston synergioita, kohdentaa resursseja uudelleen kasvun tukemiseksi ja tehostaa tukitoimintoja.

US to help secure Baltic energy grid against cyber-attacks

www.france24.com/en/20191006-us-to-help-secure-baltic-energy-grid-against-cyber-attacks The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid.. US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement “a critical moment for the Baltic States in strengthening cybersecurity” in strategic energy infrastructure.

FBI warns about attacks that bypass multi-factor authentication (MFA)

www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/ FBI warns about SIM swapping and tools like Muraen and NecroBrowser.

RobbinHood Ransomware Using Street Cred to Make Victims Pay

www.bleepingcomputer.com/news/security/robbinhood-ransomware-using-street-cred-to-make-victims-pay/ The operators behind the RobbinHood ransomware have changed their language in the ransom note to take from victims all hope of decrypting the files for free and to make them pay for the recovery.. Boastful and arrogant in their message, the cybercriminals point to past incidents involving their ransomware, which ended with victims paying much more than the ransom demand.

A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks

www.zdnet.com/article/old-drupalgeddon2-rce-is-still-being-employed-in-cybercriminal-attacks/#ftag=RSSbaffb68 A remote code execution (RCE) vulnerability patched over a year and a half ago is still being actively employed in attacks against high-profile websites.. According to cybersecurity researchers from Akamai, the bug, which impacts the open source Drupal content management system (CMS) used to manage websites, is being exploited through malicious .GIF files.

Biggest Threat to United States: Cyber Warfare?

www.msspalert.com/cybersecurity-markets/americas/cyber-warfare-threat-united-states/ Cyber warfare is the nations greatest threat, Acting Director of National Intelligence (DNI) Joseph Maguire recently told the House Intelligence Committee in an open hearing on Thursday, Sept. 26 regarding U.S. election security and the whistleblower complaint against President Trump.. We do face significant threats, Id say No. 1 is not necessarily kinetic, its cyber, this is a cyber war, Maguire said. We talk about whether or not the great competition is taking place with Russia and China, and we are building ships and weapons to do that, but in my estimation the great competition with these countries is taking place right now and is doing that in the cyber realm.

Cisco closes high-impact vulnerabilities in its security offerings

www.helpnetsecurity.com/2019/10/07/cisco-vulnerabilities-security-offerings/ Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as soon as possible.

Supply chain attacks: threats targeting service providers and design offices

www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-005/ This technical document aims at warning about a cyber threat targeting service providers and design offices, as well as their clients. Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients.. PDF report:


D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

threatpost.com/d-link-home-routers-unpatched/148941/ The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinets FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).

White-hat hacks Muhstik ransomware gang and releases decryption keys

www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/#ftag=RSSbaffb68 Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter.. One of the gang’s victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files.. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks’ database from their server.

You might be interested in …

Daily NCSC-FI news followup 2020-02-19

ISS: Security incident impacting parts of the IT environment www.fi.issworld.com/ On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident. Dharma […]

Read More

Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as […]

Read More

Daily NCSC-FI news followup 2021-03-18

Tiedote 18.3.2021: Timanttiteko-palkinto 2020 Kyberturvallisuuskeskukselle www.erillisverkot.fi/timanttiteko-palkinto-2020/ Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien arviointi on välttämätöntä. Suojelupoliisi tunnisti […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.