Daily NCSC-FI news followup 2019-10-07

Mikko Hyppönen: Unohda nämä kaksi turvasääntöä

www.is.fi/digitoday/tietoturva/art-2000006262088.html F-Securen tietoturvajohtaja Mikko Hyppönen haluaa kumota yleisen uskomuksen siitä, että kalastelun tai nettihuijauksen uhriksi joutuneet ihmiset olisivat tyhmiä tai tapahtunut olisi heidän omaa vikaansa.. Hyppösen mukaan verkkokonnien keksimät uudet keinot ovat tehneet kahdesta klassisesta turvallisen verkkosivuston tunnusmerkistä vanhentuneita. Nämä ovat osoiterivillä oleva lukon kuva sekä osoiterivillä näkyvä turvallisena pidetty nettiosoite. Ihmisiä on vuosikausia kehotettu nimenomaan kiinnittämään huomio niihin.. Nämä säännöt eivät enää päde, Hyppönen sanoo.

No one could prevent another WannaCry-style attack, says DHS official

techcrunch.com/2019/10/06/government-prevent-wannacry-style-dhs/ Jeanette Manfra, the assistant director for cybersecurity for Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers around the world infected with ransomware, was uniquely challenging because it spread so quickly.. I dont know that we could ever prevent something like that, said Manfra, referring to another WannaCry-style attack. We just have something that completely manifests itself as a worm. I think the original perpetrators didnt expect probably that sort of impact, she added.

Report: Alabama hospitals pay hackers in ransomware attack

www.apnews.com/0721066fa85941418067badd7c747372 An Alabama hospital system that quit accepting new patients after a ransomware attack said Saturday it had gotten a key to unlock its computer systems.. A statement from DCH Health Systems didnt say how the three-hospital system got the information needed to unlock its data. But The Tuscaloosa News quoted spokesman Brad Fisher as saying the hospital system paid the attackers.

F-Secure aloittaa yt:t karsii jopa 50 työpaikkaa

www.tivi.fi/uutiset/tv/9490d5b6-9083-4469-9079-07dcd729e08c F-Secure järjestelee toimintojaan uudelleen. Järjestelyjen avulla F-Secure toteuttaa MWR InfoSecurityn yritysoston synergioita, kohdentaa resursseja uudelleen kasvun tukemiseksi ja tehostaa tukitoimintoja.

US to help secure Baltic energy grid against cyber-attacks

www.france24.com/en/20191006-us-to-help-secure-baltic-energy-grid-against-cyber-attacks The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid.. US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement “a critical moment for the Baltic States in strengthening cybersecurity” in strategic energy infrastructure.

FBI warns about attacks that bypass multi-factor authentication (MFA)

www.zdnet.com/article/fbi-warns-about-attacks-that-bypass-multi-factor-authentication-mfa/ FBI warns about SIM swapping and tools like Muraen and NecroBrowser.

RobbinHood Ransomware Using Street Cred to Make Victims Pay

www.bleepingcomputer.com/news/security/robbinhood-ransomware-using-street-cred-to-make-victims-pay/ The operators behind the RobbinHood ransomware have changed their language in the ransom note to take from victims all hope of decrypting the files for free and to make them pay for the recovery.. Boastful and arrogant in their message, the cybercriminals point to past incidents involving their ransomware, which ended with victims paying much more than the ransom demand.

A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks

www.zdnet.com/article/old-drupalgeddon2-rce-is-still-being-employed-in-cybercriminal-attacks/#ftag=RSSbaffb68 A remote code execution (RCE) vulnerability patched over a year and a half ago is still being actively employed in attacks against high-profile websites.. According to cybersecurity researchers from Akamai, the bug, which impacts the open source Drupal content management system (CMS) used to manage websites, is being exploited through malicious .GIF files.

Biggest Threat to United States: Cyber Warfare?

www.msspalert.com/cybersecurity-markets/americas/cyber-warfare-threat-united-states/ Cyber warfare is the nations greatest threat, Acting Director of National Intelligence (DNI) Joseph Maguire recently told the House Intelligence Committee in an open hearing on Thursday, Sept. 26 regarding U.S. election security and the whistleblower complaint against President Trump.. We do face significant threats, Id say No. 1 is not necessarily kinetic, its cyber, this is a cyber war, Maguire said. We talk about whether or not the great competition is taking place with Russia and China, and we are building ships and weapons to do that, but in my estimation the great competition with these countries is taking place right now and is doing that in the cyber realm.

Cisco closes high-impact vulnerabilities in its security offerings

www.helpnetsecurity.com/2019/10/07/cisco-vulnerabilities-security-offerings/ Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as soon as possible.

Supply chain attacks: threats targeting service providers and design offices

www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-005/ This technical document aims at warning about a cyber threat targeting service providers and design offices, as well as their clients. Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients.. PDF report:


D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

threatpost.com/d-link-home-routers-unpatched/148941/ The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinets FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).

White-hat hacks Muhstik ransomware gang and releases decryption keys

www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/#ftag=RSSbaffb68 Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter.. One of the gang’s victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files.. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks’ database from their server.

You might be interested in …

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil […]

Read More

Daily NCSC-FI news followup 2019-06-29

Toiminta jälleen normaalia kyberhyökkäys lamaannutti Lahden kaupungin tietoverkon www.mtvuutiset.fi/artikkeli/toiminta-jalleen-normaalia-kyberhyokkays-lamaannutti-lahden-kaupungin-tietoverkon/7463758 Lahden kaupungin tietoverkon toiminta on palautunut pääosin normaaliksi, kertoo Lahden kaupunki. Kaupungin tietojärjestelmään tehtiin kyberhyökkäys yli kaksi viikkoa sitten.. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Tämä lamaannutti osittain kaupungin toiminnan.. Palveluissa saattaa olla hitautta, ja joitakin toimimattomia yhteyksiä vielä työstetään MongoDB Leak Exposed […]

Read More

Daily NCSC-FI news followup 2019-11-03

BlueKeep attacks are happening, but it’s not a worm www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/ Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.