Daily NCSC-FI news followup 2019-10-23

NCSC-UK Annual Review 2019

www.ncsc.gov.uk/news/annual-review-2019 Single-page version PDF:


Virus Bulletin confernce 2019: Papers on Emotet and Ryuk

www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/ Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations ‘chosen’ through an infection with another piece of malware that is then used as a foothold for the ransomware.. Quite often, this malware is Emotet, which made a spectacular comeback in September. The ransomware is deployed often through a second malware family like Trickbot. Various ransomware families are making use of this scheme to be installed on high-value networks, with Ryuk being one of the most prominent.

Eksoten tietoturva petti: satojen ihmisten tiedot olivat vaarassa paljastua vuodon takia, pahimmassa tapauksessa

esaimaa.fi/uutiset/lahella/d33b098d-05af-454d-a230-1c72957481f5 ulkopuoliset ovat voineet lukea yksityisiä tietoja keväästä 2018 lähtien

Spanish Police Arrest Three in 10-million EUR BEC Bust

www.infosecurity-magazine.com/news/spanish-police-arrest-three-in-10m/ They are said to have run a complex network of 83 fake companies and 185 bank accounts designed to launder the funds. Money was moved frequently between these to put investigators off the scent. So far, Spanish police have only been able to recover 1.3m of the total 10.7m stolen.. The FBI estimates that $1.3bn was lost to BEC scams last year.

Amazon Web Services’ DNS systems knackered by hours-long cyber-attack


10% of Small Businesses Breached Shut Down in 2019

www.darkreading.com/operations/10–of-small-businesses-breached-shut-down-in-2019/d/d-id/1336156 As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss. 25% filed for bankruptcy.. Source survey:


Office 365 Adds Malware ZAP Toggle to Security & Compliance Center

www.bleepingcomputer.com/news/security/office-365-adds-malware-zap-toggle-to-security-and-compliance-center/ Microsoft’s developers are adding a new malware Zero-hour Auto Purge (ZAP) toggle to the Office 365 Security & Compliance Center to allow configuration without using a PowerShell cmdlet.. ZAP comes with all Office 365 subscriptions that have an Exchange Online mailbox and is available with the default Exchange Online Protection.

Huawei: Easier to bribe telco staff than build backdoors

www.zdnet.com/article/huawei-easier-to-bribe-telco-staff-then-build-backdoors/ It requires so much effort to build backdoors into networking equipment that work across different global communications networks and system configurations that it likely is easier and more effective to bribe a telco executive, says Huawei’s chief cybersecurity officer.

‘No such thing’ as cyber warfare: Australia’s head of cyber warfare

www.zdnet.com/article/no-such-thing-as-cyber-warfare-australias-head-of-cyber-warfare/ Warfare is warfare, espionage is internationally normal, and cyber is just one of a suite of potential capabilities for a military response, says Major General Marcus Thompson.

Simplify and cooperate to beat back the cybercrime wave

www.zdnet.com/article/simplify-and-cooperate-to-beat-back-the-cyber-crime-wave/ Complexity, recent data breaches, and perceived urgency are creating opportunities for online criminals.. One approach businesses take is to invoke a zero trust policy where no user or device is considered to be safe.

How Can Airlines Protect Their Customers and Data From Evolving Cyberthreats?


What Has Cybersecurity Pros So Stressed — And Why It’s Everyone’s Problem

www.darkreading.com/edge/theedge/what-has-cybersecurity-pros-so-stressed—-and-why-its-everyones-problem/b/d-id/1336146 According to a 2018 study published by ISC(2), more than 84% of cybersecurity professionals said they were either open to new job opportunities or already planned on pursuing a new opportunity that year.. 63% of respondents said they wanted to work at an organization where their opinions on the existing security posture were taken seriously.

Google Claims a Quantum Breakthrough That Could Change Computing


Quantum supremacy from Google? Not so fast, says IBM.


$35B face data class action lawsuit against Facebook will proceed

techcrunch.com/2019/10/18/facebook-35-billion-lawsuit/ Facebook could face $1,000 to $5,000 in penalties per user for 7 million people, which could sum to a maximum of $35 billion.

Chrome 78 arrives with new APIs, dark mode improvements on Android and iOS

venturebeat.com/2019/10/22/google-chrome-78/ Google spent at least $58,500 in bug bounties for this release.

End-of-life Fujitsu Wireless Keyboard Plagued By Unpatched Flaws

threatpost.com/fujitsu-wireless-keyboard-unpatched-flaws/149477/ Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.

Firefox, Chrome Bugs Allow Arbitrary Code-Execution

threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/ Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.

You might be interested in …

Daily NCSC-FI news followup 2020-08-25

DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown labs.ripe.net/Members/daniel_kopp/ddos-hide-and-seek In this article, we investigated booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting fifteen booter websites in December 2018. We investigated and compared attack properties of multiple booter services by launching DDoS attacks against our own […]

Read More

Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also www.is.fi/digitoday/tietoturva/art-2000006605860.html World’s largest cruise line operator discloses ransomware attack www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack […]

Read More

Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. Russian Hacks on U.S. Voting System Wider Than Previously Known www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.