Daily NCSC-FI news followup 2019-12-10

Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit: Macronin toimisto sumutti vakoojia vitseillä

www.hs.fi/ulkomaat/art-2000006337940.html Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia jakamalla heille väärää tietoa.

Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools

www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/ Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads. Encrypting the victim’s files is possible because most security tools are automatically disabled when Windows devices boot in Safe Mode as the Sophos Managed Threat Response (MTR) team and SophosLabs researchers found. “Snatch can run on most common versions of Windows, from 7 through 10, in 32- and 64-bit versions, ” they add. “The samples we’ve seen are also packed with the open-source packer UPX to obfuscate their contents.”. Snatch ransomware came out towards the end of 2018 and it became noticeably active during April 2019 as shown by a spike in ransom notes and encrypted file samples submitted to Michael Gillespie’s ID Ransomware platform. Read also:


Pensacola, Florida Hit by Cyber Attack, City Services Impacted

www.bleepingcomputer.com/news/security/pensacola-florida-hit-by-cyber-attack-city-services-impacted/ The city of Pensacola is struggling to recover from a cyber attack that hit its computer network over the weekend. Some services are still affected but no critical ones. Few details are available but the attack prompted the city to disconnect much of its network until a solution for the problem was found. Read also:


Instagram influencer sentenced to 14 years for violent plot to steal domain name

www.theverge.com/2019/12/9/21003858/instagram-polo-rossi-lorathio-adams-ii-sentenced-14-years-domain-name-state-snaps A social media influencer has been sentenced to 14 years in federal prison for concocting a scheme to violently coerce a stranger into giving up a web domain name, the US Department of Justice announced today. The influencer, Rossi Lorathio Adams II, went by the name “Polo, ” and he ran a series of accounts across Instagram and other platforms known as State Snaps while attending college at Iowa State University. The accounts, which Adams began operating around 2015, typically involved depictions of risky or sexually explicit behavior, often featuring college girls. According to The Washington Post, one . Read also:


www.washingtonpost.com/nation/2019/04/22/social-media-guru-needed-domain-name-he-decided-get-it-gunpoint/ and


AWS on Australia’s encryption Bill and government-wide contract

www.zdnet.com/article/aws-on-australias-encryption-bill-and-government-wide-contract/ The cloud giant’s CISO has said his company will advocate ‘very strongly’ on behalf of its customers where the encryption Bill is concerned, and the company’s local MD has said the region is among the most advanced markets in the world. Australia’s encryption laws have now been in place for a year, after the Telecommunications and Other Legislation (Assistance and Access) Act 2018 was rammed through Parliament in order to, as former Opposition Leader Bill Shorten said, “keep Australians safe over Christmas”. Being rushed, the laws have continued to face heat, both locally and abroad. Speaking with a handful of journalists during Amazon Web Services (AWS) re:Invent last week, president of security engineering and AWS CISO Steven Schmidt discussed Australia’s encryption laws and did not rule out the potential to challenge the law in court.

Tsekkiläinen Avast on painokkaasti ilmoittanut, kuinka se haluaa varjella käyttäjiään vakoilemiselta. Samaan aikaan se ilolla myy käyttäjädataa eteenpäin

www.tivi.fi/uutiset/tv/f0165bfa-6771-4a07-bcc4-797d7e239453Suosittu Kuten Forbes kertoo, Avast on miljardien arvoinen tietoturvayritys, jonka tuotteisiin lukeutuu muun muassa ilmainen, satojen miljoonien ihmisten käyttämä ilmainen virustorjuntaohjelma Avast sekä nippu selaimiin liitettäviä tietoturvalisukkeita.

Kyberiskut muuttuvat yhä oudommiksi erityisesti tätä iskutapaa sietää varoa

www.tivi.fi/uutiset/tv/71fa3322-5116-4811-9c30-7e03fa5b0bf2 Tekoälyllä viritetyt deepfaket, kiristyshaittaohjelmat sekä iot-laitteisiin ja 5g-verkkoihin leivotut riskit merkitsevät sitä, että kyberiskut käyvät aina vain vaikeammiksi torjua. Ihan niin kuin kyberturvasta huolehtiminen ei olisi riittävän työlästä nykyisinkin, uhkat käyvät yhä vain oudommiksi. It-osastoilla tarvitaan uusia taitoja ja jopa liittoumia uudenlaisten ja muotoaan muuttavien uhkien torjumiseksi. Esimerkiksi Forrester povaa, että jo ensi vuonna deepfaket, eli videot joissa tekoäly korvaa esiintyjän kasvot jonkun toisen naamavärkillä häkellyttävän uskottavalla tarkkuudella, aiheuttavat yrityksille jopa neljännesmiljardin dollarin kustannukset.

Apple has ‘deep concerns’ that ex-employees accused of theft will flee to China

www.reuters.com/article/us-apple-trade-secrets/apple-has-deep-concerns-that-ex-employees-accused-of-theft-will-flee-idUSKBN1YD2IT Apple Inc on Monday told a federal court it has “deep concerns” that two Chinese-born former employees accused of stealing trade secrets from the company will try to flee before their trials if their locations are not monitored. At a hearing in U.S. District Court for the Northern District of California, prosecutors argued that Xiaolang Zhang and Jizhong Chen should continue to be monitored because they present flight risks. Federal prosecutors alleged Zhang worked on Apple’s secretive self-driving car program and took files related to the project before disclosing that he was going to work for a Chinese competitor. Federal agents arrested Zhang last year at the San Jose airport as he was about to board a flight for China. Prosecutors allege Chen took from Apple more than 2, 000 files containing “manuals, schematics, diagrams and photographs of computer screens showing pages in Apple’s secure databases” with intent to share them. Agents arrested him in January at a train station on his way to San Francisco International Airport for a trip to China.

NordVPN launches promised bug bounty program

www.zdnet.com/article/nordvpn-launches-promised-bug-bounty-program/ NordVPN was galvanized into action after an attacker compromised one of its servers. NordVPN has launched a bug bounty on HackerOne as part of an initiative to revamp the VPN provider’s security posture. On Monday, the virtual private network (VPN) service, used to mask online activity and IP addresses, said ethical hackers are now invited to probe NordVPN for security holes, weaknesses, and vulnerabilities that may place the firm or its users at risk.

Cybersecurity Trends 2020: Technology is getting smarter are we?

www.welivesecurity.com/2019/12/10/cybersecurity-trends-2020-technology-is-getting-smarter-are-we/ A tumultuous 2019 is steadily but surely wrapping up. Before we all step into the New Year full of hopes and expectations, we take a step back to look at what the year ahead may have in store for us all in our annual Trends report. The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting smarter and more connected. So much so that companies are incorporating them into buildings to increase their operating efficiency, thereby saving millions. Even cities are racing to implement smart solutions so they can brandish those smart city credentials proudly. But are cities ready to shoulder this responsibility after the ransomware attacks they have experienced?. With machine learning (ML) gaining traction, a lot of the tasks have been simplified. From sifting through heaps of data to dealing with repetitive chores, the learning mechanism allows systems to improve the way they tackle problems. In 2019 ML gained notoriety because of a more concerning issue the rise of the deepfake. This technology renders the popular saying “seeing is believing” quite useless. Deepfakes could be leveraged to damage the reputation of public figures or even sway the court of public opinion. The technology was also applied in a less sinister context FaceApp was popular for a hot minute, although the app itself did raise privacy concerns. Trends shines a light on how deepfakes and other ML-driven

Unikielle TISAX 3 -sertifiointi: Unikien toiminta täyttää eurooppalaisen autoteollisuuden korkeimmat tietoturvavaatimukset

www.epressi.com/tiedotteet/tietoturva/unikielle-tisax-3-sertifiointi-unikien-toiminta-tayttaa-eurooppalaisen-autoteollisuuden-korkeimmat-tietoturvavaatimukset.html Unikie vahvistaa asemaansa autoteollisuuden toimijoiden ohjelmistokehitystoimittajana. Unikien toiminta on auditoitu autoteollisuuden tietoturvakriteerien mukaisesti. Unikie sertifioitui TISAX 3 -tasolle eli Unikien toiminta täyttää korkeimmat tietoturvallisuusvaatimukset, joita eurooppalaiset autoteollisuustoimijat ovat määritelleet. Unikie sai näin nimensä TISAX-tietoturvallisuuslistalle kolmantena suomalaisena yrityksenä ja ensimmäisenä suomalaisena softatalona. Unikie tekee Suomesta käsin merkittäviä projekteja autotoimijoille Saksaan ja ympäri maailman, joten TISAX 3 -sertifikaatti nähdään yrityksen johdossa erittäin tärkeänä. Unikien asiakkaille turvallisuusluokitus on tae turvallisesta ja luotettavasta kumppanista.

Piratismikirjeiden lähettäjälle kova isku, joutuu luovuttamaan keräämänsä tiedot “Ei vaikutusta valvontaan”

www.is.fi/digitoday/art-2000006338790.html Piratismikirjevyyhdin omia tietoja koskevan oikeuden haara sai päätöksensä, kun oikeudenhaltija joutuu luovuttamaan epäillylle häntä koskevat tiedot. Korkein hallinto-oikeus on hylännyt Scanbox Entertainment A/S:ää edustavan asianajotoimisto Hedman Partnersin valituksen korkeimpaan hallinto-oikeuteen. Kyse on niin sanotun piratismikirjevyyhdin juonteesta, jossa kirjeen saanut Ritva Puolakka on pyytänyt elokuvien oikeudenomistaja Scanboxia edustavalta asianajotoimisto Hedman Partnersilta hänestä kerättyjä tietoja. Hedman Partners luovutti Puolakan tiedoista hänelle vain osan vedoten niiden aiheuttamaan haittaan liikesuhteiden luottamukselle sekä aineettomalle omaisuudelle. Hedman Partners vetosi myös siihen, että tarkastusoikeus koskee vain omia tietoja ja mahdollisessa syyttömyystapauksessa tiedot voisivat olla jonkun muun. Päätös tarkoittaa sitä, että Helsingin hallinto-oikeuden päätös jää lainvoimaiseksi ja Hedman Partnersin on luovutettava Puolakalle hänestä kerätyt tiedot.

Tulorekisteri mokasi: Satojen työntekijöiden henkilö- ja palkkatietoja näkyi kuukausia virheellisessä ohjeessa “Pyydämme anteeksi”

yle.fi/uutiset/3-11111076 Tulorekisterin verkkosivustoilla on ollut näkyvillä virheellinen tekninen ohje, joka sisälsi yksityishenkilöiden arkaluonteisia tietoja. Asiasta kertoo Kansallisen tulorekisterin perustamishanke tiedotteessa. Ohjeeseen oli päätynyt koodikielinen esimerkki, jossa oli käytetty oikeita henkilö- ja palkkatietoja keinotekoisten tietojen sijaan. Tiedot liittyivät yhden työnantajan 384 työntekijän yhteen palkanmaksutapahtumaan. Tulorekisteriyksikön mukaan ohje ehti olla näkyvillä verkkosivustolla noin viisi kuukautta. Virheellinen ohje poistettiin välittömästi, kun se havaittiin 5. joulukuuta. Ohjetta oli ladattu verkkosivustolta 53 osoitteesta ennen kuin se poistettiin. Tiedotteen mukaan virhe johtui inhimillisestä erehdyksestä. Lue myös:


How advertisers learn which Android apps you use

www.kaspersky.com/blog/android-device-identifiers/31755/ To enable advertisers to collect a detailed dossier on you so they can deliver personalized ads, mobile apps feed them information about your device even information Google doesn’t permit them to use for advertising. What can apps tell an advertising network about your smartphone? First, that they are installed on the device. With this information from a number of apps, the advertising network is able to learn what your interests are, and which ads are most likely to hook you. For example, if you take a lot of selfies, and you have Instagram and Snapchat installed on your phone, you may appreciate apps offering image filters and effects. Advertising networks use identifiers to make sure they know the precise device running each app. Every Android smartphone or tablet normally has several such identifiers and most of them were never intended to assist advertisers. Thus, unique IMEI codes help identify phones in cellular networks and, say, block stolen devices. A serial number can help find all gadgets of the same defective batch to recall them from stores. A MAC address yet another unique identifier enables networking and in particular can be of use in restricting the list of gadgets you authorize to share your home Wi-Fi. Finally, app developers use Android IDs (aka SSAIDs) to manage licenses for their products. For a long time, no separate advertising identifier existed at all, so apps used to share the above mentioned IDs with their partners. And users basically had no way to escape personalized ads: IMEI or MAC are unique codes enabling straightforward identification of any device. Every time an advertising network receives one, the network understands that the app has been installed on your specific phone.

The FCC’s Push to Purge Huawei From US Networks

www.wired.com/story/fcc-rip-replace-huawei-zte/ The trade war between China and the US has centered largely on escalating tariffs. But in many rural communities, the focus has shifted to the security of networks for which Chinese giants Huawei and ZTE have long provided equipment. As the 5G future approaches, the US is pushing small carriers to rip out and replace whatever parts of their infrastructure come from China, no matter the cost. The Federal Communication Commission first proposed the drastic overhaul at the end of October, suggesting that access to FCC subsidies from the $8.5 billion Universal Service Fund be contingent on removing all Huawei and ZTE equipment. The Commission unanimously approved the initiative on November 22, setting off a wave of protests from the small mobile companies who now have to figure out how to do thatand how to pay for it. All the major US wireless providersincluding AT&T, Verizon, and T-Mobilecut Chinese equipment manufacturers out of their networks years ago to avoid this potential sticking point. But small rural carriers, which often struggle to stay profitable, bought Huawei and ZTE tech in recent years because they undercut competitors. The FCC decision puts those operators on the hook for a replacement process that could cost a billion dollars or more industry-wide. In a move that could potentially help ease that burden, the FCC announced a $9 billion investment in rural 5G networks last Wednesday. Later that night, Huawei sued the agency over the ban. “It’s a whole complicated situation, ” says Syed Rafiul Hussain, a 5G and mobile network security researcher at Purdue University in Indiana. “Rural wireless operators may be reluctant to spend money on new cell site equipment, testing, and transition, but protecting security and user privacy comes with a cost.”

The WIRED Guide to 5G

www.wired.com/story/wired-guide-5g/ Here’s everything you’ll ever want to know about the spectrum, millimeter wave technology, and on why 5G could give China an edge in the AI race. The future depends on connectivity. From artificial intelligence and self-driving cars to telemedicine and mixed reality to as yet undreamt technologies, all the things we hope will make our lives easier, safer, and healthier will require high-speed, always-on internet connections. To keep up with the explosion of new connected gadgets and vehicles, not to mention the deluge of streaming video, the mobile industry is working on something called 5Gso named because it’s the fifth generation of wireless networking technology. The promise is that 5G will bring speeds of around 10 gigabits per second to your phone. That’s more than 600 times faster than the typical 4G speeds on today’s mobile phones, and 10 times faster than Google Fiber’s standard home broadband servicefast enough to download a 4K high-definition movie in 25 seconds, or to stream several at the same time. Eventually anyway. US carriers promise that 5G will be available nationwide by 2020, but the first 5G networks won’t be nearly so fast. 5G isn’t a single technology or standard, but rather a constellation of different technologies, and deploying them could require a radically different approach than building 4G networks. Carriers have launched demos and pilot programs that demonstrate big leaps in wireless performance, but mobile networks based on the “millimeter wave” technology that may deliver the fastest speeds probably won’t be widely available for years. In the meantime, companies will likely build 5G networks based on other technologies that are faster than today’s networks, but can largely rely on existing infrastructure.

Hackers Can Mess With Voltages to Steal Intel Chips’ Secrets

www.wired.com/story/plundervolt-intel-chips-sgx-hack/ A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor’s secure enclave. When thieves want to steal treasures surrounded by sensors and alarms, they sometimes resort to cutting the power, disrupting the flow of electricity to those expensive security systems. It turns out that hackers can pull off a similar trick: breaking the security mechanisms of Intel chips by messing with their power supply, and exposing their most sensitive secrets. Two teams of researchersone at the University of Birmingham in the UK, TU Graz in Vienna, KU Leuven in Belgium and another at the Technische Universität Darmstadt in Germany and University of Californiahave found a new technique that can allow hackers to fiddle with the voltage of Intel chips to cause them to leak information stored using Intel’s Secure Guard Extensions feature. Those “secure enclaves” in a device’s memory are designed to be impregnable. Intel, which asked the teams to keep their findings under wraps for the last six months, confirmed the findings and pushed out an update to its chip firmware to prevent the attack today. The technique, which one of the two teams calls Plundervolt, involves planting malicious software on a target computer that temporarily reduces the voltage of the electricity flowing to an Intel chip. That drop in voltage, known as “undervolting, ” typically allows legitimate users to save power when they don’t need maximum performance. (By that same token, you can use the voltage-variance feature to “overclock” a processor for more intensive tasks.) But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data. And those errors can reveal information as sensitive as a cryptographic key or biometric data stored in the SGX enclave. “Writing to memory takes power, ” says Flavio Garcia, a computer scientist at the University of Birmingham who, along with his colleagues, will present the Plundervolt research at IEEE Security and Privacy next year. “So for an instant, you reduce the CPU voltage to induce a computation fault.”. Read also:


Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor

www.theregister.co.uk/2019/12/10/ryuk_decryptor_broken_latest_strain/ Oracle DBs particularly vulnerable to fake decryptions, say researchers. If you’re an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pity’s sake, don’t. The criminals behind it have broken their own decryptor, meaning nobody will be able to unlock files scrambled by the malicious software. This is according to infosec biz Emsisoft, which warned the latest evolution of Ryuk’s decryptor truncates a file footer used by the ransomware to check whether or not a particular file has been fully or partially encrypted. Read also:


Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/ A phishing campaign has been discovered that doesn’t target a recipient’s username and password, but rather uses the novel approach of gaining access to a recipient’s Office 365 account and its data through the Microsoft OAuth API. Almost all Microsoft Office 365 phishing attacks that we see are designed to steal a user’s login name and password by impersonating a Microsoft login landing page. In a phishing campaign discovered by threat intelligence and mitigation firm PhishLabs, attackers are no longer targeting a user’s login credentials, but are now using Microsoft Office 365 OAuth apps to hijack a recipient’s account. “This attack method is unique in that it’s effectively malware targeting a victim’s Office 365 account. It’s highly persistent, will completely bypass most traditional defensive measures, and is difficult to detect and remove unless you know what you’re looking for. It’s really quite clever, and extremely dangerous, ” PhishLabs’ Michael Tyler told BleepingComputer in conversations.

Google Chrome Uses Safe Browsing to Improve Phishing Protection

www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/ The Google Chrome browser will get new real-time and improved predictive phishing protection capabilities with release 79, protecting users against such attacks with the help of the Safe Browsing blacklist service. Safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. These capabilities will now be adopted by Google Chrome’s phishing protection feature to detect and alert users of active phishing sites. “Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure, ” Google says. Read also:

security.googleblog.com/2019/12/better-password-protections-in-chrome.html and blog.google/products/chrome/better-password-protections

Adobe Releases Their December 2019 Security Updates

www.bleepingcomputer.com/news/security/adobe-releases-their-december-2019-security-updates/ Adobe has released their monthly security updates that fix vulnerabilities in Acrobat, Reader, Photoshop CC, Brackets, and ColdFusion. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities. Read also:

threatpost.com/adobe-fixes-critical-acrobat-photoshop-brackets-flaws/150970/ and thehackernews.com/2019/12/adobe-software-update.html

Windows 10 KB4530684 & KB4530715 Cumulative Updates Released

www.bleepingcomputer.com/news/microsoft/windows-10-kb4530684-and-kb4530715-cumulative-updates-released/ Microsoft is rolling out a new cumulative update for all supported version of Windows 10. The cumulative update comes with security fixes and minor bug fixes for Windows 10 November 2019 Update, May 2019 Update and October 2018 Update.

Microsoft’s December 2019 Patch Tuesday Fixes Win32k Zero-day, 36 Flaws

www.bleepingcomputer.com/news/microsoft/microsofts-december-2019-patch-tuesday-fixes-win32k-zero-day-36-flaws/ Today is Microsoft’s December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today.

Raju hakkerihyökkäys, virussuojaus oli päivän myöhässä 10 vuoden edestä valtion asiakirjoja kaapattiin

www.tivi.fi/uutiset/tv/e9f58ed2-e081-4210-bdb2-5ad2de29e271 Argentiinassa on paljastunut raju kiristysyritys, jossa hakkerit onnistuivat kryptaamaan 10 vuoden edestä virallista dataa. Paikallinen tiede- ja teknologiaministeri Alicia Bañuelos kertoi varsinaisen hyökkäyksen tapahtuneen marraskuun 25. päivänä. Hakkerit onnistuivat kryptaamaan jopa 7700 gigatavua tiedostoja yhteensä kymmenen vuoden ajalta. Valtionhallinnossa oli käytössä haittaohjelmilta suojaava virusohjelmisto, mutta kyseisen haitakkeen tunnistustiedot siihen saatiin vasta hyökkäystä seuraavana päivänä, Agencia San Luis uutisoi. Kiristäjien tiedostojen vapauttamisesta vaatima lunnassumma ei ole tiedossa. Eri lähteistä riippuen vaatimus asettuu melkoisen laajaan haarukkaan 3300 ja 330 000 euron välille, TheNextWeb kertoo. Virallisen tiedon mukaan lunnaita ei kuitenkaan maksettu, vaan kryptaus onnistuttiin avaamaan asiantuntijavoimin. Suurin osa datasta onkin jo saatu palautettua. Työstettävänä on enää 350 gigatavua tuoreimpia tietoja. Tosin salauksen purkamisessa kuluu ministerin mukaan vielä vähintään 15 vuorokautta. Lue myös:


Uuden ajan ovikellot vuotavat salassa käyttäjädataa yllättyikö joku?

www.tivi.fi/uutiset/tv/2c38af69-386f-4867-85f0-eeabef477ff0 Ring-ovikelloja kaupataan etenkin omistajansa turvallisuutta lisäävänä tuotteena. Viime aikoina uuden ajan ovikelloista on kuitenkin paljastanut kulmia kurtistavia ominaisuuksia

Chrome 79 released with tab freezing, back-forward caching, and loads of security features

threatpost.com/amazon-blink-smart-camera-flaws/150962/ Chrome 79 also ships with support for predictive phishing, for real-time Safe Browsing detections, and a built-in Password Checkup tool. Google has released today Chrome 79 for Windows, Mac, Linux, Chrome OS, Android, and iOS users. This release comes with security and bug fixes, but also with new features such as built-in support for the Password Checkup tool, real-time blacklisting of malicious sites via the Safe Browsing API, general availability of Predicitive Phishing protections, a ban on loading HTTPS “mixed content, ” support for tab freezing, a new UI for the Chrome Sync profile section, and support for a back-forward . caching mechanism

Amazon’s Blink Smart Security Cameras Open to Hijack

threatpost.com/amazon-blink-smart-camera-flaws/150962/ Amazon is rolling out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later. Multiple high-severity vulnerabilities have been discovered in Amazon-owned Blink XT2 security camera systems, which if exploited could give attackers complete control over them. The internet of things (IoT) cameras (not to be confused with the Blink open-source browser engine), consist of a wireless camera and monitoring system for consumers. The flaws could enable attackers without access to the devices to view camera footage, listen to audio output and hijack the device for use in a botnet, Tenable researchers disclosed on Tuesday. Amazon has been notified of the flaws . and is rolling out patches. Read also:

medium.com/tenable-techblog/blink-xt2-camera-system-command-injection-flaws-4768fced9ece? and www.tenable.com/security/research/tra-2019-51

Data leak exposes 750, 000 birth certificate applications

www.welivesecurity.com/2019/12/10/data-leak-exposes-750000-birth-certificate-applications/ A variety of sensitive information has been there for the taking due to an unsecured cloud storage container. Over 752, 000 birth certificate applications have been exposed online by an unnamed company that enables people to obtain copies of their birth and death records from state governments in the United States, TechCrunch reports. Needless to say, the exposed cache of documents includes a variety of personal information. The leak was reported by Fidus Information Security, a company specializing in penetration testing. The applications were found on the Amazon Web Services (AWS) cloud computing platform, sitting out in the open with no password protection whatsoever. This means anyone who could guess the relatively simple web address, including bad actors, could access the records. Read also:


Using the MITRE ATT&CK to investigate the RobbinHood Ransomware

blog.checkpoint.com/2019/12/10/using-the-mitre-attck-to-investigate-the-robbinhood-ransomware/ The city of Baltimore was held hostage by RobbinHood ransomware in May 2019. According to the BBC, the ransomware locked 10, 000 city government computers, blocked government email accounts, and disabled online payments to city departments for weeks. The malware demands payment in exchange for decryption tools. In this use case, we will demonstrate the investigation of “RobbinHood” using the MITRE ATT&CK framework.

How to Respond to Emotet Infection (FAQ)

blogs.jpcert.or.jp/en/2019/12/emotetfaq.html The purpose of this entry is to provide instructions on how to check if you are infected with Emotet and what you can do in case of infection (based on the information available as of December 2019). If you are not familiar with the detailed investigation methods described here, it is recommended that you consult with security vendors who can assist you.

5G Väyläviraston toiminnassa: Väylävirasto nopeiden tietoliikenneyhteyksien hyödyntäjänä ja mahdollistajana

www.doria.fi/handle/10024/173472 Työn tarkoituksena oli tunnistaa digitaalisen infran tuomat hyödyt, tarpeet ja haasteet väyläviranomaisten toiminnassa, sekä tunnistaa miten Väylä voi roolissaan mahdollistaa ja edistää tietoliikenneverkkojen kehittymistä. Työn tavoitteena oli antaa syötteitä Väyläviraston toiminnan suunnittelulle ja kehittämiselle, lisätä väylänpidon eri osapuolten tietoisuutta tietoliikennekysymysten vaikutuksesta toimintatapoihin sekä tunnistaa julkisten ja yksityisten toimijoiden tehtävien jakautuminen. Lue myös:


Intel Patches Plundervolt, High Severity Issues in Platform Update

www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-platform-update/ Intel addressed 14 security vulnerabilities during the December 2019 Patch Tuesday, with seven of them being high and medium severity security flaws impacting multiple platforms including Windows and Linux. The security issues patched today were detailed in the 9 security advisories published by Intel on its Product Security Center, with the company having delivered them to customers through the Intel Platform Update (IPU) process. The vulnerabilities disclosed today could allow authenticated or privileged users to potentially enable information disclosure, trigger denial of service states, escalate privileges, or execute malicious code at an elevated level of privilege via local access. Each advisory comes with a detailed list of all affected products as well as recommendations for vulnerable products, and also include contact details for users and researchers who would want to report other vulnerabilities found in Intel branded tech or products.

Here’s what will happen to your Windows 7 PC on January 15, 2020

www.zdnet.com/article/heres-what-will-happen-to-your-windows-7-pc-on-january-15-2020/ Microsoft is ready to push a full-screen warning to Windows 7 users who are still running the OS after January 14. The nag-screen payload is part of the December 10 Patch Tuesday monthly rollup. Microsoft has been warning Windows 7 users for the past year-plus that after January 14, 2020, they’ll get no more security updates to the operating system for free. Even though users will be able to continue to run Windows 7 after that date, they’ll be more susceptible to potential security problems. To hammer that point home, Microsoft is planning to deliver a new pop-up notification to Windows 7 users on January 15 next year. Microsoft already has been delivering warning notifications periodically to Windows 7 Home and many Pro users about the pending January 14 end-of-support date. But on January 15, the company also is planning to push a full-screen notification to those still running the OS to make it clear that “Your Windows 7 PC is out of support.” Note: “The notification will not appear on domain-joined machines or machines in kiosk mode, ” the KB article says. Like it has been doing this year, Microsoft will be delivering this new nag notification to Windows 7 users by making it part of a patch rollup. The coming notification will be embedded in monthly rollup KB4530734, which Microsoft is making available to Windows 7 SP1 users on December 10 as part of its Patch Tuesday set of updates. This patch will configure Windows 7 PCs that receive it so they will display the January 15 notification starting on that date.

White house veterans helped Gulf monarchy build secret surveillance unit

www.reuters.com/investigates/special-report/usa-raven-whitehouse/ n the years after 9/11, former U.S. counterterrorism czar Richard Clarke warned Congress that the country needed more expansive spying powers to prevent another catastrophe. Five years after leaving government, he shopped the same idea to an enthusiastic partner: an Arab monarchy with deep pockets. In 2008, Clarke went to work as a consultant guiding the United Arab Emirates as it created a cyber surveillance capability that would utilize top American intelligence contractors to help monitor threats against the tiny nation. The secret unit Clarke helped create had an ominous acronym: DREAD, short for Development Research Exploitation and Analysis Department. In the years that followed, the UAE unit expanded its hunt far beyond suspected extremists to include a Saudi women’s rights activist, diplomats at the United Nations and personnel at FIFA, the world soccer body. By 2012, the program would be known among its . Reuters reports this year revealed how a group of former National Security Agency operatives and other elite American intelligence veterans helped the UAE spy on a wide range of targets through the previously undisclosed program from terrorists to human rights activists, journalists and dissidents. Now, an examination of the origins of DREAD, reported here for the first time, shows how a pair of former senior White House leaders, working with ex-NSA spies and Beltway contractors, played pivotal roles in building a program whose actions are now under scrutiny by federal authorities. To chart the UAE spying mission’s evolution, Reuters examined more than 10, 000 DREAD program documents and interviewed more than a dozen contractors, intelligence operatives and former government insiders with direct knowledge of the program. The documents Reuters reviewed span nearly a decade of the DREAD program, starting in 2008, and include internal memos describing the project’s logistics, operational plans and targets.

You might be interested in …

Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source: www.clearskysec.com/fox-kitten/ Austria: Cyber attack on the Foreign Ministry is over www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all […]

Read More

Daily NCSC-FI news followup 2020-04-05

Suomessa kaupitellaan nyt olemattomia hengityssuojaimia Koronapandemia pitää rötöstelijätkin kotona, mutta nettirikolliset aktiivisina yle.fi/uutiset/3-11288563?origin=rss EU-komissio ja eurooppalaiset kuluttajaviranomaiset ovat ryhtyneet toimiin koronaan liittyvien huijausten ehkäisemiseksi. Esimerkiksi EU-komissio on vaatinut suurilta markkinoijilta ja alustoilta yhteistyötä. Koronaan liittyviä huijausilmoituksia on tullut parikymmentä tähän mennessä, sanoo erityisasiantuntija Saija Kivimäki Kilpailu- ja kuluttajavirastosta. Microsoft: Emotet Took Down a Network by […]

Read More

Daily NCSC-FI news followup 2019-12-25

Toistasataa kiinalaista pidätettiin Nepalissa epäiltynä kyberhuijauksesta yle.fi/uutiset/3-11134577 Ratsiassa takavarikoitiin yli 700 puhelinta ja 400 tietokonetta. Staying Cyber-Safe This Holiday Season www.fortinet.com/blog/industry-trends/staying-cyber-safe-this-holiday-season.html Look-alike websites, fake shipping notifications, e-cards, emergency scams, phony charities, free gift cards etc. These are the most common forms of holiday scams. Signs of Phishing: Protecting Yourself During the Holidays www.tripwire.com/state-of-security/featured/signs-of-phishing-protecting-yourself-during-the-holidays/ Some things […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.