Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative

www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises.

Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta

yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta.

Facebook is building an operating system so it can ditch Android


Twitter Fixes Bug that Enabled Takeover of Android App Accounts

threatpost.com/twitter-fixes-bug-that-enabled-takeover-of-android-app-accounts/151393/ Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.

Twitter shuts down nearly 6,000 state-backed information operations

www.zdnet.com/article/twitter-shuts-down-saudi-state-backed-information-operations/ Twitter announced it has removed another batch of state-backed Twitter accounts from its platform, this time there were just shy of 6,000 of which a “significant” number of these were from Saudi Arabia.

New York Times: Popular chat app ToTok is an Emirati spy tool

www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.. The service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers.

Lithuanian hacker sentenced to five years

www.theregister.co.uk/2019/12/20/facebook_google_hacker_five_years/ The hacker will spend the next five years behind bars for masterminding a $120m (£92.05m) scam that involved emailing fake IT equipment invoices to Facebook and Google.

Powershell Empire releases v3.0

www.bc-security.org/post/the-empire-3-0-strikes-back Includes new versions of common tools used in breaches, like a new version of Mimikatz that works againsta Windows 10 (1903). Make sure your defenses spot these new tools!

NVIDIA Patches High Severity Vulnerability in GeForce Experience

www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-vulnerability-in-geforce-experience/ NVIDIA today issued a security update designed to patch a vulnerability that could allow local attackers to trigger a denial of service (DoS) state or escalate privileges on systems running unpatched software.

Chinese hacker group caught bypassing 2FA

www.zdnet.com/article/chinese-hacker-group-caught-bypassing-2fa/ How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.

The anatomy of the MyKings botnet, and why it matters for security

www.cyberscoop.com/mykings-botnet-sophos-smominru/ See also:

www.healthcareinfosecurity.com/mykings-cryptomining-botnet-leverages-eternalblue-flaw-a-13536 and


Analysis of phishing campaigns of Canadian banks.

research.checkpoint.com/2019/canadian-banks-targeted-in-a-massive-phishing-campaign/ Recently, Check Point engines detected a new phishing campaign impersonating the Royal Bank of Canada (RBC).

You might be interested in …

Daily NCSC-FI news followup 2019-12-15

(Lazy) Sunday Maldoc Analysis: A Bit More … isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis+A+Bit+More/25608/ At the end of my diary entry “(Lazy) Sunday Maldoc Analysis”, I wrote that there was something unusal about this document. Let’s take a look at the content of the file and compare that with the file size. Luulitko älylukon olevan turvallinen? Varoittava esimerkki panee miettimään […]

Read More

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.