Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative

www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises.

Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta

yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta.

Facebook is building an operating system so it can ditch Android


Twitter Fixes Bug that Enabled Takeover of Android App Accounts

threatpost.com/twitter-fixes-bug-that-enabled-takeover-of-android-app-accounts/151393/ Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.

Twitter shuts down nearly 6,000 state-backed information operations

www.zdnet.com/article/twitter-shuts-down-saudi-state-backed-information-operations/ Twitter announced it has removed another batch of state-backed Twitter accounts from its platform, this time there were just shy of 6,000 of which a “significant” number of these were from Saudi Arabia.

New York Times: Popular chat app ToTok is an Emirati spy tool

www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.. The service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers.

Lithuanian hacker sentenced to five years

www.theregister.co.uk/2019/12/20/facebook_google_hacker_five_years/ The hacker will spend the next five years behind bars for masterminding a $120m (£92.05m) scam that involved emailing fake IT equipment invoices to Facebook and Google.

Powershell Empire releases v3.0

www.bc-security.org/post/the-empire-3-0-strikes-back Includes new versions of common tools used in breaches, like a new version of Mimikatz that works againsta Windows 10 (1903). Make sure your defenses spot these new tools!

NVIDIA Patches High Severity Vulnerability in GeForce Experience

www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-vulnerability-in-geforce-experience/ NVIDIA today issued a security update designed to patch a vulnerability that could allow local attackers to trigger a denial of service (DoS) state or escalate privileges on systems running unpatched software.

Chinese hacker group caught bypassing 2FA

www.zdnet.com/article/chinese-hacker-group-caught-bypassing-2fa/ How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.

The anatomy of the MyKings botnet, and why it matters for security

www.cyberscoop.com/mykings-botnet-sophos-smominru/ See also:

www.healthcareinfosecurity.com/mykings-cryptomining-botnet-leverages-eternalblue-flaw-a-13536 and


Analysis of phishing campaigns of Canadian banks.

research.checkpoint.com/2019/canadian-banks-targeted-in-a-massive-phishing-campaign/ Recently, Check Point engines detected a new phishing campaign impersonating the Royal Bank of Canada (RBC).

You might be interested in …

Daily NCSC-FI news followup 2020-08-15

PoC Exploit Targeting Apache Struts Surfaces on GitHub threatpost.com/poc-exploit-github-apache-struts/158393/ Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack krebsonsecurity.com/2020/08/medical-debt-collection-firm-r1-rcm-hit-in-ransomware-attack/ R1 RCM Inc. [NASDAQ:RCM], one of the nations largest medical debt collection companies, […]

Read More

Daily NCSC-FI news followup 2020-06-15

AWS Hit With a Record 2.3 Tbps DDoS Attack www.cbronline.com/news/record-ddos-attack-aws AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this year, with the (unsuccessful) attempt to knock cloud services offline continuing for three days in February. To put the scale of the attempt in context, it is nearly double the […]

Read More

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.