Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts?

securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in patch management. The question that arises, then, is why?. There are two sides to this story: A technical one and a procedural one. Let’s dive into the procedural side first. In general, patches with the exception of emergency patches can only be installed during a maintenance period. This is to ensure that business continuity is not interrupted. This brings the first issue forward: How do you determine what should be an emergency patch?

Winnti Group targeting universities in Hong Kong

www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware. In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks prior to ShadowPad.

200K WordPress Sites Vulnerable to Plugin Flaw

threatpost.com/200k-wordpress-sites-vulnerable-to-plugin-flaw/152415/ Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw. A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200, 000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin). The flaw (CVE-2020-8417) has been patched by the plugin’s developer, Code Snippets Pro.

Miten jäljittää henkilö tai piiloutua stalkkerilta? piiloutuminen on vaikeaa jos etsijä osaa asiansa

www.tivi.fi/uutiset/tv/dd1182b0-625b-4984-bc0a-be2dcbbffb0e Perusteellisella työllä jäljittäjä löytää henkilöstä yllättävän paljon tietoa verkossa. Henkilön jäljittämiselle verkossa voi olla monia perusteita. Toinen tahtoo löytää kauan sitten kadonneen sukulaisen, jonka kanssa ei ole tullut pidettyä yhteyttä, toinen saattaa pakkomielteissään jahdata ex-kumppaniaan. Olit sitten itse aikeissa etsiä jotakuta verkossa tai päinvastoin joutunut ikävän stalkkerin uhriksi, on hyvä tietää miten tietoa voi löytää. Lue myös:

www.gizmodo.com.au/2020/01/how-to-find-anyone-online/

FBI tutkii tietoturvayhtiötä epäilee digipussin jauhojen olevan kaikkea muuta kuin puhtaita

www.tivi.fi/uutiset/tv/3c59ed07-b251-4242-b3de-1f45d6441b9a Israelilainen NSO Group on saavuttanut kyseenalaista mainetta hakkerointityökaluillaan. Nyt yhtiöstä on kiinnostunut myös FBI. Lue myös

www.zdnet.com/article/fbi-launches-investigation-into-pegasus-spyware-vendor-over-us-intelligence-gathering-hacks/

Pelkoa koronatartunnasta käytetään hyväksi käynnissä vaarallinen sähköpostikampanja

www.is.fi/digitoday/tietoturva/art-2000006389423.html Tietokonevirusta levitetään koronaviruksen imussa. Hätäinen klikkaaja saa tartunnan. Koronavirus ei jäänyt huomaamatta haittaohjelmamaakareilta. Maailmalla ennenkin riehunutta Emotet-haittaohjelmaa levitetään sähköposteilla, joissa varoitetaan koronaviruksen tartunnoista. Lue myös

www.bleepingcomputer.com/news/security/emotet-uses-coronavirus-scare-to-infect-japanese-targets/

Microsoft Detects New Evil Corp Malware Attacks After Short Break

www.bleepingcomputer.com/news/security/microsoft-detects-new-evil-corp-malware-attacks-after-short-break/ Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique. The new campaign is detailed in a series of tweets from the Microsoft Security Intelligence account, with the researchers saying that the final payload is being dropped using an Excel document that bundles a malicious macro.

NEC Defense Contracts Info Potentially Compromised in Breach

www.bleepingcomputer.com/news/security/nec-defense-contracts-info-potentially-compromised-in-breach/ The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter. The electronics and information technology giant is a major contractor for Japan’s defense industry, engaged in various defense equipment projects with the Japan Self-Defense Forces (JGSDF or Jieitai), including but not limited to 3D radar, broadband multipurpose radio systems and may have leaked relevant information.

TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly

www.bleepingcomputer.com/news/security/trickbot-uses-a-new-windows-10-uac-bypass-to-launch-quietly/ The TrickBot Trojan has switched to a new Windows 10 UAC bypass to execute itself with elevated privileges without showing a User Account Control prompt. Windows uses a security mechanism called User Account Control (UAC) that will display a prompt every time a program is run with administrative privileges. When these prompts are shown, they will ask logged in user if they wish to allow the program to makes changes, and if the program is suspicious or unrecognized, allows the user to prevent the program from running.

A year after Bank of Valletta ‘cyber heist’, cuffs applied as cash-cleansing case continues

www.theregister.co.uk/2020/01/31/bank_valletta_malta_cyber_heist_case_arrests/ Nearly a year after Malta’s Bank of Valletta (BOV) yanked itself from the internet amid a “cyber intrusion”, Britain’s National Crime Agency (NCA) has made three arrests. Around £800k was transferred to a number of accounts during the 2019 “cyber heist”, according to the NCA, one of which was in the UK and held in Belfast. Read also:

nationalcrimeagency.gov.uk/news/arrests-in-belfast-and-london-in-cyber-heist-money-laundering-investigation

It’s not true no one wants.uk domains just look at all these Bulgarians who signed up to nab expired addresses

www.theregister.co.uk/2020/01/31/uk_address_bulgarians/ Hundreds of thousands of unwanted.uk domains are being dropped by their owners and picked up by Europeans looking to profit from Blighty’s registry system. As we have previously noted, the controversial plan to start selling.uk domains, such as yourcompanyname.uk, resulted in thousands of Brits being pressured into owning web addresses they never wanted and never ordered.

Two Vulnerabilities Found in Microsoft Azure Infrastructure

www.darkreading.com/cloud/two-vulnerabilities-found-in-microsoft-azure-infrastructure/d/d-id/1336932 Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched. Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them. Read also:

research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/

Android Malware for Mobile Ad Fraud Spiked Sharply in 2019

www.darkreading.com/mobile/android-malware-for-mobile-ad-fraud-spiked-sharply-in-2019/d/d-id/1336930 Some 93% of all mobile transactions across 20 countries were blocked as fraudulent, Upstream says. Criminal groups are increasingly targeting users of Android mobile devices with malware for conducting ad fraud on a massive scale. Mobile security vendor Upstream this week said that in 2019 it identified as many as 98, 000 malicious Android apps and 43 million infected Android devices across the 20 countries where mobile operators currently use its technology. The numbers are up sharply from 2018 when Upstream recorded some 63, 000 apps and 30 million infected devices.

Verkkohyökkäykset arkipäiväistyneet Kyberasiantuntija Aapo Cederberg: “Varautuminen on 10 kertaa halvempaa kuin jälkituhojen korjaaminen”

yle.fi/uutiset/3-11182227 Israelilainen ja suomalainen asiantuntija korostavat, että tietoturvasta ei pidä säästää väärässä paikassa. Kyberturvallisuus nousee entistä tärkeämmäksi asiaksi esineiden internetin (IoT) ja 5G-verkon yleistyessä. Tätä mieltä olivat asiantuntijat tiistaina Salossa järjestetyssä Cyber Talks -tapahtumassa, jossa yleisöä puhutti muun muassa kuntien tietojärjestelmien turvallisuus.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.