Daily NCSC-FI news followup 2020-02-11

Will an immobilizer save your car from being stolen?

www.kaspersky.com/blog/36c3-immobilizers/32419/ Automobiles are getting ever smarter, and cracking them with a crowbar and a screwdriver is getting ever more difficult. Statistics back up that assumption: According to research from Jan C. van Ours and Ben Vollaard highlighting car theft and recovery data, vehicle theft decreased by 70% between 1995 and 2008 in the Netherlands and by as much as 80% in Great Britain.

Malwarebytes Labs releases 2020 State of Malware Report

blog.malwarebytes.com/reports/2020/02/malwarebytes-labs-releases-2020-state-of-malware-report/ Today is Safer Internet Dayand what better way to celebrate/pay homage than to immerse yourself in research on the latest in malware, exploits, PUPs, web threats, and data privacy?. It so happens weve got just the right content to kick-start the party because today we released the results of our annual study on the state of malwarethe 2020 State of Malware Reportand as usual, its a doozy.

The intelligence coup of the century

www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.. But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence.

Managed Defense: The Analytical Mindset

www.fireeye.com/blog/threat-research/2020/02/managed-defense-the-analytical-mindset.html When it comes to cyber security (managed services or otherwise), youre ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an analysts trained eyes and investigative process are the deciding factors in effectively going from alerts to answers in your organization.. Recently, FireEye Managed Defense responded to a suspected China-nexus threat group campaign targeting the transportation, construction, and media sectors in Southeast Asia.

Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems

blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/ As weve observed with cybercriminal groups that aim to maximize profits for every campaign, silence doesnt necessarily mean inactivity. It appears hacking group Outlaw, which has been silent for the past few months, was simply developing their toolkit for illicit income sources.

BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver

threatpost.com/byo-bug-windows-kernel-outdated-driver/152762/ The operators behind the RobbinHood ransomware are using a vulnerable, legacy driver from Taiwan-based motherboard manufacturer Gigabyte in order to get around antivirus protections. The bring-your-own-bug tactic is likely to crop up in other attacks going forward, according to security analysts.

KBOT: sometimes they come back

securelist.com/kbot-sometimes-they-come-back/96157/ Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first living virus in recent years

Automaton takes center stage in enterprise cyberattacks

www.zdnet.com/article/automaton-takes-center-stage-in-enterprise-cyberattacks/ The use of automaton to weaponize stolen information dumps is an emerging trend in cyberattacks taking place against enterprise targets, new research suggests. On Tuesday, IBM released the annual X-Force Threat Intelligence Index, a report based on information gathered from 70 billion security events across 130 countries to spot patterns and themes in cybersecurity.

How Big Companies Spy on Your Emails

www.vice.com/en_us/article/pkekmb/free-email-apps-spying-on-you-edison-slice-cleanfox The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users’ email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users’ inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.

Työntekijöiden usein toivoma asia suuri syyllinen? Lähes jokaiseen suomalaisorganisaatioon hyökätty

www.tivi.fi/uutiset/tv/b1270712-7feb-441c-8b49-b898b694cf94 Peräti yhdeksän kymmenestä pohjoismaisesta organisaatiosta on joutunut ainakin yhden tietoturvahyökkäyksen uhriksi viimeksi kuluneen vuoden aikana. Näin kertoo tietoturvayhtiö Sophos teettämänsä kyselyn perusteella. Suomessa kyselyyn vastanneista organisaatioista 71 prosenttia oli joutunut ainakin kolmen tietoturvahyökkäysten uhriksi viimeksi kuluneen vuoden aikana. Kenties yllättävää on, että suomalaisista vastaajista 58 prosenttia arvioi, että merkittävin tietoturvatarpeita lisäävä tekijä on liikkuvan työn ja etätyön kasvu.

Onko valtion kybersuojaus kunnossa? VTV antoi ministeriölle sapiskaa itse koemme toteuttavamme kyberturvallisuusstrategiaa

www.tivi.fi/uutiset/tv/b27dbad5-e730-4846-80ef-26aa9b433113 Valtiovarainministeriö sai tammikuussa moitteita Valtiontalouden tarkastusvirastolta. Jälkiseurantaraportin mukaan ministeriö ei ole ryhtynyt riittäviin toimiin parantaakseen valtion kybersuojausta. Se on VTV:n näkemys tästä tilanteesta, ja pidämme sitä luotettavana. Itse koemme toteuttavamme valtioneuvoston vuonna 2019 hyväksymää Suomen kyberturvallisuusstrategiaa, tietohallintoneuvos Tuija Kuusisto valtiovarain­ministeriöstä sanoo.

New red team as a service platform aims to automate hacking tests for company networks

arstechnica.com/information-technology/2020/02/the-loyal-opposition-randoris-attack-turns-red-teaming-into-cloud-service/ Attack simulation and “red teaming as a service” have become a hot area of development over the past few years as companies continue to seek ways to better train their network defenders and find problems before attackers do. Randori, a company pulling together red-teaming skills and security software experience, today is launching a new platform that attempts to capture the expertise of a high-budget security testing team as a cloud-based servicegiving chief information security officers a way to continuously take the pulse of their companies’ defenses.

FBI: Cybercrime Victims Lost $3.5 Billion in 2019

www.bleepingcomputer.com/news/security/fbi-cybercrime-victims-lost-35-billion-in-2019/ FBI’s Internet Crime Complaint Center (IC3) published the 2019 Internet Crime Report which reveals that cybercrime was behind individual and business losses of $3.5 billion as shown by the 467,361 complaints received during the last year. IC3 says that it has received 4,883,231 complaints since its inception in May 2000, with an average of around 340,000 complaints per year and over 1,200 complaints per day during the last five years.

China’s Hacking Spree Will Have a Decades-Long Fallout

www.wired.com/story/china-equifax-anthem-marriott-opm-hacks-data/ At a press conference announcing the indictment of four Chinese hackers Monday, US Attorney General William Barr spoke out loud what had long been discussed only over drinks at security conferences: Some of the biggest hacks of Americans private data in the past decade had been the work of the Chinese government, resulting in a massive, unparalleled espionage advantage.

Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits

www.darkreading.com/risk/cybercriminals-swap-phishing-for-credential-abuse-vuln-exploits/d/d-id/1337019 Phishing attacks are growing less popular as cybercriminals learn they don’t need to manipulate targets to gain access to their accounts. Instead they are breaking in with stolen credentials and known vulnerabilities, both of which are more difficult for enterprise victims to detect. This trend is one of many highlighted in IBM’s “X-Force Threat Intelligence Index 2020,” which aims to provide an overview of the threat landscape to security pros often caught in the weeds of day-to-day alerts.

Microsoft’s February 2020 Patch Tuesday Fixes 99 Flaws, IE 0day

www.bleepingcomputer.com/news/security/microsofts-february-2020-patch-tuesday-fixes-99-flaws-ie-0day/ Today is Microsoft’s February 2020 Patch Tuesday and also the first time Windows 7 users will not receive free security updates. Be nice to your Windows administrators today!. With the release of the February 2020 security updates, Microsoft has released one advisory for Flash Player and fixes for 99 vulnerabilities in Microsoft products. Of these vulnerabilities, 10 are classified as Critical, 87 as Important, and 2 as Moderate.. Also:




Adobe Addresses Critical Flash, Framemaker Flaws

threatpost.com/adobe-security-update-critical-flash-framemaker-flaws/152782/ Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity. That trumps Adobes January security update, which addressed nine vulnerabilities overall, including ones in Adobe Illustrator CC and Adobe Experience Manager.. Also:



Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool

www.theregister.co.uk/2020/02/11/dell_supportassist_flaw/ Dell has copped to a flaw in SupportAssist a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the vulnerability, warning that a locally authenticated low-privilege user could exploit the bug to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware. Also:



Intel Patches High-Severity Flaw in Security Engine

threatpost.com/intel-patches-high-severity-flaw-in-security-engine/152794/ Intel is warning of a high-severity flaw in the firmware of its converged security and management engine (CSME), which if exploited could allow privilege escalation, denial of service and information disclosure. CSME powers Intels Active Management System hardware and firmware technology, used for remote out-of-band management in consumer or corporate PCs, Internet of Things (IoT) devices, and workstations.

FBI warns about ongoing attacks against software supply chain companies

www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/ The FBI has sent a security alert to the US private sector about an ongoing hacking campaign that’s targeting supply chain software providers, ZDNet has learned. The FBI says hackers are attempting to infect companies with the Kwampirs malware, a remote access trojan (RAT).

Kyberturvallisuuskeskus varoittaa hälärihuijauksista älä vastaa outoon, ulkomaisesta numerosta tulevaan puheluun

yle.fi/uutiset/3-11203261 Liikenne- ja viestintäviraston kyberturvallisuuskeskus varoittaa ulkomaisista suuntanumeroista tulevista huijauspuheluista. Huijauspuhelut tulevat muun muassa suuntanumeroista +881 ja +882. Ne ovat satelliittinumeroita, joihin kannattaa olla vastaamatta tai soittamatta takaisin.

You might be interested in …

Daily NCSC-FI news followup 2021-03-18

Tiedote 18.3.2021: Timanttiteko-palkinto 2020 Kyberturvallisuuskeskukselle www.erillisverkot.fi/timanttiteko-palkinto-2020/ Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien arviointi on välttämätöntä. Suojelupoliisi tunnisti […]

Read More

Daily NCSC-FI news followup 2021-06-16

Ukrainian Police Nab Six Tied to CLOP Ransomware krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/ Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOPs victims this year alone include Stanford University Medical School, the University […]

Read More

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.