Daily NCSC-FI news followup 2020-03-04

Are our police forces equipped to deal with modern cybercrimes?

blog.malwarebytes.com/opinion/2020/03/are-our-police-forces-equipped-to-deal-with-modern-cybercrimes/ You should have asked for the presence of a digital detective, Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file a report. After listening to his story, the police officer at the desk asked if my neighbor had a description of the perpetrator. I may have groaned.. To meet a growing demand for specialized experts, the police force will need a good deal of extra funds and staff. The cost of failing to adequately meet these demands may result in heavier losses than society can afford.. At least every police station or sheriffs office should have one digital expert available to at least take in reports of cybercrimes.. If this is not an achievable goal, set up an easy-to-use site to report cybercrimes online, where a special department of digital experts can do a triage, spot trends, and involve other departments where that is beneficial.

Valkohattuhakkeri voidaan kokea uhkaavana Pelko estää yrityksiä reagoimasta haavoittuvuuksiin

www.tivi.fi/uutiset/tv/6e55f75f-5be0-47e5-80f6-85f577c6efd9 Tietoturvatutkija Laura Kankaalan mukaan joissain yrityksissä ei vieläkään haluttaisi saattaa tietoturva-aukkoja päivänvaloon.. Kankaala kehottaa yrityksiä kommunikoimaan ulospäin väylät, joiden kautta haavoittuvuuksista voidaan ilmoittaa vastuullisesti. Yritysten tulisi lisäksi kehittää selkeät, sisäiset prosessit, joiden mukaan haavoittuvuustilanteissa toimitaan.. Prosessit tulisi saattaa kuntoon niin, että kun haavoittuvuus löydetään, niin se korjataan. Silloin ei ole enää syytä mennä tolaltaan tai pelätä maineensa menettämistä, Kankaala sanoo.

Oikotie varoittaa: Varo petollista tekstiviestiä

www.is.fi/digitoday/tietoturva/art-2000006427623.html Oikotien nimissä lähetetään huijaustekstiviestejä. Älä klikkaa viestissä olevaa linkkiä.

State Department pledges $8 million more in cybersecurity aid to Ukraine

www.cyberscoop.com/state-department-ukraine-cyber-aid-kyiv/ The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has at least twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a quarter of a million Ukrainians into darkness.. Ukraine was one of several allies to join the U.S. in blaming the Russian government for cyberattacks on thousands of websites in the Eurasian country of Georgia last October. Moscow denied involvement in the attacks.

Cyber Threats 2019: A Year in Retrospect

www.pwc.co.uk/issues/cyber-security-data-privacy/insights/cyber-threats-2019-retrospect.html In 2019, the cyber threat landscape became increasingly complex due to the proliferation of financially motivated cyber activity, intelligence operations navigating the currents of powerful interests and international politics, and information operations attempting to manipulate the news agenda.. PDF:


Warning over ‘hidden apps’ as mobile malware attacks increase – and get sneakier

www.zdnet.com/article/warning-over-hidden-apps-as-mobile-malware-attacks-increase-and-get-sneakier/#ftag=RSSbaffb68 According to figures in the newly released McAfee Mobile Threat Report, the total number of detections for different types of mobile malware reached over 35 million during the final quarter of 2019, representing a jump of 10 million detections compared with 2018.. PDF:


Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities-in-23-web-apps-cmses-and-forums/#ftag=RSSbaffb68 Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and content management systems (CMSes).. When present in real-world web apps, these types of vulnerabilities allow hackers to exploit file upload forms and plant malicious files on a victim’s servers.. These files could be used to execute code on a website, weaken existing security settings, or function as backdoors, allowing hackers full control over a server.

Securing Content Management Systems

www.cyber.gov.au/publications/securing-content-management-systems The security of external-facing infrastructure is critical for organisations when considering the security of their network as a whole. Even if external-facing infrastructure does not host sensitive information, there is still a significant risk to the reputation of organisations if external-facing infrastructure is tampered with.. Security vulnerabilities within content management systems (CMS) installed on web servers of organisations are often exploited by adversaries. Once a CMS has been compromised, the web server can be used as infrastructure to facilitate targeted intrusion attempts.. This document outlines strategies for identifying and minimising the potential risk to web servers using CMS. The intended audience is individuals responsible for developing and securing websites or web applications using CMS.

Measuring Security Risk in a Medical IoT World

securityintelligence.com/posts/measuring-security-risk-in-a-medical-iot-world/ The medical internet of things (IoT) is no longer a futuristic concept. It is here today, and it includes devices you may have never considered a part of the patient care ecosystem, such as elevators, beds, exit signs and clocks.. When hospitals classify vulnerabilities, they should match the vulnerabilities with information about actual workflows, service delivery of the devices and threats that could lead to a compromise. In other words, security teams should consider the potential clinical and organizational impacts.

Singapore to introduce security label for smart home devices

www.zdnet.com/article/singapore-to-introduce-security-label-for-smart-home-devices/#ftag=RSSbaffb68 Singapore says it will launch the Cybersecurity Labelling Scheme for home routers and smart home hubs, as part of efforts to increase consumer awareness on using secured products and urge manufacturers to deploy additional cybersecurity measures.

Critical Netgear Bug Impacts Flagship Nighthawk Router

threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/ Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to The warnings, posted Tuesday, also include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.

Ransomware Attackers Use Your Cloud Backups Against You

www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.. When Maze finds backups stored in the cloud, they attempt to obtain the cloud storage credentials and then use them to restore the victim’s data to servers under the attacker’s control.. “Yes, we download them. It is very useful. No need to search for sensitive information, it is definitely contained in backups. If backups in the cloud it is even easier, you just login to cloud and download it from your server, full invisibility to “data breach detection software”. Clouds is about security, right?”

Microsoft OneNote Used To Sidestep Phishing Detection

threatpost.com/microsoft-onenote-sidestep-phishing-detection/153436/ A phishing campaign was recently discovered leveraging OneNote, Microsofts digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims systems.. The attacker was utilizing OneNote as a way to easily experiment with various lures that either delivered the credential-stealing Agent Tesla keylogger or linked to a phishing page or both. The attack first started with an email to victims that contained a link to the OneNote document.

Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

www.cyberscoop.com/homoglyph-zero-day-verisign-soluble/ Verisign has fixed an issue that could have allowed attackers to register bogus domains by using homoglyphs in place of more common characters, due to research from California-based security firm Soluble.

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover/ Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites. In short, the Windows giant allowed hundreds of sub-domains at least 670 on its big-name microsoft.com, skype.com, visualstudio.com, and windows.com properties to potentially fall into the hands of miscreants who could have commandeered them for phishing and malware distribution.

Scam call centre owner in custody after BBC investigation


You might be interested in …

Daily NCSC-FI news followup 2021-08-03

Five Southeast Asian telcos hacked by three different Chinese espionage groups therecord.media/five-southeast-asian-telcos-hacked-by-three-different-chinese-espionage-groups/ At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups. “These are global telcos with tens of millions of customers, ” Assaf Dahan, Senior Director and Head of Threat Research at security […]

Read More

Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta. […]

Read More

Daily NCSC-FI news followup 2021-02-01

Someväitteiden mukaan Vastaamo-uhrien pankkitilejä tyhjennetty – todellisuudessa kyse lienee kierosta huijauksesta Nordean ja OP:n nimissä www.is.fi/digitoday/tietoturva/art-2000007776104.html Suomessa on meneillään kehittynyt OP:n ja Nordean nimissä tehtävä tietojenkalastelu, joka sattuu samaan aikaan Vastaamon asiakastietojen aktiivisen leviämisen kanssa. – Vastaamo-tiedoissa ei ole ollut sellaisia tietoja, jotka tämän mahdollistaisivat. Siellä ei ole ollut esimerkiksi käyttäjätunnus ja salasana -pareja tai […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.