Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-13

Alert (AA20-073A) – Enterprise VPN Security

www.us-cert.gov/ncas/alerts/aa20-073a As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work optionsor teleworkrequire an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.

Ransomware

www.us-cert.gov/Ransomware The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the world: See CISA’s Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights Ransomware Outbreak.

Tips to secure your organization in a work-from-home environment

www.sans.org/blog/tips-to-secure-your-organization-in-a-work-from-home-environment/ In response to the current COVID-19 pandemic, organizations worldwide are implementing work-from-home policies. Yet for many businesses, managing an entirely remote workforce is completely new which means they may lack the processes, policies and technologies that enable employees to work from home safely and securely.

February 2020’s Most Wanted Malware: Increase in Exploits Spreading the Mirai Botnet to IoT Devices

blog.checkpoint.com/2020/03/11/february-2020s-most-wanted-malware-increase-in-exploits-spreading-the-mirai-botnet-to-iot-devices/ Check Point Research also reports that Emotet has been spreading via new SMS phishing Campaign. Our latest Global Threat Index for February 2020 shows a large increase in exploitation of a vulnerability to spread the Mirai botnet, which is notorious for targeting Internet-of-Things (IoT) devices, such as web cameras, modems and routers, and for conducting massive DDoS attacks.

Oletko nyt etätöissä? Varo huijauspuhelua

www.is.fi/digitoday/tietoturva/art-2000006437968.html Teknisen tuen huijaukset jatkuvat edelleen. Ilta-Sanomien tietoon tullut tapaus kohdistui etätyöläiseen. Jos saat yllättävän yhteydenoton teknisen tuen nimissä, älä missään tapauksessa noudata annettuja ohjeita. Älä anna kenenkään kytkeytyä tietokoneeseesi etäyhteydellä. Vaikka tämä on normaali toimintatapa todellisessakin ongelmatilanteessa, huijarin on etäyhteyden avulla helppo saastuttaa tietokone haittaohjelmilla. Katkaise puhelu, tai jos huijaus saapui vaikkapa sähköpostitse, älä vastaa siihen. Soita yrityksesi todelliseen tukilinjaan, ja kysy asiasta. Tällä tavalla saat myös sanan eteenpäin huijauksesta, jotta muitakin työntekijöitä voidaan varoittaa siitä.

Jouduitko koronan vuoksi etätöihin? Lue ohjeet turvalliseen tietokoneen käyttöön

www.is.fi/digitoday/tietoturva/art-2000006436758.html Huolimaton etätyöntekijä voi vaarantaa koko yrityksensä tietoturvan. Muutama nyrkkisääntö auttaa kuitenkin pitkälle.

Valtion salatut verkkoyhteydet kaatuivat piikki etätöissä oli liikaa

www.is.fi/digitoday/tietoturva/art-2000006437777.html Valtionhallinnon virastoille ja laitoksille, ministeriöille, eduskunnalle ja tuomioistuimille ict-palvelut toimittavan Valtorin suojatut Kauko-vpn-yhteydet kärsivät pahoista häiriöistä. Eiliseen saakka yhteydet vielä jaksoivat kantaa kuormituksen, mutta tänään ne ovat monin paikoin toimintakelvottomia.

Inadvertent Insider Threats Present a Unique Challenge to Organizations

securityintelligence.com/articles/inadvertent-insider-threats-present-a-unique-challenge-to-organizations/ According to the recent X-Force Threat Intelligence Index 2020, more than 8.5 billion records were exposed due to breaches in 2019, of which 86 percent were due to misconfigured assets. These issues affected only half of the records breached in 2018, and as the 2017 report stated, 70 percent of the 2.9 billion records lost that year were due to misconfigurations.

Working from home: 5 tips to protect your company

www.pandasecurity.com/mediacenter/tips/telework-coronavirus/ Technology changes, life habits change and the way we work changes too. And however we work, one thing that does not change is the inescapable duty we have to protect our assets in order to ensure perfect business continuity, to protect the information we manage, and to maintain business secrecy.

Swallowing the Snake’s Tail: Tracking Turla Infrastructure

www.recordedfuture.com/turla-apt-infrastructure/ Recorded Future’s Insikt Group® has developed new detection methods for Turla malware and infrastructure as part of an in-depth investigation into recent Turla activities. Data sources included the Recorded Future® Platform, ReversingLabs, VirusTotal, Shodan, BinaryEdge, and various OSINT tools. The target audience for this research includes security practitioners, network defenders, and threat intelligence professionals who are interested in Russian nation-state computer network operations activity. Turla, also known as Snake, Waterbug, and Venomous Bear, is a well-established, sophisticated, and strategically focused cyberespionage group that has for over a decade been linked to operations against research, diplomatic, and military organizations worldwide, with an ongoing focus against entities within North Atlantic Treaty Organization (NATO) and Commonwealth of Independent States (CIS). nations in particular. Read also:

go.recordedfuture.com/hubfs/reports/cta-2020-0312.pdf

New Android Malware Strain Sneaks Cookies from Facebook

www.darkreading.com/new-android-malware-strain-sneaks-cookies-from-facebook/d/d-id/1337304 Two malware modifications, when combined, can snatch cookies collected by browsers and social networking apps. Read also:

securelist.com/cookiethief/96332/,

thehackernews.com/2020/03/android-cookies-malware-hacking.html and threatpost.com/trojan-android-cookie-jars/153678/

Radio.com users affected in data breach

www.welivesecurity.com/2020/03/13/radiocom-users-affected-data-breach/ An unknown number of people had their personal data exposed as hackers accessed database backup files

Fresh virus misery for Illinois: Public health agency taken down by… web ransomware. Great timing, scumbags

www.theregister.co.uk/2020/03/12/ransomware_illinois_health/ Not like anyone is looking for medical advice right now

Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them

www.theregister.co.uk/2020/03/13/open_source_bugs/ The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don’t find what you’re not looking for. Read also:

www.zdnet.com/article/open-source-security-this-is-why-bugs-in-open-source-software-have-hit-a-record-high/#ftag=RSSbaffb68

Office 365 ATP To Block Email Domains That Fail Authentication

www.bleepingcomputer.com/news/security/office-365-atp-to-block-email-domains-that-fail-authentication/ Microsoft is working on including a new Office 365 Advanced Threat Protection (ATP) feature that would block email sender domains automatically if they fail DMARC authentication as part of an effort to make Office 365 ATP secure by default.

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

www.bleepingcomputer.com/news/security/wordpress-plugin-bug-allows-malicious-code-injection-on-100k-sites/ Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites.

Rikolliset hyötyvät koronapaniikista: interaktiivisesta koronakartasta tuli tietomurtovälineen työkalu

www.tivi.fi/uutiset/tv/db61bc53-95b2-4104-859b-0da56c7fedf0 Asiantuntijan mukaan koronavirus aiheuttaa sekä biologisen että datavirusriskin. Lue myös:

www.kauppalehti.fi/uutiset/rikolliset-ottavat-kaiken-irti-koronapaniikista-interaktiivisesta-koronamallinnuksesta-tietomurtovalineen-tyokalu/dd5d415e-59d9-462e-9df0-19804d8f323e

Koronavirus tai ei jos firman tieto on riittävän salaista, etätyö ei onnistu

www.tivi.fi/uutiset/tv/871f7b6c-d3d6-4987-950c-696fe466f7d4 Monilla työpaikoilla on siirrytty etätöihin joko tiukalla määräyksellä tai lempeällä kehotuksella. Kaikki tietotyö ei kuitenkaan siirry helposti työpaikalta kotikonttorille. Mitä arkaluontoisempaa tietoa järjestelmässä on, sitä kauempana koko järjestelmä tulisi pitää internetistä. Vanha kyberturvan sääntö aiheuttaa nyt koronaviruksen myötä hankaluuksia monille yhtiöille, Wired kirjoittaa. Read also:

www.wired.com/story/high-stakes-security-set-ups-making-remote-work-impossible/

AT&T Suspends Broadband Data Caps During Coronavirus Crisis

www.vice.com/en_us/article/v74qzb/atandt-suspends-broadband-usage-caps-during-coronavirus-crisis As AT&T moves to lift usage caps, lawmakers begin pressuring ISPs to do more.

Researchers Warn of Novel PXJ Ransomware Strain

threatpost.com/novel-pxj-ransomware-strain/153673/ While PXJ performs typical ransomware functions, it does not appear to share the same underlying code with most known ransomware families.

Europol takes down SIM-swap hacking rings responsible for theft of millions of euros

www.zdnet.com/article/europol-tackles-massive-sim-swap-hacking-rings/ Arrests have been made across Europe in an effort to stamp out gangs specializing in SIM-swapping attacks. Read also:

www.bleepingcomputer.com/news/security/europol-dismantles-sim-swap-criminal-groups-that-stole-millions/

State-sponsored hackers are now using coronavirus lures to infect their targets

www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/ Chinese, North Korean, and Russian government cyberspies caught using COVID-19-themed emails to infect victims with malware. Read also:

threatpost.com/coronavirus-apt-attack-malware/153697/

Firefox 74 slams Facebook in solitary confinement: Browser add-on stops social network stalking users across the web

www.theregister.co.uk/2020/03/12/firefox_74_aims_to_contain_facebook_tighten_security/ Prompt to install enhanced extension is the first thing you’ll see

Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak

www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/ One of the Czech Republic’s biggest COVID-19 testing laboratories hit by mysterious cyberattack.

VMWare Releases Fix for Critical Guest-to-Host Vulnerability

www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-guest-to-host-vulnerability/ A security update has been released that fixes a Critical vulnerability in VMware Workstation Pro that could allow an application running in a guest environment to execute a command on the host. Read also:

www.vmware.com/security/advisories/VMSA-2020-0004.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.