Daily NCSC-FI news followup 2020-04-05

Suomessa kaupitellaan nyt olemattomia hengityssuojaimia Koronapandemia pitää rötöstelijätkin kotona, mutta nettirikolliset aktiivisina

yle.fi/uutiset/3-11288563?origin=rss EU-komissio ja eurooppalaiset kuluttajaviranomaiset ovat ryhtyneet toimiin koronaan liittyvien huijausten ehkäisemiseksi. Esimerkiksi EU-komissio on vaatinut suurilta markkinoijilta ja alustoilta yhteistyötä. Koronaan liittyviä huijausilmoituksia on tullut parikymmentä tähän mennessä, sanoo erityisasiantuntija Saija Kivimäki Kilpailu- ja kuluttajavirastosta.

Microsoft: Emotet Took Down a Network by Overheating All Computers

www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/ Microsoft says that an Emotet infection was able to take down an organization’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment.. Case study at

www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf

Threat Alert: Kinsing Malware Attacks Targeting Container Environments

blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability Lately weve been witnessing a rise in the number of attacks that target container environments. Weve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily basis. These are the highest numbers weve seen in some time, far exceeding . what we have witnessed to date. We therefore believe that these attacks are directed by actors with sufficient resources and the infrastructure needed to carry out and sustain such attacks, and that this is not an improvised endeavor.

Hundreds of internal servicedesks exposed due to COVID-19

medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd An increasing number of Atlassian JIRA Servicedesks have been misconfigured to be accessible for anyone to sign up. In essence, this is nothing to worry about as servicedesks may have legitimate reasons to be public. However, a growing number of instances have been repurposed to serve as an internal service ticket portal, allowing attackers to impersonate employees and create legitimate internal . requests. […] I took a list of 10.000 popular domain names globally and found out that no less than 288 of 1.972 (roughly 15%) corresponding Atlassian instances were open to the public. This was an increase of 12% compared to tests conducted before the COVID-19 crisis my earliest scans date back from last summer.. About one third of the servicedesks I joined allowed me to assign tickets to other users. In certain configurations, where users are created for any inbound support e-mail (with their display name automatically set to their e-mail address), this would leak the e-mail addresses of every user that has interacted with the external support channels as well.

This is how you deal with route leaks

radar.qrator.net/blog/how_you_deal_with_route_leaks Heres the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP Rostelecom (AS12389) was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.

Crave the Data: Statistics from 1,300 Phishing Campaigns

research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/ analysing the data NCC Group has from its Piranha platform we found a distinct variation on success rates when comparing organisations from different sectors. Targets in Charities were found to be over 3 times more likely to click a link in a Phishing attack than targets in the Health sector, however once a user had been fooled into clicking the link, half were likely to enter credentials . regardless of what sector they worked in.

You might be interested in …

Daily NCSC-FI news followup 2021-08-11

Microsoft korjasi kriittisiä tietoturva-aukkoja mutta jäikö yksi vakavimmista raolleen? www.is.fi/digitoday/tietoturva/art-2000008185347.html Microsoft julkaisi tiistaina illalla joukon paikkauksia eri tuotteilleen, kuten Windowsille, Edge-selaimelle ja Office-toimisto-ohjelmistolle. 44 paikkauksen joukossa on kolme niin sanottua nollapäivän haavoittuvuutta. Se tarkoittaa haavoittuvuuksia, jotka tulivat yleiseen tietoon ennen Microsoftin korjausta. Nyt haavoittuvuuden pitäisi olla viimeinkin kunnolla paikattu. Mutta Bleeping Computer -sivuston mukaan näin […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Daily NCSC-FI news followup 2021-06-05

Attackers are scanning for vulnerable VMware servers, patch now! www.bleepingcomputer.com/news/security/attackers-are-scanning-for-vulnerable-vmware-servers-patch-now/ Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. The ongoing scanning activity was spotted by threat intelligence company Bad Packets yesterday and confirmed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.