Daily NCSC-FI news followup 2020-04-15

Pelaavatko lapset työkoneellasi? Se voi olla vakava tietoturvariski, varoittaa F-Securen Mikko Hyppönen

yle.fi/uutiset/3-11293842 Tietomurron mahdollisuus kasvaa, mikäli työntekoon käytetään omia laitteita ilman kunnon suojausta.

Alert (AA20-106A) – Guidance on the North Korean Cyber Threat

www.us-cert.gov/ncas/alerts/aa20-106a The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public.

US offers $5 million reward for information on North Korean hackers

www.zdnet.com/article/us-offers-5-million-reward-for-information-on-north-korean-hackers/ US says North Korean hackers pose a significant threat to the integrity and stability of the international financial system.

PPE, COVID-19 Medical Supplies Targeted by BEC Scams

threatpost.com/ppe-covid-19-medical-supplies-bec-scams/154806/ FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.

Coronavirus Update App Leads to Project Spy Android and iOS Spyware

blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/ We discovered a potential cyberespionage campaign, which we have named Project Spy, that infects Android and iOS devices with spyware (detected by Trend Micro as AndroidOS_ProjectSpy.HRX and IOS_ProjectSpy.A, respectively). Project Spy uses the ongoing coronavirus pandemic as a lure, posing as an app called Coronavirus Updates.

Tällaisia koronahuijauksia konnat keksivät nyt: valemobiilisovelluksia, virukselta suojaavaa musiikkia ja pdf-tiedostoille ohjeita pomolta…

www.tivi.fi/uutiset/tv/0411428c-ed46-42d3-ac84-512c4c24a60a Huijaukset ovat muuttumassa entistä ammattimaisemmiksi ja uskottavammiksi, kertoo Cujo AI:n Kimmo Kasslin.

Vodafone chief speaks out after 5G conspiracy nuts torch phone mast serving Nightingale Hospital in Brum

www.theregister.co.uk/2020/04/15/vodafone_chief_speaks_out_birmingham_phone_mast_torched/ Vodafone CEO Nick Jeffrey has spoken out after arsonists targeted a phone mast serving the NHS Nightingale Hospital in Birmingham.

Windows-tietokoneisiin hyökätään korjaukset nyt jaossa

www.is.fi/digitoday/tietoturva/art-2000006475337.html Microsoft julkaisi tiistaina huhtikuun tietoturvakorjaukset. Paikkauksen sai kaikkiaan jopa 113 haavoittuvuutta 11:ssä yhtiön tuotteessa, mutta tärkeimpiä ovat kolme Windowsin haavoittuvuutta. Niihin on alettu hyökätä ennen korjausten olemassaoloa.

Rapid7 launches AttackerKB, a service for crowdsourcing vulnerability assessments

www.zdnet.com/article/rapid7-launches-attackerkb-a-service-for-crowdsourcing-vulnerability-assessments/ Cyber-security company Rapid7 launched today a new web service named AttackerKB, a web portal that crowdsources vulnerability assessments to help companies understand and prioritize which bugs need to be patched before others.

New tool detects AWS intrusions where hackers abuse self-replicating tokens

www.zdnet.com/article/new-tool-detects-aws-intrusions-where-hackers-abuse-self-replicating-tokens/ Security firm CyberArk has released a new tool called SkyWrapper that can detect a certain class of intrusions and malicious activity inside AWS (Amazon Web Services) computing environments.

Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store

www.theregister.co.uk/2020/04/15/google_malicious_chrome/ Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges.

The Shadow IT threat

www.kaspersky.com/blog/shadow-it-as-a-threat/34938/ Using services and programs that IT doesnt know about causes problems. We explain how to avoid them.

Microsoft Office security updates may break VBA programs, how to fix

www.bleepingcomputer.com/news/microsoft/microsoft-office-security-updates-may-break-vba-programs-how-to-fix/ Microsoft says that some VBA programs might break after installing the security updates for the CVE-2020-0760 Microsoft Office remote code execution vulnerability released as part of the April 2020 Patch Tuesday.

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

krebsonsecurity.com/2020/04/covid-19-has-united-cybersecurity-experts-but-will-that-unity-survive-the-pandemic/ The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain.

Nemty ransomware operation shuts down

www.zdnet.com/article/nemty-ransomware-operation-shuts-down/ The operators of the Nemty ransomware have announced this week they were shutting down their service after ten months in operation, ZDNet has learned from a source in the infosec community.

Extend Your Incident Response Program to DevOps With Security Automation

securityintelligence.com/posts/extend-your-incident-response-program-to-devops-with-security-automation/ One of the biggest challenges facing security teams when it comes to incident response is complexity. The continual growth in volume and severity of cyberattacks has led to increased business process and technical complexity as different threat vectors have required security leaders to purchase point solutions with unique user interfaces, custom APIs and business logic.

No IOCs? No Problem! Getting a Start Hunting for Malicious Office Files


You might be interested in …

Daily NCSC-FI news followup 2021-03-09

Dangerous Malware Dropper Found in 9 Utility Apps on Googles Play Store blog.checkpoint.com/2021/03/09/dangerous-malware-dropper-found-in-9-utility-apps-on-googles-play-store/ Check Point Research (CPR) recently discovered a new dropper spreading via the Google Play store. The dropper, dubbed Clast82, has the ability to avoid detection by Google Play Protect, complete the evaluation period successfully, and change the payload dropped from a non-malicious […]

Read More

Daily NCSC-FI news followup 2019-10-14

Laajamittainen häiriö Nesteen IT-järjestelmissä www.neste.com/fi/tiedotteet-ja-uutiset/laajamittainen-hairio-nesteen-it-jarjestelmissa Nesteen IT-järjestelmissä on havaittu laajamittainen häiriö. Häiriö vaikuttaa Nesteen Suomen ja Baltian toimintoihin laajasti prosessi-, säiliö- ja terminaalialueella, ja aiheuttaa viivästyksiä tuotejakelussa. Häiriön syytä tutkitaan parhaillaan yhteistyössä palveluntarjoajien kanssa. Connecting the dots: Exposing the arsenal and methods of the Winnti Group www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ New ESET white paper released describing updates to […]

Read More

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.