Daily NCSC-FI news followup 2020-05-03

Koronavirustartuntoja jäljittävän sovelluksen testaaminen alkaa Suomessa samalla yhteiseurooppalaisen ratkaisun löytäminen näyttää yhä vaikeammalta

yle.fi/uutiset/3-11332842 Koronavirustartuntojen jäljittävän puhelinsovelluksen testaaminen käynnistyy tässä kuussa Suomessa. Vaasan keskussairaalassa toteutettavassa pilottihankkeessa selvitetään, miten hyvin puhelimien Bluetooth-teknologia selviää lähikontaktien kartoituksesta. Sosiaali- ja terveysministeriö on arvioinut, että altistumisia jäljittävä sovellus voisi olla käytettävissä kesäkuussa.

Levittääkö 5G-säteily koronavirusta ja onko se uhka lasten terveydelle? näin STUK vastaa 9 somesta löytyvään väitteeseen 5G:n vaaroista

yle.fi/uutiset/3-11316936 Pelko mobiiliyhteyksiä varten rakennettavaa 5G-verkkoa kohtaan on muuttunut toiminnaksi eri puolilla maailmaa. Esimerkiksi Isossa-Britanniassa, Hollannissa ja Ruotsissa on poltettu useita 5G-tukiasemia osittain siksi, että niiden uskotaan edesauttavan koronaviruksen leviämistä. Vastuu mobiiliverkkojen turvallisuudesta on teleoperaattoreilla. Turvallisuusasioita valvova viranomainen on Suomessa Säteilyturvakeskus. Keräsimme verkosta 5G-verkkoon ja teknologiaan liittyviä väitteitä ja pyysimme niihin vastaukset STUK:n Ionisoimattoman säteilyn valvontayksikön laboratorionjohtaja Pasi Orreveteläiseltä.

Home affairs data breach may have exposed personal details of 700, 000 migrants

www.theguardian.com/technology/2020/may/03/home-affairs-data-breach-may-have-exposed-personal-details-of-700000-migrants Privacy experts have blasted the home affairs department for a data breach revealing the personal details of 774, 000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications.

Malware analysis: nspps, a Go RAT/Backdoor

ironnet.com/blog/malware-analysis-nspps-a-go-rat-backdoor/ Recent compromises of specific Citrix products via the CVE-2019-19781 vulnerability have been brought to light recently by the public exposure of several of the associated malicious software components involved in those events. A trusted partner provided IronNet Threat Research with a copy of one of those components in isolation, a binary that appears to be a userspace remote access tool (RAT) or backdoor written in Go (a.k.a. “golang”), and built for use upon FreeBSD targets. It is a fully featured utility, and would be a suitable first stage for deployment via the exploitation scenario, though we weren’t afforded endpoint details from the intrusion that might confirm that.

Hackers breach LineageOS servers via unpatched vulnerability

www.zdnet.com/article/hackers-breach-lineageos-servers-via-unpatched-vulnerability/#ftag=RSSbaffb68 Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes. The intrusion took place last night, on Saturday, at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a statement published less than three hours after the incident. LineageOS developers said the hack took place after the attacker used an unpatched vulnerability to breach its Salt installation.

Ghost blogging platform suffers security breach

www.grahamcluley.com/ghost-blogging-platform-suffers-security-breach/ The open-source blogging platform Ghost has suffered a serious security scare, no doubt sending shivers down the spines of some of its users. In a later update on the security breach, Ghost said that its investigations had determined that attackers had exploited a critical vulnerability in Salt, the open-source software used by data centers and cloud servers, in an attempt to mine cryptocurrency on its servers. also: status.ghost.org/incidents/tpn078sqk973

Canadians have lost more than $1.2 million to COVID-19 scams

www.cbc.ca/news/politics/covid-scams-fraud-crime-1.5551294 Jeff Thomson of the Canadian Anti-Fraud Centre said the centre has received 739 reports since March 6 of attempts to defraud Canadians with scams related to the pandemic. He said 178 of those attempts succeeded. The centre is also seeing attempts to use the pandemic as cover to infect computers with malware.

Love Bug’s creator tracked down to repair shop in Manila

www.bbc.com/news/technology-52458765 The man behind the world’s first major computer virus outbreak has admitted his guilt, 20 years after his software infected millions of machines worldwide.

You might be interested in …

Daily NCSC-FI news followup 2021-08-19

Health authorities in 40 countries targeted by COVID19 vaccine scammers www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/ INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries. Does Abandoning […]

Read More

Daily NCSC-FI news followup 2020-04-10

Large email extortion campaign underway, DON’T PANIC! www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends. Ransomware scumbags leak Boeing, Lockheed […]

Read More

Daily NCSC-FI news followup 2021-04-10

FBI arrests man for plan to kill 70% of Internet in AWS bomb attack www.bleepingcomputer.com/news/security/fbi-arrests-man-for-plan-to-kill-70-percent-of-internet-in-aws-bomb-attack/ The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. No password […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.