Daily NCSC-FI news followup 2020-05-03

Koronavirustartuntoja jäljittävän sovelluksen testaaminen alkaa Suomessa samalla yhteiseurooppalaisen ratkaisun löytäminen näyttää yhä vaikeammalta

yle.fi/uutiset/3-11332842 Koronavirustartuntojen jäljittävän puhelinsovelluksen testaaminen käynnistyy tässä kuussa Suomessa. Vaasan keskussairaalassa toteutettavassa pilottihankkeessa selvitetään, miten hyvin puhelimien Bluetooth-teknologia selviää lähikontaktien kartoituksesta. Sosiaali- ja terveysministeriö on arvioinut, että altistumisia jäljittävä sovellus voisi olla käytettävissä kesäkuussa.

Levittääkö 5G-säteily koronavirusta ja onko se uhka lasten terveydelle? näin STUK vastaa 9 somesta löytyvään väitteeseen 5G:n vaaroista

yle.fi/uutiset/3-11316936 Pelko mobiiliyhteyksiä varten rakennettavaa 5G-verkkoa kohtaan on muuttunut toiminnaksi eri puolilla maailmaa. Esimerkiksi Isossa-Britanniassa, Hollannissa ja Ruotsissa on poltettu useita 5G-tukiasemia osittain siksi, että niiden uskotaan edesauttavan koronaviruksen leviämistä. Vastuu mobiiliverkkojen turvallisuudesta on teleoperaattoreilla. Turvallisuusasioita valvova viranomainen on Suomessa Säteilyturvakeskus. Keräsimme verkosta 5G-verkkoon ja teknologiaan liittyviä väitteitä ja pyysimme niihin vastaukset STUK:n Ionisoimattoman säteilyn valvontayksikön laboratorionjohtaja Pasi Orreveteläiseltä.

Home affairs data breach may have exposed personal details of 700, 000 migrants

www.theguardian.com/technology/2020/may/03/home-affairs-data-breach-may-have-exposed-personal-details-of-700000-migrants Privacy experts have blasted the home affairs department for a data breach revealing the personal details of 774, 000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications.

Malware analysis: nspps, a Go RAT/Backdoor

ironnet.com/blog/malware-analysis-nspps-a-go-rat-backdoor/ Recent compromises of specific Citrix products via the CVE-2019-19781 vulnerability have been brought to light recently by the public exposure of several of the associated malicious software components involved in those events. A trusted partner provided IronNet Threat Research with a copy of one of those components in isolation, a binary that appears to be a userspace remote access tool (RAT) or backdoor written in Go (a.k.a. “golang”), and built for use upon FreeBSD targets. It is a fully featured utility, and would be a suitable first stage for deployment via the exploitation scenario, though we weren’t afforded endpoint details from the intrusion that might confirm that.

Hackers breach LineageOS servers via unpatched vulnerability

www.zdnet.com/article/hackers-breach-lineageos-servers-via-unpatched-vulnerability/#ftag=RSSbaffb68 Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes. The intrusion took place last night, on Saturday, at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a statement published less than three hours after the incident. LineageOS developers said the hack took place after the attacker used an unpatched vulnerability to breach its Salt installation.

Ghost blogging platform suffers security breach

www.grahamcluley.com/ghost-blogging-platform-suffers-security-breach/ The open-source blogging platform Ghost has suffered a serious security scare, no doubt sending shivers down the spines of some of its users. In a later update on the security breach, Ghost said that its investigations had determined that attackers had exploited a critical vulnerability in Salt, the open-source software used by data centers and cloud servers, in an attempt to mine cryptocurrency on its servers. also: status.ghost.org/incidents/tpn078sqk973

Canadians have lost more than $1.2 million to COVID-19 scams

www.cbc.ca/news/politics/covid-scams-fraud-crime-1.5551294 Jeff Thomson of the Canadian Anti-Fraud Centre said the centre has received 739 reports since March 6 of attempts to defraud Canadians with scams related to the pandemic. He said 178 of those attempts succeeded. The centre is also seeing attempts to use the pandemic as cover to infect computers with malware.

Love Bug’s creator tracked down to repair shop in Manila

www.bbc.com/news/technology-52458765 The man behind the world’s first major computer virus outbreak has admitted his guilt, 20 years after his software infected millions of machines worldwide.

You might be interested in …

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Daily NCSC-FI news followup 2019-06-17

Bloomberg: Argentina Isnt Ruling Out a Cyberattack in Major Power Outage www.bloomberg.com/news/articles/2019-06-16/massive-power-failure-sweeps-across-argentina-and-uruguay Though a cyberattack isnt the primary hypothesis, it cant be ruled out, Argentine Energy Secretary Gustavo Lopetegui told reporters in Buenos Aires. A technical issue or simple humidity could have triggered the breakdown, said Carlos Garcia Pereira, head of Transener, Argentinas largest power-transmission […]

Read More

Daily NCSC-FI news followup 2019-09-27

Some Voting Machines Still Have Decade-Old Vulnerabilities www.wired.com/story/voting-village-results-hacking-decade-old-bugs/ The results of the 2019 Defcon Voting Village are inand they paint an ugly picture for voting machine security.. In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.