Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to

arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do?

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have been patched already.

Work unleashed: How to work smoothly and securely, wherever you are

www.theregister.co.uk/2020/05/27/work_smoothly_and_securely/ The COVID-19 coronavirus pandemic has propelled the trend for flexible and remote working into the stratosphere. Millions of people worldwide are cocooned at home and bent over all manner of devices and apps as they carry on working. But remote working on a giant scale also means the threat attack surface just got much, much bigger. Whatever their business and wherever they are located, people all need to store, access and share files and data in the same way as they would in their company offices. This presents security, governance and compliance headaches and more work for the IT department.

1 Gt/s yhteys kotiin Suomessa käynnistyy jopa 300 miljoonan euron valokuituhanke

www.tivi.fi/uutiset/tv/f5c4c7f2-fb6d-4912-b6ea-db2f6039bdf9 Massiivisen valokuituhankkeen myötä jopa 200 000 uutta kotitaloutta saattaa päästä kiinni nopeisiin verkkoyhteyksiin. Valokuitunen on tuomassa kuitua esikaupunkialueille valtakunnallisesti. Tänä vuonna Valokuitunen rakentaa uutta verkkoa Turun seudulla, Uudellamaalla ja pääkaupunkiseudulla. Lisäksi yhtiö kartoittaa parhaillaan kotitalouksien kiinnostusta valokuituyhteyden tilaamiseen Lounais- ja Varsinais-Suomessa, Pirkanmaalla sekä Uudellamaalla. Projektit etenevät siten, että Valokuitunen rakentaa alueverkkoja, jotka liitetään valtakunnalliseen runkoverkkoon. Verkkoja rakennetaan kysynnän mukaan eli alueille, missä kotitaloudet ovat ilmoittaneet Valokuitusen nettisivuilla olevansa kiinnostuneita valokuidusta. Hankkeen satojen miljoonien rahapotti tulee paaomasijoittajien kautta. Mutka painottaa, että Valokuitunen toimii markkinaehtoisesti. Yritystä kiinnostaa siis tiiviisti asutut taajamat, ei niinkään harvaan asutettu maaseutu, jossa pienemmät toimijat ovat jo tehneet valokuituhankkeita pääosin valtion tukirahalla. Valokuitunen ilmoitti maanantaina ostaneensa Valkeakosken Energian sähköverkon rakennustöiden yhteydessä Valkeakoskelle rakentaman valokuituverkon. Vaikka Valokuitunen rakentaa valokuituverkkonsa itse, on yritys kiinnostunut myös jo olemassa olevista verkoista. Jo tätä ennen Telian Avoin Kuitu -liiketoiminta ja -verkot ovat siirtyneet osaksi Valokuitusta. Kyseiseen verkkoon kuuluu 20 000 kotitaloutta Helsingissä, Turussa ja Tampereen seudulla.

Huutokaupassa myydään taajuudet kolmelle teleoperaattorille

www.is.fi/digitoday/mobiili/art-2000006520491.html Suomen 5g-verkon ylätaajuuksien eli niin sanotun 26 gigahertsin taajuusalueen huutokauppa alkaa vajaan kahden viikon kuluttua maanantaina 8.6.

26 million LiveJournal credentials leaked online, sold on the dark web

www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/ LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month.

Frankenstein’s phishing using Google Cloud Storage

isc.sans.edu/diary/rss/26174 Phishing e-mail messages and/or web pages are often unusual in one way or another from the technical standpoint some are surprisingly sophisticated, while others are incredibly simple, and sometimes they are a very strange mix of the two. The latter was the case with an e-mail, which our company e-mail gateway caught last week some aspects of it appeared to be professionally done, but others screamed that the author was a “beginner” at best.

Crooks threaten to leak customer data stolen from ecommerce sites

www.welivesecurity.com/2020/05/26/hackers-steal-customer-data-demand-ransom-retailers/ A hack-and-extort campaign takes aim at poorly secured databases replete with customer information that can be exploited for further attacks. A number of e-commerce websites from multiple continents have had their customer databases stolen as an unknown seller is offering at least 1.62 million rows of personal records for sale on a public website. The online stores based in Germany, the United States, Brazil, Italy, India, Spain, and Belarus have also received ransom notes, with the cybercriminals threatening to release the data if the retailers don’t pay up within 10 days.

Cyber security and space security

www.thespacereview.com/article/3950/1 What are the challenges at the junction of cybersecurity and space security?

CybExer Technologies and e-Governance Academy supported the e-Government Agency of Moldova with online cyber hygiene e-learning to increase cyber awareness of Moldovan public officials

ega.ee/news/online-cyber-hygiene-e-learning-for-the-e-government-centre-of-moldova/ Read also: cybexer.com/cyber-hygiene-e-learning-course/. Ilmainen verkkokurssi löytyy myös suomeksi:

mycyberhygiene.com/fi/

Viranomainen yllättyi: Suomeen tulleet helpdesk-huijauspuhelut loppuivat yhtäkkiä jäljet johtivat Intian suljettuihin puhelinkeskuksiin

yle.fi/uutiset/3-11370619 Huijaussoittojen ympärille on muodostunut Intiassa kokonaisia puhelinkeskuksia. Koronan vuoksi nekin ovat nyt kiinni.

Shadowserver, an Internet Guardian, Finds a Lifeline

www.wired.com/story/shadowserver-funding-trend-micro-internet-society/ Ten weeks ago, Shadowserver’s main source of funding dried up. Now, it’s back on level footing.

Google Chrome Is Getting a Bunch of New Privacy Features

www.wired.com/story/google-chrome-is-getting-a-bunch-of-new-privacy-features/ The next version of the browser will be more secure than ever. Here’s what you need to know.

Ransomware’s big jump: ransoms grew 14 times in one year

www.bleepingcomputer.com/news/security/ransomwares-big-jump-ransoms-grew-14-times-in-one-year/ Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year. There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world. Since the infamous GandCrab group called it quits in mid-2019, the ransomware landscape changed drastically. The RaaS model they introduced is now the norm, paving the way for professional attackers with a clear strategy to make money.

$100 million in bounties paid by HackerOne to ethical hackers

www.bleepingcomputer.com/news/security/100-million-in-bounties-paid-by-hackerone-to-ethical-hackers/ Bug bounty platform HackerOne announced today that it has paid out $100, 000, 000 in rewards to white-hat hackers around the world as of May 26, 2020. Since it started delivering vulnerability reports to its customers, HackerOne bug bounty hunters have found roughly 170, 000 security vulnerabilities according to the company’s CEO Mårten Mickos. Over 700, 000 ethical hackers are no using the bug bounty platform to get paid for security bugs in the products of more than 1, 900 HackerOne customers.

Germany govt urges iOS users to patch critical Mail app flaws

www.bleepingcomputer.com/news/security/germany-govt-urges-ios-users-to-patch-critical-mail-app-flaws/ Germany’s federal cybersecurity agency today urged iOS users to immediately install the iOS and iPadOS security updates released by Apple on May 20 to patch two actively exploited zero-click security vulnerabilities impacting the default email app. “Due to the criticality of the vulnerabilities, the BSI recommends that the respective security update be installed on all affected systems immediately, ” the BSI (Bundesamt fr Sicherheit in der Informationstechnik) said. Cybersecurity startup ZecOps disclosed the bugs (zero-days at the time of the disclosure) after discovering ongoing attacks that targeted iOS users since at least January 2018.

Austrian city falls victim to Ransomware attack

www.pandasecurity.com/mediacenter/news/austria-city-ransomware-netwalker/ The ransomware group NetWalker has published extracts of data stolen from the network of the Austrian city of Weiz. Among the published extracts are, among other things, building applications and building inspections. The group has infected the municipality with Ransomware. The small town of Weiz is considered to be the economic centre of the Oststeiermark region and is only a few kilometres away from the city of Graz. Several large companies such as the automotive supplier Magna and the construction companies Strobl Construction and LIEB-Bau-Weiz have production sites in Weiz.

Coalition Against Stalkerware bulks up global membership

blog.malwarebytes.com/stalkerware/2020/05/coalition-against-stalkerware-bulks-up-global-membership/ Today, the Coalition Against Stalkerware brought aboard 11 new organizations to address the potentially dangerous capabilities of stalkerware, an invasive, digital threat that can rob individuals of their expectation of, and right to, privacy. These types of apps can provide domestic abusers with a new avenue of control over their survivors’ lives, granting wrongful, unfettered access to text messages, phone calls, emails, GPS location data, and online browsing behavior.

Taking a second look at Two Factor Authentication

blog.checkpoint.com/2020/05/27/why-two-factor-authentication-2fa-on-mobile-is-not-secure-enough/ We have recently heard about a new variant of TrickBot, a banking trojan that targets sensitive information and acts as a dropper for other malware. These campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment. This past March, researchers of IBM discovered that the operators of TrickBot had developed a malicious app called TrickMo, which intercepts the OTP codes that banks send to customers for authentication, without knowledge of the user.

Tietoverkot ja -palvelut koronan aikaan

www.varmuudenvuoksi.fi/aihe/kyber/454/tietoverkot_ja_-palvelut_koronan_aikaan ICT-ala on tänä keväänä kokenut jyrkän ja valtavan murroksen ihmisten siirryttyä etätyötä tukevien työkalujen ja verkkopalvelujen käyttöön. Suomessa muutos tapahtui lähes päivässä. Siitä huolimatta verkot pysyivät pystyssä ja palvelut enimmäkseen toimivat. “Se, että ihmisten yhtäkkinen siirtyminen etätyöhön onnistui niin hyvin, on perustunut aikaisemmin tehtyyn mittavaan varautumistyöhön. Onnistuminen ei ole ollut sattumaa”, Jarna Hartikainen Huoltovarmuuskeskuksesta muistuttaa.

Etätyöt jatkuvat hyödynnä 7 poikkeusolojen oppia digitaaliseen turvallisuuteen

teknologiateollisuus.fi/fi/ajankohtaista/artikkeli/etatyot-jatkuvat-hyodynna-7-poikkeusolojen-oppia-digitaaliseen Asiantuntijoiden tekemän tilannekuvan mukaan koronapandemia vaikuttaa muun muassa ohjelmisto- ja tietoturvapäivityksiin. Hyödynnä nämä seitsemän poikkeusolojen oppia digitaalisesta turvallisuudesta, jos jatkat etätöitä.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.