Daily NCSC-FI news followup 2020-06-01

Postin nimissä käynnissä kolme huijausta, yksi on erityisen häijy – numerostasi lähetetään viestejä

www.is.fi/digitoday/tietoturva/art-2000006523529.html Oikeissa Postin viesteissä ei pääsääntöisesti ole linkkejä. Jos seuraat linkkiä verkkosivulle, tarkista sen osoite osoiteriviltä. Väärien sivujen osoitteet eivät usein muistuta juuri lainkaan aitoa osoitetta. Suhtaudu varauksella kaikkiin viesteihin, joissa sinulta pyydetään maksua tai sinun halutaan kirjautuvan jonnekin pankkitunnuksillasi. Katso myös:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Cisco security breach hits corporate servers that ran unpatched software (Salt stack)

arstechnica.com/information-technology/2020/05/cisco-security-breach-hits-corporate-servers-that-ran-unpatched-software/ Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions of Salt management framework, the company disclosed on Thursday.

Joomla data breach leaks 2, 700 user records via exposed backups

www.bleepingcomputer.com/news/security/joomla-data-breach-leaks-2-700-user-records-via-exposed-backups/ A Joomla database leak has exposed the personal information, including hashed passwords, of 2, 700 individuals registered on the Joomla Resources Directory (JRD).

REvil ransomware gang publishes ‘Elexon staff’s passports’ after UK electrical middleman shrugs off attack

www.theregister.com/2020/06/01/elexon_ransomware_was_revil_sodinokibi/ It appears the company shrugged off the ransomware attack and simply rebuilt its IT infrastructure from backups, ignoring the criminals’ demands to pay them lots of money. As a response the stolen data was published on REvil’s Tor webpage as a cache of 1, 280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form.

Vulnerability Summary for the Week of May 25, 2020

www.us-cert.gov/ncas/bulletins/sb20-153 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

This Bot Hunts Software Bugs for the Pentagon

www.wired.com/story/bot-hunts-software-bugs-pentagon/ Mayhem emerged from a 2016 government-sponsored contest at a Las Vegas casino hotel. Now it’s used by the military. Other bugs found by Mayhem include one discovered earlier this year in the OpenWRT software used in millions of networking devices.

Office 365 to give detailed info on malicious email attachments

www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/ Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation. “We’re working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Office 365 ATP, ” the new feature’s Microsoft 365 roadmap entry reads.

Here are the new security features in Windows 10 2004

www.bleepingcomputer.com/news/microsoft/here-are-the-new-security-features-in-windows-10-2004/ Windows 10’s May 2020 Update is rolling out to seekers, and it comes with new security features that offer better malware protection, easier logins, and stronger encryption for your wireless connections.

You might be interested in …

Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. When coffee makers are demanding a ransom, you know IoT is screwed arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water. Threat […]

Read More

Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack […]

Read More

Daily NCSC-FI news followup 2020-09-16

Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään Katso, miten suomalaiset on jaoteltu yle.fi/uutiset/3-11544521 Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa. Pitkään kestävä syysmyrsky huolettaa sähköyhtiöitä “Valmiudessa on moninkertainen määrä työntekijöitä” yle.fi/uutiset/3-11547019 Keski-Pohjanmaalla toimivat sähköyhtiöt ovat nostaneet selvästi varautumistaan voimakkaan ja poikkeuksellisen pitkäkestoisen syysmyrskyn varalle. Yhä useampi on huolissaan lähipiiriinsä kohdistuvista […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.