Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’

www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers.

French CERT (ANSSI) releases Active Directory Security Assessment Checklist

www.cert.ssi.gouv.fr/uploads/guide-ad.html

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information.

Zoom says free users won’t get end-to-end encryption so FBI and police can access calls

www.theverge.com/2020/6/3/21279355/zoom-end-encryption-calls-fbi-police-free-users

Anti-racism sites hit by wave of cyber-attacks

www.bbc.com/news/technology-52912881 Cloudflare, which blocks attacks designed to knock websites offline, says advocacy groups in general saw attacks increase 1, 120-fold. That equates to an extra 110, 000 blocked requests every second, it said. The problem was particularly acute for certain types of organisations. One single website belonging to an unnamed advocacy group dealt with 20, 000 requests a second.

Email from HaveIBeenPwned wipes helpdesk tickets

www.itnews.com.au/news/email-from-haveibeenpwned-wipes-helpdesk-tickets-548916 A software development house got more than it bargained for after an alert email from the HaveIBeenPwned (HIBP) data breach monitoring site wiped all its helpdesk support tickets.

Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known […]

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Daily NCSC-FI news followup 2020-10-29

Why the extortion of Vastaamo matters far beyond Finland and how cyber pros are responding www.cyberscoop.com/finland-vastaamo-hack-response/ Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual and disturbing. Kyberturvallisuusprofessori vaatii kansallista selvitysryhmää penkomaan Vastaamon vuotoa www.tivi.fi/uutiset/tv/cd1d113a-f573-406a-9aa5-ad59bb17c117 Psykoterapiakeskuksen tietomurto ja kansalaisten laaja kiristys ovat kansallinen kriisitilanne, katsoo kyberturvallisuuden […]