Daily NCSC-FI news followup 2020-06-11

Hackers breached A1 Telekom, Austria’s largest ISP

www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/ A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.

Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

threatpost.com/snake-ransomware-honda-energy/156462/ The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.

Gamaredon hackers use Outlook macros to spread malware to contacts

www.bleepingcomputer.com/news/security/gamaredon-hackers-use-outlook-macros-to-spread-malware-to-contacts/ New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts.. see also

www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/

Suomelle kakkossija digitaalisuuden hyödyntämisessä kyberturvallisuudessa ollaan jäämässä naapureista jälkeen

www.kauppalehti.fi/uutiset/suomelle-kakkossija-digitaalisuuden-hyodyntamisessa-kyberturvallisuudessa-ollaan-jaamassa-naapureista-jalkeen/50ae895f-db0a-48f0-be21-9b4e934d0388 Suomi on vertailussa seitsemättä vuotta kolmen kärjessä.

Fake Black Lives Matter voting campaign spreads Trickbot malware

www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/ A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.

VR:n lippukauppa esitti vaarallisen kehotuksen eihän näin pitänyt enää tapahtua?

www.is.fi/digitoday/tietoturva/art-2000006536510.html VR:n vanha lippukauppa pyysi asentamaan vaaralliseksi tunnetun Flash-ohjelmiston. VR kehottaa käyttämään uutta verkkokauppaansa.

IBM Cloud global outage caused by “incorrect” BGP routing

www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/ On June 9th, 2020, IBM Cloud data centers suffered a global outage that caused connectivity issues for many of the web sites and platforms utilizing the service, including BleepingComputer.

Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/ Industrial control networks are coming under attack from a range of ransomware attacks, security researchers have warned, after an experiment revealed the speed at which hackers are uncovering vulnerabilities in critical infrastructure.

Search hijackers change Chrome policy to remote administration

blog.malwarebytes.com/threat-spotlight/2020/06/search-hijackers-change-chrome-policy-to-remote-administration/ The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it cant be removed because the browser is managed from the outside.

Expiring SSL certs expected to break smart TVs, fridges, and IoTs

www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/ On May 30th, select Roku streaming channels stopped working, leaving impacted customers clueless with no idea what was wrong.. The same day payment platforms Stripe and Spreedly experienced disruptions and blamed it on expiring Certificate Authority (CA) root certificates.. We always knew SSL certificates came with an expiration date, but we didn’t plan for the fact it’d be happening this year!

Protecting IoT devices and OT Networks from a Cyber Pandemic

blog.checkpoint.com/2020/06/11/protecting-iot-devices-and-ot-networks-from-a-cyber-pandemic/

Researchers say online voting tech used in 5 states is fatally flawed

arstechnica.com/tech-policy/2020/06/researchers-say-online-voting-tech-used-in-5-states-is-fatally-flawed/ Elections in five states have used or plan to use OmniBallot’s online voting tech.

You might be interested in …

Daily NCSC-FI news followup 2019-11-06

BlueKeep RDP Attacks are Starting Patch CVE-2019-0708 Now www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html Microsoft patched a critical Remote Desktop Services Remote Code Execution Vulnerability this past May, 2019. Identified as CVE-2019-0708, and also known as BlueKeep, this remote code execution vulnerability can be exploited when an unauthenticated attacker connects to a target system using RDP and then sends specially […]

Read More

Daily NCSC-FI news followup 2019-11-22

Yli 200 kuntaa ja julkista organisaatiota harjoittelee toimintaa kyberhyökkäystilanteessa yle.fi/uutiset/3-11081256 Väestörekisterikeskuksen Taisto19-harjoituksessa hakkeriryhmä vaatii organisaatiolta lunnaita ja toteuttaa kyberhyökkäyssarjan. Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison thehackernews.com/2019/11/lisov-neverquest-russian-hacker.html A Russian hacker who created and used Neverquest banking malware to steal money from victims’ bank accounts has finally been sentenced to 4 […]

Read More

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.