Daily NCSC-FI news followup 2020-07-20

Cybersecurity basics more important then ever in the new normal of remote work says Salesforce Chief Trust Officer

www.zdnet.com/article/cybersecurity-basics-more-important-then-ever-in-the-new-normal-of-remote-work-says-salesforce-chief-trust-officer/ Jim Alkove, Chief Trust Officer at Salesforce, talks security in the new normal of remote work, cybersecurity best practices, and how security jobs can be a way to increase diversity in IT.

BadPower attack corrupts fast chargers to melt or set your device on fire

www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire/ Attackers can alter the firmware of fast charger devices to deliver extra voltage and damage connected equipment. Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected (charging) systems, such as melt components, or even set devices on fire.. Read also:

www.forbes.com/sites/zakdoffman/2020/07/20/hackers-can-now-trick-usb-chargers-to-destroy-your-devicesthis-is-how-it-works/ and www.is.fi/digitoday/tietoturva/art-2000006576673.html

Ylen aamu tänään: Netti- ja puhelinhuijarit taas liikkeellä onko kaikkia yhteydenottoja syytä epäillä? Katso lähetys tästä

yle.fi/uutiset/3-11453755 Katso: areena.yle.fi/1-50337090?seek=4916

Twitter hackers busted 2FA to access accounts and then reset user passwords

www.theregister.com/2020/07/20/twitter_security_update_hackers_broke_2fa/ Perps tried to sell high-profile usernames after possibly perusing private data. Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam. The Saturday, July 18 update admits “the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”. You read that right: even 2FA failed.. Read also:

www.schneier.com/blog/archives/2020/07/on_the_twitter_.html

Lock down your data or get the cheque book out: ICO privacy violation fines are rising, say lawyers

www.theregister.com/2020/07/20/gdpr_fines_triple/ Violating Europe’s General Data Protection Regulation (GDPR) rules is a costly mistake that is only getting more expensive, according to lawyers totaling up fines from the UK’s Information Commissioner’s Office (ICO).

Cloudflare outage on July 17, 2020

blog.cloudflare.com/cloudflare-outage-on-july-17-2020/ A configuration error in our backbone network caused an outage for Internet properties and Cloudflare services that lasted 27 minutes. We saw traffic drop by about 50% across our network. Because of the architecture of our backbone this outage didn’t affect the entire Cloudflare network and was localized to certain geographies. The outage occurred because, while working on an unrelated issue with a segment of the backbone from Newark to Chicago, our network engineering team updated the configuration on a router in Atlanta to alleviate congestion. This configuration contained an error that caused all traffic across our backbone to be sent to Atlanta. This quickly overwhelmed the Atlanta router and caused Cloudflare network locations connected to the backbone to fail. The affected locations were San Jose, Dallas, Seattle, Los Angeles, Chicago, Washington, DC, Richmond, Newark, Atlanta, London, Amsterdam, Frankfurt, Paris, Stockholm, Moscow, St. Petersburg, São Paulo, Curitiba, and Porto Alegre. Other locations continued to operate normally.. Read also:

www.zdnet.com/article/why-the-internet-went-haywire-last-week/

Two more cyber-attacks hit Israel’s water system

www.zdnet.com/article/two-more-cyber-attacks-hit-israels-water-system/ First attack hit in April when hackers tried to modify water chlorine levels, officials said. Two more cyber-attacks have hit Israel’s water management facilities, officials from the Water Authority said last week. Officials said the attacks took place last month, in June, and didn’t cause any damage to the attacked organizations. The first attack hit agricultural water pumps in upper Galilee, while the second one hit water pumps in the central province of Mateh Yehuda, local media reported last week.

Paving the Path to Passwordless

threatpost.com/duo-paving-the-path-to-passwordless/157502/ Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.

Monday review the hot stories of the week

nakedsecurity.sophos.com/2020/07/20/monday-review-the-hot-stories-of-the-week-2/ Get yourself up to date with everything we’ve written in the last seven days it’s weekly roundup time.

Why Cyber Ranges Are Effective To Train Your Teams

securityintelligence.com/articles/cyber-range-training-effectiveness/ Cyber ranges may be one of the most effective ways to train IT professionals in defending against cyber attacks. The virtual environments deliver simulated real-world attacks that test multiple dimensions and stakeholders within diverse environments. Cybersecurity teams can use cyber ranges to practice defending against simulated threats in immersive training scenarios, essentially preparing and rehearsing for the “boom event” when a breach occurs.

Suomalainen sinappitehtailija oli haksahtaa sähköpostihuijaukseen liikevaihto luvattiin nelituhatkertaistaa

www.tivi.fi/uutiset/tv/abf7736c-7bc3-432c-ba2f-4cdb572c0ab7 Yhteensä 12 miljoonan euron tilaus olisi kasvattanut 3 000 euron liikevaihtoa viime tilikaudella harjoittaneen yrityksen mittakaavan kertaheitolla. Pekari Foodsin toimitusjohtaja ihmettelee, kuinka häntä kaupan edistämisessä auttaneet tahotkaan eivät epäilleet asiassa huijausta. Suomalainen elintarviketeollisuus oli kesäkuun lopulla saamassa kovan loikan Euroopan saarivaltioon, kun hyvinkääläinen elintarvikeyrittäjä Joonas Pekari sai sähköpostia maailmalta. “Lähettäkää meille ystävällisesti tuotekataloginne, lähettäkää meille tietoa toimitusajoistanne. Haluaisimme käyttää tuotteitanne myyntikampanjassa, joten käsitelkää tilaustamme kiireellisesti, jotta voimme aloittaa pitkäaikaisen yhteistyön”, teksti kuului. Muutos olisi ollut massiivinen. Sinappia ja erilaisia sinapilla maustettuja elintarvikkeita sukunsa reseptillä tekevä Pekarin Sinappi, vastikään vaihdetulta nimeltään Pekari Foods, teki vuonna 2018 vain 3 000 euron liikevaihdon. Yrityksen tuotteita myy pieni joukko Keskon ruokakauppoja. Tilauspyyntö ei ollut ensimmäinen laatuaan. Pekari kertoo alkaneensa saada yhteydenottoja eri maista sen jälkeen, kun oli muuttanut yrityksensä nimen englanninkieliseksi. Ulkomaankauppaa Pekari Foodsilla ei kuitenkaan aiemmin ollut, joten Sainsbury’s olisi ollut ensimmäinen myyntikanava maailmalla. Pekari kuvaa huijausta ammattitaitoiseksi. Hänen brittituttunsa innostuivat viestistä, minkä jälkeen hän jatkoi yhteydenpitoa. Pekari teki yrityksen pyynnöstä tuotekatalogit, mihin kului useampi työpäivä. Niiden vastaanottamisen jälkeen yritys lähetti heinäkuun alussa luottovakuutusta varten kuusi virallisen oloista liitetiedostoa taloustilanteesta, joita Pekari kertoo käyneensä läpi Finnveran ja pankkinsa kanssa. Lähettäjä uusi pian toiveensa seuraavalla sähköpostilla. “Yleensä vakuutusyhtiöt allokoivat meille rakenteemme takia ensin 150 000250 000 euron summan. Odotamme pyynnöllemme suotuista yhteistyötä”, hän kirjoitti. Pekari selvisi kohtaamastaan huijausyrityksestä vähin tappioin. Hän kertoo menettäneensä ainoastaan työaikaansa, jota kului yhteydenpitoon ja tilanteen selvittämiseen pankin ja Finnveran kanssa. Lisäksi aikaa kului katalogin tekemiseen sekä esimerkiksi alihankkijoiden kanssa yhteydessä olemiseen, jos tuotantoa olisi pitänyt kasvattaa eksponentiaalisesti. “Olo on aika pettynyt. Yritykseni kannalta tämä olisi ollut aivan loistava nousu markkinoille. Nythän olen tosin saanut linkin, että voin tarjota tuotteitani sinne”, Pekari kertoo. Hyvinkääläisyrittäjä näkee tilanteessa samaa kuin internetin hunaja-ansoissa, joissa rakkauskirjeillä narautetaan toinen osapuoli tekemään tilisiirtoja. Nyt syöttinä vain oli ison yrityksen nimi. “Kun tällaisen nimissä lähestytään, minullehan se totta kai oli kova juttu”. Ihmetystä Pekarissa herättää myös se, että huijaus meni hänen mukaansa täydestä myös suomalaisiin yrittäjiä auttaviin tahoihin. “Lähetin asiakirjat pankkiin, jossa ne on katsottu läpi. Totta kai oletin, että he huomaisivat jotain jossain kohtaa, jos niikseen tulisi”.

TURLA / VENOMOUS BEAR UPDATES ITS ARSENAL: “NEWPASS” APPEARS ON THE APT THREAT SCENE

www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/ Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass” as one of the parameters used to send exfiltrated data to the command and control.

Privacy By Design: Responding To The EU-US Privacy Shield Ruling

www.forbes.com/sites/samcurry/2020/07/20/privacy-by-design-responding-to-the-us-eu-privacy-shield-ruling/ Last week, the EU Court of Justice struck down the EU-US Privacy Shield agreement. This agreement was the mechanism under which US companies were able to process and use privacy-related data since a similar ruling in 2015 with respect to the old Safe Harbor mechanism. The implications are wide and far reaching, and companies of all sorts will scramble to demonstrate compliance with the Standard Contractual Clauses, or SCC, that can be used in contracts to ensure privacy-related data is treated right. This is especially difficult as many organizations have turned to Software-as-a-Service and the data centers behind them. The question has now become how do CIOs and CISOs exercise data autonomy and easily identify which vendors can make the journey soon enough to avoid fines versus which ones can’t. In other words, which ones operate on a privacy-by-design principle and which ones don’t.

Computer misuse crimes down 9% on last year in England and Wales, says Office of National Statistics

www.theregister.com/2020/07/20/computer_misuse_crime_survey_england_wales/ Computer misuse crimes across England and Wales have declined over the past year with credential theft attacks remaining more or less flat in the pre-COVID reporting period. The Crime Survey of England and Wales (CSEW) recorded a total of 876, 000 incidents of computer misuse affecting 743, 000 adults across the UK over the past year, a figure that was down by 9 per cent on 2019’s total of 966, 000 incidents.

Suomalaisyritys selvitti minuuteissa Obaman ja Elon Muskin Twitter-tileillä huijattujen rahojen liikkeet: “He ovat täysiä amatöörejä”

www.kauppalehti.fi/uutiset/suomalaisyritys-selvitti-minuuteissa-obaman-ja-elon-muskin-twitter-tileilla-huijattujen-rahojen-liikkeet-he-ovat-taysia-amatooreja/fcd9f7e1-fba4-4239-954b-e0643e0ffae0 Startupin selvitys on kiinnostanut myös yhdysvaltalaismediaa. Toimitusjohtaja korostaa lohkoketjuteknologian läpinäkyvyyttä perinteiseen pankkiliiketoimintaan verrattuna. Lue myös:

www.tivi.fi/uutiset/tv/8baa19be-20c0-4f80-9d37-495295f32901

Unique Threats to Operational Technology and Cyber Physical Systems

www.fireeye.com/blog/threat-research/2020/07/unique-threats-to-operational-technology-and-cyber-physical-systems.html In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.

Ransomware gang demands $7.5 million from Argentinian ISP

www.zdnet.com/article/ransomware-gang-demands-7-5-million-from-argentinian-isp/ A ransomware gang has infected the internal network of Telecom Argentina, one of the country’s largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files.

COVID-19 RECOVERY CISA TABLETOP EXERCISE PACKAGE (CTEP)

www.cisa.gov/covid-19-recovery-ctep CISA developed the COVID-19 Recovery CISA Tabletop Exercise Package (CTEP) to assist private sector stakeholders and critical infrastructure owners and operators in assessing short-term, intermediate, and long-term recovery and business continuity plans related to the COVID-19 pandemic. Approved by the . White House Task Force, and with input from the Federal interagency, this CTEP also provides organizations the opportunity to discuss how ongoing recovery efforts would be impacted by concurrent response operations to a potential second wave of global pandemic infections.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.