Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener

isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs. I have included the URL to the IPDetails reported to ISC that shows similar activity from the same source IP address listed in this diary.

Pahamaineinen vakooja opastaa: Näin puhelin ei paljasta sijaintiasi

www.is.fi/digitoday/mobiili/art-2000006594867.html Yhdysvaltalainen tiedusteluelin National Security Agency (NSA) julkaisi ohjeet mobiilikäyttäjille oman sijaintinsa piilottamiseksi ulkopuolisilta. Asiasta kertoi Bleeping Computer. Vaikka NSA:n toiminta ympäri maailmaa on ollut paikoin kyseenalaista, sen ohjeet Yhdysvaltain puolustusministeriön työntekijöille (pdf) ovat oivaa luettavaa kaikille, jotka haluavat pitää sijaintinsa omana tietonaan. IS Digitoday teki näihin ohjeisiin joitakin tarkennuksia. Jos noudatat näitä ohjeita, varaudu siihen että useat tärkeät sijaintiin nojaavat sovellukset, kuten kartat, kuntomittarit tai sääennusteet, eivät välttämättä enää toimi. Read also:


Kyberharjoittelu paransi Kevan valmiuksia kohdata tosielämän uhkatilanteita

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoittelu-paransi-kevan-valmiuksia-kohdata-tosielaman-uhkatilanteita Onko organisaatiosi kiinnostunut kyberharjoittelun aloittamisesta, mutta ette vielä tiedä, mistä lähteä liikkeelle? Kyberturvallisuuskeskus on säännöllisesti mukana tukemassa organisaatioiden harjoittelua. Olemme pyytäneet muutamia harjoitelleita tahoja kirjoittamaan kokemuksistaan. Ensimmäisenä kyberharjoituksestaan kertoo Julkisen alan työeläkevakuuttaja Keva.

Älä anna päivitysprosessin lomailla suvena

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/ala-anna-paivitysprosessin-lomailla-suvena Kriittisten haavoittuvuuksien päivittäminen on tärkeää – myös kesäaikana. Ovathan prosessit kunnossa ja sijaisjärjestelyt mietittynä työntekijöiden lomaillessa? Päivityksiä tulee tasaiseen tahtiin myös lomakaudella ja haavoittuvuuksien hyväksikäyttöä tapahtuu nopealla syklillä haavojen julkaisemisen jälkeen. Älä siis jätä päivityskalenteriin loma-aikaa!

5G Just Got Weird – Industry group 3GPP takes 5G in new directions in latest set of standards

spectrum.ieee.org/tech-talk/telecom/standards/5g-release-16 Release 16 is where things are getting weird for 5G. While earlier releases focused on the core of 5G as a generation of cellular service, Release 16 lays the groundwork for new services that have never been addressed by cellular before. At least, not in such a rigorous, comprehensive way. One of the flashiest things in Release 16 is V2X, short for “Vehicle to Everything.” In other words, using 5G for cars to communicate with each other and everything else around them. Hanbyul Seo, an engineer at LG Electronics, says V2X technologies have previously been standardized in IEEE 802.11p and 3GPP LTE V2X, but that the intention in these cases was to enable basic safety services. Seo is one of the rapporteurs for 3GPP’s item on V2X, meaning he was responsible for reporting on the item’s progress to 3GPP. Release 16 also includes information on location services. In past generations of cellular, three cell towers were required to triangulate where a phone was by measuring the round-trip distance of a signal from each tower. But 5G networks will be able to use the round-trip time from a single tower to locate a device. That’s because massive MIMO and beamforming allow 5G towers to send precise signals directly to devices, and so the network can measure the direction and angle of a beam, along with its distance from the tower, to locate it. Then there’s private networks. When we think of cellular networks, we tend to think of wide networks that cover lots of ground so that you can always be sure you have a signal. But 5G incorporates millimeter waves, which are higher frequency radio waves (30 to 300 GHz) that don’t travel nearly as far as traditional cell signals. Millimeter waves means it will be possible to build a network just for an office building, factory, or stadium. At those scales, 5G could function essentially like Wi-Fi networks. Release 16 has introduced a lot of new areas for 5G service, but very few of these areas are finished. “The Release 17 scope was decided last December, ” says Tseng. “We’ve got a pretty good idea of what’s in there.” In general, that means building on a lot of the blocks established in Release 16. For example, Release 17 will include more mechanisms by which devicesnot just carscan sidelink.

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI

www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ The block was put in place at the end of July and is enforced via China’s Great Firewall. The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies. The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report.

You might be interested in …

Daily NCSC-FI news followup 2020-03-26

Coronavirus as a hook www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/ We tell how the coronavirus scare is being exploited by phishers to attack companies and install malware. E-mails imitating business correspondence with malicious attachments are nothing new. Weve been observing them in junk traffic for the last three years at least. The more precise the fake, the higher the likelihood […]

Read More

Daily NCSC-FI news followup 2020-02-23

U.S. Defense Agency That Secures Trumps Communications Confirms Data Breach www.forbes.com/sites/daveywinder/2020/02/21/us-defense-agency-that-secures-trumps-communications-confirms-data-breach/ The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach. Heres what is known so far. Governments of the world just ramped up spying on reporters www.cjr.org/first_person/ft-nations-surveillance-attacks.php Transparent Tribe: Four Years Later blog.yoroi.company/research/transparent-tribe-four-years-later/ Operation Transparent Tribe […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.