Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa

www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also


World’s largest cruise line operator discloses ransomware attack

www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack on Saturday, August 15, and that hackers stole some of its data.

EmoCrash Exploit Stoppered Emotet For 6 Months

threatpost.com/emocrash-exploit-emotet-6-months/158414/ A researcher developed a killswitch exploiting a buffer overflow in Emotet preventing the malware from infecting systems for six months.

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

thehackernews.com/2020/08/jenkins-server-vulnerability.html Jenkinsa popular open-source automation server softwarepublished an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.

IcedID Trojan Rebooted with New Evasive Tactics

threatpost.com/icedid-trojan-rebooted-evasive-tactics/158425/ Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection.

US Army report says many North Korean hackers operate from abroad

www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/ US Army says many North Korean hackers are actually located outside the hermit kingdom, in countries like Belarus, China, India, Malaysia, and Russia.

COVID-19 Pandemic Persists While Extortion Ransomware Operators Run Rampant

www.recordedfuture.com/pandemic-ransomware-operators/ Two major trends in malware development and deployment dominated headlines throughout the first half of 2020: COVID-19 and extortion ransomware. 2020 has been a challenging year, and the cyber threat landscape was no exception.

Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs

www.zdnet.com/article/ukraine-arrests-gang-who-ran-20-crypto-exchanges-and-laundered-money-for-ransomware-gangs/ Gang is believed to have laundered more than $42 million in criminal proceeds.

Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers

www.theregister.com/2020/08/17/albion_college_coronavirus_tracking_app/ Albion College has a plan for students to return safely to campus this fall amid the COVID-19 coronavirus pandemic. It involves being tracked by an app that, at least until a few days ago, appears to have been insecure.

Large Orgs Plagued with Bugs, Face Giant Patch Backlogs

threatpost.com/large-orgs-plagued-bugs-patch-backlogs/158433/ Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs with every scan.

How cybercriminals victimize WoW players

www.kaspersky.com/blog/wow-phishing/36752/ How attackers hunt for Battle.net accounts in World of Warcraft, aiming to get valuable content.

Tämä tietoturvatiimien sokea piste kasvaa koronan myötä

www.tivi.fi/uutiset/tv/94f4b44d-231e-4182-94bf-96d676d83a4f Yrityksillä ei ole keinoja sanella sitä, millaisia iot-laitteita etätyötä tekevät kotiverkoissaan käyttävät. It-osastoilla on aika vähän vaihtoehtoja suojata firmojen tärkeää dataomaisuutta.

You might be interested in …

Daily NCSC-FI news followup 2020-04-04

Zoomed In: A Look into a Coinminer Bundled with Zoom Installer blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zooms official download center, and are assumed […]

Read More

Daily NCSC-FI news followup 2019-12-04

Iran Targets Mideast Oil with ZeroCleare Wiper Malware threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/ Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.. see also securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/. full whitepaper www.ibm.com/downloads/cas/OAJ4VZNJ Uutta valtionhallinnossa: Traficom organisoituu osaamisalueiksi ja vaikuttavuusverkostoiksi www.traficom.fi/fi/ajankohtaista/uutta-valtionhallinnossa-traficom-organisoituu-osaamisalueiksi-ja Liikenne- ja viestintävirasto Traficomin organisaatio uudistuu 1.1.2020 alkaen neljäksi osaamisalueeksi ja kahdeksi vaikuttavuusverkostoksi. Tavoitteena on mahdollistaa viraston […]

Read More

Daily NCSC-FI news followup 2020-11-02

Oracle Releases Out-of-Band Security Alert us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert Oracle has released an out-of-band security alert to address a remote code execution vulnerabilityCVE-2020-14750in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. Read also: www.oracle.com/security-alerts/alert-cve-2020-14750.html Poliisille ilmoitettujen tietomurtojen määrä on liki tuplaantunut parissa vuodessa rikosten todellinen määrä on vielä suurempi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.