Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-08-20

Emotet palasi kesälomalta ja on jälleen aktiivinen Miten pienennät riskiä ympäristössäsi?

blog.f-secure.com/fi/emotet-palasi-kesalomalta-ja-on-jalleen-aktiivinen-miten-pienennat-riskia-ymparistossasi/ Emotet-haittaohjelma on jälleen aktivoitunut rauhallisemman kevään ja kesän jälkeen. Vuodesta 2014 toiminut troijalainen on ollut vaihtelevasti tauolla, mutta jälleen on havaittavissa poikkeuksellisen voimakasta toimintaa.. Kyberturvallisuuskeskus varoitti 18.8.2020 organisaatioita haittaohjelman poikkeuksellisen aktiivisesta leviämisestä suomalaisten organisaatioiden keskuudessa ja uhka on luokiteltu tällä hetkellä vakavaksi

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

thehackernews.com/2020/08/windows-update-download.html Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.

Google-sähköpostin ongelmat pääosin korjattu

yle.fi/uutiset/3-11503340 Tietotekniikkayhtiö Googlen Gmail-sähköpostissa on ollut toimintahäiriöitä tämän aamupäivän aikana.

Google fixes major Gmail bug seven hours after exploit details go public

www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/ Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.. see also

ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/

Taas uusi Microsoft-huijaus: Helsinkiläismieheltä vietiin 100 000 euroa

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/taas_uusi_microsoft-huijaus_helsinkilaismiehelta_vietiin_100_000_euroa_92746 Helsinkiläisen miehen pankkitililtä vietiin satatuhatta euroa niin sanotun Microsoftin tekninen tuki -huijauksen avulla. Miehelle oli soitettu ja väitetty, että soittaja oli Microsoftilta ja että miehen tietokone olisi joutunut hakkeroinnin kohteeksi. Miestä pyydettiin asentamaan etäyhteyden mahdollistava ohjelma TeamViewer, antamaan nettipankkitunnukset sekä näyttämään ajokorttinsa.

Transparent Tribe: Evolution analysis, part 1

securelist.com/transparent-tribe-part-1/98127/ Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group.

IBM AI-Powered Data Management Software Subject to Simple Exploit

threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/ A low-privileged process on a vulnerable machine could allow data harvesting and DoS.

Analyzing the Threat of Ransomware Attacks Against US Elections

www.recordedfuture.com/us-elections-ransomware-threats/ The threat of a ransomware attack against elections in the United States has been a growing concern within the government and the private sector. We already know that threat actors managed to infiltrate the networks of election offices in multiple states, and according to a Senate Intelligence Report, those same adversaries were targeting all 50 states.. see full report

go.recordedfuture.com/hubfs/reports/cta-2020-0820.pdf

Thanks for the memories… now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks ‘5% of stolen files’

www.theregister.com/2020/08/20/maze_crew_sk_hynix/ The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole.

Experian South Africa discloses data breach impacting 24 million customers

www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers/ Experian said the attacker was identified and its data deleted from the fraudster’s devices.

Office 365 Mail Forwarding Rules (and other Mail Rules too)

isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/

Facebook tightens screws on QAnon and US militia groups

www.zdnet.com/article/facebook-tightens-screws-on-qanon-and-us-militia-groups/ Social network says it has booted 790 QAnon groups and 980 groups related to US militias, which Facebook said includes some antifa.

The impact of COVID-19 on healthcare cybersecurity

blog.malwarebytes.com/vital-infrastructure/2020/08/the-impact-of-covid-19-on-healthcare-cybersecurity/ As if stress levels in the healthcare industry werent high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt circling the drain before, COVID-19 sent it into a tailspin.

Abnormals Q2 BEC Report Uncovers Ongoing, Accelerated Trends in Pandemic-related Email Security Attacks

abnormalsecurity.com/blog/abnormals-q2-bec-report-uncovers-ongoing-accelerated-trends-in-pandemic-related-email-security-attacks/

20 percent of organizations experienced breach due to remote worker, Labs report reveals

blog.malwarebytes.com/reports/2020/08/20-percent-of-organizations-experienced-breach-due-to-remote-worker-labs-report-reveals/

How Unsecure gRPC Implementations Can Compromise APIs, Applications

blog.trendmicro.com/trendlabs-security-intelligence/unsecure-grpc-implementations-compromise-apis-applications/

Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

www.zdnet.com/article/bug-bounty-platform-zdi-awarded-25m-to-researchers-over-the-past-15-years/ Bug bounty platform pioneer Zero-Day Initiative (ZDI) is celebrating its 15-year-old birthday this year.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.