Daily NCSC-FI news followup 2020-08-20

Emotet palasi kesälomalta ja on jälleen aktiivinen Miten pienennät riskiä ympäristössäsi?

blog.f-secure.com/fi/emotet-palasi-kesalomalta-ja-on-jalleen-aktiivinen-miten-pienennat-riskia-ymparistossasi/ Emotet-haittaohjelma on jälleen aktivoitunut rauhallisemman kevään ja kesän jälkeen. Vuodesta 2014 toiminut troijalainen on ollut vaihtelevasti tauolla, mutta jälleen on havaittavissa poikkeuksellisen voimakasta toimintaa.. Kyberturvallisuuskeskus varoitti 18.8.2020 organisaatioita haittaohjelman poikkeuksellisen aktiivisesta leviämisestä suomalaisten organisaatioiden keskuudessa ja uhka on luokiteltu tällä hetkellä vakavaksi

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

thehackernews.com/2020/08/windows-update-download.html Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.

Google-sähköpostin ongelmat pääosin korjattu

yle.fi/uutiset/3-11503340 Tietotekniikkayhtiö Googlen Gmail-sähköpostissa on ollut toimintahäiriöitä tämän aamupäivän aikana.

Google fixes major Gmail bug seven hours after exploit details go public

www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/ Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.. see also

ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/

Taas uusi Microsoft-huijaus: Helsinkiläismieheltä vietiin 100 000 euroa

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/taas_uusi_microsoft-huijaus_helsinkilaismiehelta_vietiin_100_000_euroa_92746 Helsinkiläisen miehen pankkitililtä vietiin satatuhatta euroa niin sanotun Microsoftin tekninen tuki -huijauksen avulla. Miehelle oli soitettu ja väitetty, että soittaja oli Microsoftilta ja että miehen tietokone olisi joutunut hakkeroinnin kohteeksi. Miestä pyydettiin asentamaan etäyhteyden mahdollistava ohjelma TeamViewer, antamaan nettipankkitunnukset sekä näyttämään ajokorttinsa.

Transparent Tribe: Evolution analysis, part 1

securelist.com/transparent-tribe-part-1/98127/ Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group.

IBM AI-Powered Data Management Software Subject to Simple Exploit

threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/ A low-privileged process on a vulnerable machine could allow data harvesting and DoS.

Analyzing the Threat of Ransomware Attacks Against US Elections

www.recordedfuture.com/us-elections-ransomware-threats/ The threat of a ransomware attack against elections in the United States has been a growing concern within the government and the private sector. We already know that threat actors managed to infiltrate the networks of election offices in multiple states, and according to a Senate Intelligence Report, those same adversaries were targeting all 50 states.. see full report

go.recordedfuture.com/hubfs/reports/cta-2020-0820.pdf

Thanks for the memories… now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks ‘5% of stolen files’

www.theregister.com/2020/08/20/maze_crew_sk_hynix/ The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole.

Experian South Africa discloses data breach impacting 24 million customers

www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers/ Experian said the attacker was identified and its data deleted from the fraudster’s devices.

Office 365 Mail Forwarding Rules (and other Mail Rules too)

isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/

Facebook tightens screws on QAnon and US militia groups

www.zdnet.com/article/facebook-tightens-screws-on-qanon-and-us-militia-groups/ Social network says it has booted 790 QAnon groups and 980 groups related to US militias, which Facebook said includes some antifa.

The impact of COVID-19 on healthcare cybersecurity

blog.malwarebytes.com/vital-infrastructure/2020/08/the-impact-of-covid-19-on-healthcare-cybersecurity/ As if stress levels in the healthcare industry werent high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt circling the drain before, COVID-19 sent it into a tailspin.

Abnormals Q2 BEC Report Uncovers Ongoing, Accelerated Trends in Pandemic-related Email Security Attacks

abnormalsecurity.com/blog/abnormals-q2-bec-report-uncovers-ongoing-accelerated-trends-in-pandemic-related-email-security-attacks/

20 percent of organizations experienced breach due to remote worker, Labs report reveals

blog.malwarebytes.com/reports/2020/08/20-percent-of-organizations-experienced-breach-due-to-remote-worker-labs-report-reveals/

How Unsecure gRPC Implementations Can Compromise APIs, Applications

blog.trendmicro.com/trendlabs-security-intelligence/unsecure-grpc-implementations-compromise-apis-applications/

Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

www.zdnet.com/article/bug-bounty-platform-zdi-awarded-25m-to-researchers-over-the-past-15-years/ Bug bounty platform pioneer Zero-Day Initiative (ZDI) is celebrating its 15-year-old birthday this year.

You might be interested in …

Daily NCSC-FI news followup 2020-05-28

Counter Threat Unit Researchers Publish Threat Group Definitions www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions Today, the Secureworks® Counter Threat Unit (CTU) research team began publishing Threat Group profiles on the Secureworks website. The profiles include a summary of the groups, their objectives, other aliases by which the groups are known, and the malware they use. Both criminal and government-sponsored Threat […]

Read More

Daily NCSC-FI news followup 2019-09-03

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming krebsonsecurity.com/2019/09/feds-allege-adconion-employees-hijacked-ip-addresses-for-spamming/ Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening […]

Read More

Daily NCSC-FI news followup 2020-09-10

Viranomainen varoittaa huijausviestistä – varo tätä sähköpostia www.is.fi/digitoday/tietoturva/art-2000006630773.html Apple ID -tunnusten kalastelu on nyt aktiivista. Huijauksen mukaan vastaanottajan Apple ID:tä olisi käytetty luvattomasti muualla Applen iCloud-palveluun kirjautumiseksi. Tämän väitetään tapahtuneen Moskovasta käsin. Mukana on keinotekoinen ip-osoite sekä päivämäärä ja kellonaika. Ne saattavat vaihdella viestistä toiseen. Katso myös meidän twiitti: https://twitter.com/CERTFI/status/1303604786361774080 Ransomware accounted for 41% of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.