Daily NCSC-FI news followup 2020-08-20

Emotet palasi kesälomalta ja on jälleen aktiivinen Miten pienennät riskiä ympäristössäsi?

blog.f-secure.com/fi/emotet-palasi-kesalomalta-ja-on-jalleen-aktiivinen-miten-pienennat-riskia-ymparistossasi/ Emotet-haittaohjelma on jälleen aktivoitunut rauhallisemman kevään ja kesän jälkeen. Vuodesta 2014 toiminut troijalainen on ollut vaihtelevasti tauolla, mutta jälleen on havaittavissa poikkeuksellisen voimakasta toimintaa.. Kyberturvallisuuskeskus varoitti 18.8.2020 organisaatioita haittaohjelman poikkeuksellisen aktiivisesta leviämisestä suomalaisten organisaatioiden keskuudessa ja uhka on luokiteltu tällä hetkellä vakavaksi

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

thehackernews.com/2020/08/windows-update-download.html Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.

Google-sähköpostin ongelmat pääosin korjattu

yle.fi/uutiset/3-11503340 Tietotekniikkayhtiö Googlen Gmail-sähköpostissa on ollut toimintahäiriöitä tämän aamupäivän aikana.

Google fixes major Gmail bug seven hours after exploit details go public

www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/ Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.. see also

ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/

Taas uusi Microsoft-huijaus: Helsinkiläismieheltä vietiin 100 000 euroa

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/taas_uusi_microsoft-huijaus_helsinkilaismiehelta_vietiin_100_000_euroa_92746 Helsinkiläisen miehen pankkitililtä vietiin satatuhatta euroa niin sanotun Microsoftin tekninen tuki -huijauksen avulla. Miehelle oli soitettu ja väitetty, että soittaja oli Microsoftilta ja että miehen tietokone olisi joutunut hakkeroinnin kohteeksi. Miestä pyydettiin asentamaan etäyhteyden mahdollistava ohjelma TeamViewer, antamaan nettipankkitunnukset sekä näyttämään ajokorttinsa.

Transparent Tribe: Evolution analysis, part 1

securelist.com/transparent-tribe-part-1/98127/ Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group.

IBM AI-Powered Data Management Software Subject to Simple Exploit

threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/ A low-privileged process on a vulnerable machine could allow data harvesting and DoS.

Analyzing the Threat of Ransomware Attacks Against US Elections

www.recordedfuture.com/us-elections-ransomware-threats/ The threat of a ransomware attack against elections in the United States has been a growing concern within the government and the private sector. We already know that threat actors managed to infiltrate the networks of election offices in multiple states, and according to a Senate Intelligence Report, those same adversaries were targeting all 50 states.. see full report

go.recordedfuture.com/hubfs/reports/cta-2020-0820.pdf

Thanks for the memories… now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks ‘5% of stolen files’

www.theregister.com/2020/08/20/maze_crew_sk_hynix/ The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole.

Experian South Africa discloses data breach impacting 24 million customers

www.zdnet.com/article/experian-south-africa-discloses-data-breach-impacting-24-million-customers/ Experian said the attacker was identified and its data deleted from the fraudster’s devices.

Office 365 Mail Forwarding Rules (and other Mail Rules too)

isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/

Facebook tightens screws on QAnon and US militia groups

www.zdnet.com/article/facebook-tightens-screws-on-qanon-and-us-militia-groups/ Social network says it has booted 790 QAnon groups and 980 groups related to US militias, which Facebook said includes some antifa.

The impact of COVID-19 on healthcare cybersecurity

blog.malwarebytes.com/vital-infrastructure/2020/08/the-impact-of-covid-19-on-healthcare-cybersecurity/ As if stress levels in the healthcare industry werent high enough due to the COVID-19 pandemic, risks to its already fragile cybersecurity infrastructure are at an all-time high. From increased cyberattacks to exacerbated vulnerabilities to costly human errors, if healthcare cybersecurity wasnt circling the drain before, COVID-19 sent it into a tailspin.

Abnormals Q2 BEC Report Uncovers Ongoing, Accelerated Trends in Pandemic-related Email Security Attacks

abnormalsecurity.com/blog/abnormals-q2-bec-report-uncovers-ongoing-accelerated-trends-in-pandemic-related-email-security-attacks/

20 percent of organizations experienced breach due to remote worker, Labs report reveals

blog.malwarebytes.com/reports/2020/08/20-percent-of-organizations-experienced-breach-due-to-remote-worker-labs-report-reveals/

How Unsecure gRPC Implementations Can Compromise APIs, Applications

blog.trendmicro.com/trendlabs-security-intelligence/unsecure-grpc-implementations-compromise-apis-applications/

Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

www.zdnet.com/article/bug-bounty-platform-zdi-awarded-25m-to-researchers-over-the-past-15-years/ Bug bounty platform pioneer Zero-Day Initiative (ZDI) is celebrating its 15-year-old birthday this year.

You might be interested in …

Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers. French CERT (ANSSI) releases Active Directory Security Assessment Checklist www.cert.ssi.gouv.fr/uploads/guide-ad.html U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III […]

Read More

Daily NCSC-FI news followup 2020-04-08

COVID-19 Exploited by Malicious Cyber Actors www.us-cert.gov/ncas/alerts/aa20-099a This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.. This is a joint alert from the United […]

Read More

Daily NCSC-FI news followup 2019-11-10

Tällaisilla viesteillä suomalaisilta yrityksiltä kalastellaan rahaa katso, olisitko itse haksahtanut yle.fi/uutiset/3-11026269?origin=rss Tässä jutussa näet esimerkkejä aidoista työpaikoille tulevista huijausviesteistä. The state of JavaScript frameworks security report 2019 snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf A security review of Angular and React with a sneak peek into Vue.js, Bootstrap and jQuery. Also www.i-programmer.info/news/167-javascript/13232-the-perils-of-jquery.html. ” Although the JavaScript library jQuery is no longer […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.