Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-09-03

Suomalaisten ammattiliittojen jäsenten tietoja kalasteltiin toimi näin, jos lankesit ansaan

www.tivi.fi/uutiset/tv/3b254379-c90e-48fa-b97f-282f4e7086ee Ylemmät toimihenkilöt YTN edustaa Suomessa 20 akavalaisen liiton kautta noin 170 000 asiantuntijaa ja esimiestä eri toimialoilla. YTN kertoo tiedotteessaan joutuneensa 25. elokuuta tietomurron kohteeksi. Uhriksi joutui yksi YTN:n työntekijän sähköpostilaatikko. YTN:n mukaan hyökkäys rajoittui tähän, eikä esimerkiksi henkilötietoja päätynyt murron myötä vääriin käsiin. Murrosta käynnistyi kuitenkin tietojenkalastelukampanja, jota varten hyödynnettiin huijausta varten luotua verkkosivua. Kyseinen sivu on nyt onnistuttu sulkemaan.

The Hidden Costs of Losing Security Talent

www.darkreading.com/risk/the-hidden-costs-of-losing-security-talent/d/d-id/1338816 According to Simone Petrella, founder and CEO of online training site CyberVista, an experienced security analyst commands an average annual salary of about $100, 000. And when that analyst leaves a company, it typically takes eight months to replace that person and almost four months to train a replacement. That’s nearly a full year of productivity lost, she says. Then it’s always possible the company could lose a second employee because that person became overloaded while the new hire was getting up to speed.

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

threatpost.com/attackers-can-exploit-critical-cisco-jabber-flaw-with-one-message/158942/ Researchers are warning of a critical remote code-execution (RCE) flaw in the Windows version of Cisco Jabber, the networking company’s video-conferencing and instant-messaging application. Attackers can exploit the flaw merely by sending targets specially crafted messages no user interaction required. The flaw (CVE-2020-3495) has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory. Researchers with Watchcom, who discovered the flaw, said that with remote workforces surging during the coronavirus pandemic, the implications of the vulnerability are especially serious.

European ISPs report mysterious wave of DDoS attacks

www.zdnet.com/article/european-isps-report-mysterious-wave-of-ddos-attacks/ Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure. The list of ISPs that suffered attacks over the past week includes Belgium’s EDP, France’s Bouygues Télécom, FDN, K-net, SFR, and the Netherlands’ Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl. “Multiple attacks were aimed towards routers and DNS infrastructure of Benelux based ISPs, ” a spokesperson said. “Most of [the attacks] were DNS amplification and LDAP-type of attacks.”. “Some of the attacks took longer than 4 hours and hit close to 300Gbit/s in volume, ” NBIB said.

Russian-Related Threats to the 2020 US Presidential Election

www.recordedfuture.com/us-election-russia-threats/ In this report, Recorded Future provides an overview of Russia-nexus cyberespionage and influence operations activity related to the 2020 U.S. elections, including from advanced persistent threat (APT) groups, information operations (IO) entities,. as well as likely front entities and non-state groups aimed at presidential candidates, political parties, elections infrastructure, media platforms, voting efforts, and the U.S. population at large.

Google removes Android app that was used to spy on Belarusian protesters

www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/ Google has removed this week an Android app from the Play Store that was used to collect personal information from Belarusians attending anti-government protests. While there is no official link between the fake Nexta app and the Minsk government, this would hardly be the first time that a government would try to spy on its citizens in the midst of anti-government protests, in attempts to identify protest-goers.

NO REST FOR THE WICKED: EVILNUM UNLEASHES PYVIL RAT

www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat The group’s operations appear to be highly targeted, as opposed to a widespread phishing operation, with a focus on the FinTech market by way of abusing the Know Your Customer regulations (KYC), documents with information provided by clients when business is undertaken. Since its first discovery, the group’s mainly targeted different companies across the UK and EU. In recent weeks, the Nocturnus team has observed new activity by the group, including several notable changes from tactics observed previously. These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT) Nocturnus dubbed PyVil RAT. PyVil RAT possesses different functionalities, and enables the attackers to exfiltrate data, perform keylogging and the taking of screenshots, and the deployment of more tools such as LaZagne in order to steal credentials. In this write-up, we dive into the recent activity of the Evilnum group and explore its new infection chain and tools.

Under Attack: How Threat Actors are Exploiting SOCKS Proxies

securityintelligence.com/articles/what-is-socks-proxy-exploit/ A SOCKS proxy can be used to improve network security in an enterprise, but can also be exploited by cybercriminals for nefarious reasons. Take a look at how SOCKS proxies have been manipulated recently by threat actors.

Australian government releases voluntary IoT cybersecurity code of practice

www.zdnet.com/article/australian-government-releases-voluntary-iot-cybersecurity-code-of-practice/ The voluntary Code of Practice: Securing the Internet of Things for Consumers is intended to provide industry with a best-practice guide on how to design IoT devices with cybersecurity features. It will apply to all IoT devices that connect to the internet to send and receive data in Australia, including “everyday devices such as smart fridges, smart televisions, baby monitors, and security cameras”.

Minister: New Zealand enduring wave of cyberattacks

wtop.com/world/2020/09/scale-of-new-zealand-cyber-attacks-unprecedented-minister/ New Zealand’s justice minister says the nation is confronting cyberattacks on an unprecedented scale, targeting everything from the stock market to the weather service.

CISA orders agencies to set up vulnerability disclosure programs

www.cyberscoop.com/cisa-vulnerability-disclosure-directive-omb/ CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help, ” CISA Assistant Director Bryan S. Ware said in announcing the directive.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.