Daily NCSC-FI news followup 2020-09-05

Suomi ennakoi 5g:n tuomia riskejä – Supo mukana arvioimassa laitteita

www.kauppalehti.fi/uutiset/suomi-ennakoi-5gn-tuomia-riskeja-supo-mukana-arvioimassa-laitteita/15541875-2408-4a72-9f79-7e8f1922ef38 Tuleva lakimuutos mahdollistaa verkoista kansallisesti vaaralliseksi arvioitavien verkkolaitteiden poistamisen. “Tämä on osittain liitoksissa 5g-turvallisuuteen, mutta laissa ei ole tarkoituksena millään tavalla jonkin verkkolaitevalmistajan säänteleminen tai markkinoilta poistaminen. Laki lähtee aivan neutraalista näkökulmasta”, johtaja Jukka-Pekka Juutinen Traficomista kertoo.

Australian Cyber Security Centre (ACSC) releases cyber report 2019-2020

www.cyber.gov.au/acsc/view-all-content/news/new-acsc-report-details-cyber-threats-across-australia The inaugural ACSC Annual Cyber Threat Report: July 2019 to June 2020 has been developed with our law enforcement partners, the Australian Federal Police and the Australian Criminal Intelligence Commission, to provide important information about emerging cyber security and cybercrime threats impacting different sectors of the Australian economy.

ACSC has also developed information to help the community buy and use internet-connected devices securely – such as smart fridges, smart televisions, baby monitors and security cameras

www.cyber.gov.au/acsc/view-all-content/news/advice-users-and-manufacturers-internet-things-devices The Australian Government has released a voluntary Code of Practice to improve the security of the Internet of Things (IoT) in Australia – including everyday devices such as smart fridges, smart televisions, baby monitors and security cameras.

FBI issues second alert about ProLock ransomware stealing data

www.bleepingcomputer.com/news/security/fbi-issues-second-alert-about-prolock-ransomware-stealing-data/ The boost in activity was most likely caused by partnering with the QakBot banking trojan gang which made it a lot easier to gain access to new victims’ networks.

White House publishes a cyber-security rulebook for space systems

www.zdnet.com/article/white-house-publishes-a-cyber-security-rulebook-for-space-systems/ The new rules, detailed in Space Policy Directive-5 (SPD-5), are meant to establish a cybersecurity baseline for all space-bound craft, systems, networks, and communications channels built and operated by US government agencies and commercial space entities. “Examples of malicious cyber activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks, ” said officials.

Researchers find a way to spot security fixes from Linux kernel with data mining

www.theregister.com/2020/09/04/linux_kernel_flaws/ Researchers affiliated with BMW, Siemens, and two German universities have found that they can detect Linux kernel security fixes before they get released, insight that could allow miscreants to develop and deploy exploit code for which there’s no defense. In an ArXiv-distributed paper titled, “The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects, ” researchers outline a data mining scheme that amounts to a side channel attack on the open source vulnerability disclosure process. PDF: arxiv.org/pdf/2009.01694.pdf

Cybersecurity – the new dimension of automotive quality

www.kaspersky.com/blog/cybersecurity-automotive/36924/ Modern computerized car require a secure-by-design platform. And that’s just what we’ve come up with. A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.

You might be interested in …

Daily NCSC-FI news followup 2020-05-10

Microsoft adds protection against Reply-All email storms in Office 365 www.zdnet.com/article/microsoft-adds-protection-against-reply-all-email-storms-in-office-365/ Microsoft rolled out this week a new feature to Office 365 customers to help their IT staff detect and stop “Reply-All email storms.”. The term refers to situations when employees use the Reply-All option in mass-mailed emails, such as company-wide notifications. Sodinokibi ransomware can […]

Read More

Daily NCSC-FI news followup 2021-04-16

SolarWinds hack affected six EU agencies therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack. […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.