Daily NCSC-FI news followup 2020-09-05

Suomi ennakoi 5g:n tuomia riskejä – Supo mukana arvioimassa laitteita

www.kauppalehti.fi/uutiset/suomi-ennakoi-5gn-tuomia-riskeja-supo-mukana-arvioimassa-laitteita/15541875-2408-4a72-9f79-7e8f1922ef38 Tuleva lakimuutos mahdollistaa verkoista kansallisesti vaaralliseksi arvioitavien verkkolaitteiden poistamisen. “Tämä on osittain liitoksissa 5g-turvallisuuteen, mutta laissa ei ole tarkoituksena millään tavalla jonkin verkkolaitevalmistajan säänteleminen tai markkinoilta poistaminen. Laki lähtee aivan neutraalista näkökulmasta”, johtaja Jukka-Pekka Juutinen Traficomista kertoo.

Australian Cyber Security Centre (ACSC) releases cyber report 2019-2020

www.cyber.gov.au/acsc/view-all-content/news/new-acsc-report-details-cyber-threats-across-australia The inaugural ACSC Annual Cyber Threat Report: July 2019 to June 2020 has been developed with our law enforcement partners, the Australian Federal Police and the Australian Criminal Intelligence Commission, to provide important information about emerging cyber security and cybercrime threats impacting different sectors of the Australian economy.

ACSC has also developed information to help the community buy and use internet-connected devices securely – such as smart fridges, smart televisions, baby monitors and security cameras

www.cyber.gov.au/acsc/view-all-content/news/advice-users-and-manufacturers-internet-things-devices The Australian Government has released a voluntary Code of Practice to improve the security of the Internet of Things (IoT) in Australia – including everyday devices such as smart fridges, smart televisions, baby monitors and security cameras.

FBI issues second alert about ProLock ransomware stealing data

www.bleepingcomputer.com/news/security/fbi-issues-second-alert-about-prolock-ransomware-stealing-data/ The boost in activity was most likely caused by partnering with the QakBot banking trojan gang which made it a lot easier to gain access to new victims’ networks.

White House publishes a cyber-security rulebook for space systems

www.zdnet.com/article/white-house-publishes-a-cyber-security-rulebook-for-space-systems/ The new rules, detailed in Space Policy Directive-5 (SPD-5), are meant to establish a cybersecurity baseline for all space-bound craft, systems, networks, and communications channels built and operated by US government agencies and commercial space entities. “Examples of malicious cyber activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks, ” said officials.

Researchers find a way to spot security fixes from Linux kernel with data mining

www.theregister.com/2020/09/04/linux_kernel_flaws/ Researchers affiliated with BMW, Siemens, and two German universities have found that they can detect Linux kernel security fixes before they get released, insight that could allow miscreants to develop and deploy exploit code for which there’s no defense. In an ArXiv-distributed paper titled, “The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects, ” researchers outline a data mining scheme that amounts to a side channel attack on the open source vulnerability disclosure process. PDF: arxiv.org/pdf/2009.01694.pdf

Cybersecurity – the new dimension of automotive quality

www.kaspersky.com/blog/cybersecurity-automotive/36924/ Modern computerized car require a secure-by-design platform. And that’s just what we’ve come up with. A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.

You might be interested in …

Daily NCSC-FI news followup 2021-01-07

Linux malware authors use Ezuri Golang crypter for zero detection www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use. December 2020’s Most Wanted Malware: Emotet Returns as Top Malware […]

Read More

Daily NCSC-FI news followup 2021-03-01

T-Mobile discloses data breach after SIM swapping attacks www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/ The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. The information accessed by the hackers might have included customers’ full names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers […]

Read More

Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla. Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.