Daily NCSC-FI news followup 2020-09-16

Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään Katso, miten suomalaiset on jaoteltu

yle.fi/uutiset/3-11544521 Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa.

Pitkään kestävä syysmyrsky huolettaa sähköyhtiöitä “Valmiudessa on moninkertainen määrä työntekijöitä”

yle.fi/uutiset/3-11547019 Keski-Pohjanmaalla toimivat sähköyhtiöt ovat nostaneet selvästi varautumistaan voimakkaan ja poikkeuksellisen pitkäkestoisen syysmyrskyn varalle.

Yhä useampi on huolissaan lähipiiriinsä kohdistuvista tietoturvauhkista

www.epressi.com/tiedotteet/teknologia/yha-useampi-on-huolissaan-lahipiiriinsa-kohdistuvista-tietoturvauhkista.html Liikenne- ja viestintävirasto Traficomin loppukeväällä teettämän kuluttajatutkimuksen mukaan suomalaiset kokevat tietoturvaan liittyvät uhkakuvat merkittävinä huomattavasti aiempaa laajemmin. Valmiuksien suojautua näiltä uhkilta ei kuitenkaan ole koettu parantuneen samassa suhteessa. Samaan aikaan nettiin kytketyt älylaitteet ovat yleistyneet kodeissa.

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw

www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/ New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

DDoS Attacks Skyrocket as Pandemic Bites

threatpost.com/ddos-attacks-skyrocket-pandemic/159301/ More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

US charges two hackers for defacing US websites following Soleimani killing

www.zdnet.com/article/us-charges-two-hackers-for-defacing-us-websites-following-soleimani-killing/ US authorities have tracked down the two hackers behind a January 2020 mass-defacement campaign.

FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List

thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world.

Koronavilkulla yli kaksi miljoonaa latausta 218 ilmoittanut tartunnasta

www.is.fi/digitoday/mobiili/art-2000006637535.html Tartunnoista on ilmoitettu Koronavilkussa samassa suhteessa kuin mitä sovellusta on otettu käyttöön.

LockBit ransomware launches data leak site to double-extort victims

www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/ The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.

Payments stopped, three arrested in medical supplies fraud case

www.interpol.int/en/News-and-Events/News/2020/Payments-stopped-three-arrested-in-medical-supplies-fraud-case Three members of an international crime syndicate wanted for tricking an Italian company into making fraudulent payments for non-existent medical equipment were arrested in Indonesia, in a case supported by INTERPOL.

Cerberus banking Trojan source code released for free to cyberattackers

www.zdnet.com/article/cerberus-banking-trojan-source-code-released-for-free-to-cyberattackers/ An auction designed to net the developer of the Android malware $100,000 failed.

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/ Today, were excited to release this new tool called Project OneFuzz, an extensible fuzz testing framework for Azure. Available through GitHub as an open-source tool, the testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world.

This security awareness training email is actually a phishing scam

www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/ A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency

www.theregister.com/2020/09/16/nsa_secureboot_guide/ The NSA has published online a guide for IT admins to keep systems free of bootkits and rootkits.. see also

media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF

Improved malware protection for users in the Advanced Protection Program

security.googleblog.com/2020/09/improved-malware-protection-for-users.html Googles Advanced Protection Program helps secure people at higher risk of targeted online attacks, like journalists, political organizations, and activists, with a set of constantly evolving safeguards that reflect todays threat landscape.

You might be interested in …

Daily NCSC-FI news followup 2019-11-08

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it? www.theregister.co.uk/2019/11/07/ubiquiti_networks_phone_home/ Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry.. It all kicked off when the US-based manufacturer confirmed that a software update released this […]

Read More

Daily NCSC-FI news followup 2020-03-01

Switzerland files criminal complaint over Crypto spying scandal www.reuters.com/article/us-swiss-spying-crypto/switzerland-files-criminal-complaint-over-crypto-spying-scandal-idUSKBN20O1VD The Swiss government has filed a criminal complaint over the U.S. Central Intelligence Agencys alleged use of a cryptography company as a front to spy on various governments secret communications, the Swiss attorney generals office said on Sunday.. The complaint against persons unknown for alleged breaches […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.