Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-09-16

Tietovuoto: Kiinalaisyrityksen urkintalistalla on 799 suomalaista, joukossa poliitikkoja ja heidän lähipiiriään Katso, miten suomalaiset on jaoteltu

yle.fi/uutiset/3-11544521 Poikkeuksellinen tietovuoto kertoo, millaiset suomalaiset vaikuttajat kiinnostavat Kiinaa.

Pitkään kestävä syysmyrsky huolettaa sähköyhtiöitä “Valmiudessa on moninkertainen määrä työntekijöitä”

yle.fi/uutiset/3-11547019 Keski-Pohjanmaalla toimivat sähköyhtiöt ovat nostaneet selvästi varautumistaan voimakkaan ja poikkeuksellisen pitkäkestoisen syysmyrskyn varalle.

Yhä useampi on huolissaan lähipiiriinsä kohdistuvista tietoturvauhkista

www.epressi.com/tiedotteet/teknologia/yha-useampi-on-huolissaan-lahipiiriinsa-kohdistuvista-tietoturvauhkista.html Liikenne- ja viestintävirasto Traficomin loppukeväällä teettämän kuluttajatutkimuksen mukaan suomalaiset kokevat tietoturvaan liittyvät uhkakuvat merkittävinä huomattavasti aiempaa laajemmin. Valmiuksien suojautua näiltä uhkilta ei kuitenkaan ole koettu parantuneen samassa suhteessa. Samaan aikaan nettiin kytketyt älylaitteet ovat yleistyneet kodeissa.

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw

www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/ New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

DDoS Attacks Skyrocket as Pandemic Bites

threatpost.com/ddos-attacks-skyrocket-pandemic/159301/ More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.

US charges two hackers for defacing US websites following Soleimani killing

www.zdnet.com/article/us-charges-two-hackers-for-defacing-us-websites-following-soleimani-killing/ US authorities have tracked down the two hackers behind a January 2020 mass-defacement campaign.

FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List

thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world.

Koronavilkulla yli kaksi miljoonaa latausta 218 ilmoittanut tartunnasta

www.is.fi/digitoday/mobiili/art-2000006637535.html Tartunnoista on ilmoitettu Koronavilkussa samassa suhteessa kuin mitä sovellusta on otettu käyttöön.

LockBit ransomware launches data leak site to double-extort victims

www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/ The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.

Payments stopped, three arrested in medical supplies fraud case

www.interpol.int/en/News-and-Events/News/2020/Payments-stopped-three-arrested-in-medical-supplies-fraud-case Three members of an international crime syndicate wanted for tricking an Italian company into making fraudulent payments for non-existent medical equipment were arrested in Indonesia, in a case supported by INTERPOL.

Cerberus banking Trojan source code released for free to cyberattackers

www.zdnet.com/article/cerberus-banking-trojan-source-code-released-for-free-to-cyberattackers/ An auction designed to net the developer of the Android malware $100,000 failed.

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/ Today, were excited to release this new tool called Project OneFuzz, an extensible fuzz testing framework for Azure. Available through GitHub as an open-source tool, the testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world.

This security awareness training email is actually a phishing scam

www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/ A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency

www.theregister.com/2020/09/16/nsa_secureboot_guide/ The NSA has published online a guide for IT admins to keep systems free of bootkits and rootkits.. see also

media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF

Improved malware protection for users in the Advanced Protection Program

security.googleblog.com/2020/09/improved-malware-protection-for-users.html Googles Advanced Protection Program helps secure people at higher risk of targeted online attacks, like journalists, political organizations, and activists, with a set of constantly evolving safeguards that reflect todays threat landscape.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.