Daily NCSC-FI news followup 2020-09-29

Koronavilkku päivittyi ja esittää tärkeän kysymyksen avattaessa vastaa siihen myöntävästi

www.is.fi/digitoday/mobiili/art-2000006652361.html Jokaisen tulisi päivittää Koronavilkku ja avata sovellus kertaalleen. Sovellus ei enää päivityksen jälkeen voi vaipua sen toimintaa häiritsevään horrostilaan.

These hackers have spent months hiding out in company networks undetected

www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/ A state-sponsored hacking group been creeping around networks for almost a year as part of an information stealing campaign, warns Symantec. Detailed by cybersecurity company Symantec, the attacks against organisations in the US, Japan, Taiwan and China are being conduced with the aim of stealing information and have been linked to an espionage group known as Palmerworm aka BlackTech which has a history of campaigns going back to 2013. Report:


A Ransomware Attack Has Struck a Major US Hospital Chain

www.wired.com/story/universal-health-services-ransomware-attack/ “All computers are completely shut down, ” one Universal Health Services employee told WIRED.

Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data

www.zdnet.com/article/nevada-school-district-refuses-to-submit-to-ransomware-blackmail-hacker-responds-by-publishing-student-data/ Thousands of students have reportedly had their private data released online.

Ransomware hits US-based Arthur J. Gallagher insurance giant

www.bleepingcomputer.com/news/security/ransomware-hits-us-based-arthur-j-gallagher-insurance-giant/ US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems on Saturday. AJG is one of the largest insurance brokers in the world with more than 33, 300 employees and operations in 49 countries.

Microsoft: Some ransomware attacks take less than 45 minutes

www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes/ Microsoft goes over the recent malware trends in its new “Digital Defense Report.”. For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report. report:


All four of the world’s largest shipping companies have now been hit by cyber-attacks

www.zdnet.com/article/all-four-of-the-worlds-largest-shipping-companies-have-now-been-hit-by-cyber-attacks/ With today’s news that French shipping giant CMA CGM has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017.

LodaRAT Update: Alive and Well

blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality.


www.europol.europa.eu/newsroom/news/hook-line-and-sinker-cybercrime-network-phishing-bank-credentials-arrested-in-romania The criminal group sent phishing text messages and emails to get access to victims’ bank accounts

“Poikkeuksellisia tapauksia” Uusi käänne suomalaisille tulevissa huijauspuheluissa

www.is.fi/digitoday/tietoturva/art-2000006652053.html Microsoft-huijarit voivat nyt soittaa myös suomeksi. Soittoihin liittyy kuitenkin avoimia kysymyksiä.

Director of nuisance-calls company ordered to cough up £114k after ignoring £40k fine from UK data watchdog

www.theregister.com/2020/09/29/ico_it_protect_fine_enforcement/ A director of a company fined £40, 000 by the Information Commissioner’s Office has himself been ordered to pay out more than £100, 000 as part of a long-running collection saga.

Microsoft Netlogon exploitation continues to rise

blog.talosintelligence.com/2020/09/netlogon-rises.html Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report.

Microsoft clarifies patch confusion for Windows Zerologon flaw

www.bleepingcomputer.com/news/security/microsoft-clarifies-patch-confusion-for-windows-zerologon-flaw/ Microsoft clarified the steps customers should take to make sure that their devices are protected against ongoing attacks using Windows Server Zerologon (CVE-2020-1472) exploits. In a step-by-step approach, the updated advisory now explains the exact actions that administrators need to take to make sure that their environments are protected and outages are prevented in the event of an incoming attack designed to exploit servers that would otherwise be vulnerable to Zerologon exploits.

Cisco fixes actively exploited bugs in carrier-grade routers

www.bleepingcomputer.com/news/security/cisco-fixes-actively-exploited-bugs-in-carrier-grade-routers/ Cisco fixed two actively exploited and high severity memory exhaustion DoS vulnerabilities found in the IOS XR software that runs on multiple carrier-grade routers. Cisco warned customers on August 29th of ongoing attacks targeting carrier-grade routers running vulnerable Cisco IOS XR software versions.

QNAP tells NAS users to update firmware to avoid new type of ransomware

www.zdnet.com/article/qnap-tells-nas-users-to-update-firmware-to-avoid-new-type-of-ransomware/ AgeLocker ransomware has been seen infecting QNAP NAS systems since June.

Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia

www.theregister.com/2020/09/29/flight_radar_24_ddos/ That’s one way of poking the world’s eyes out for a few hours

Tech Firms Accused Of Improper Data Handling – But US Government Says It Doesn’t Matter

www.forbes.com/sites/emmawoollacott/2020/09/29/tech-firms-accused-of-improper-data-handlingbut-us-government-says-it-doesnt-matter/ A new report indicates that US tech giants like Facebook and Netflix are failing to handle US-EU data transfers legally – but the US government is claiming that it shouldn’t be cause for concern.

Managing Remote Access for Partners & Contractors

isc.sans.edu/diary/rss/26614 Sometimes their techs will install the Bomgar jump client on your servers when they are troubleshooting issues. They don’t remove it, it is left to the local entity to remove it or at least disable the service until it is needed again. Here are some tips to increase the operations security when working with third-parties.

Microsoftilla massiivinen katko Outlook.comissa ja Teamsissa

www.tivi.fi/uutiset/tv/84444cd3-871e-499f-a62a-be6ac52687c9 Useat Microsoftin pilvipalvelut Outlookista Teamsiin kärsivät maanantain ja tiistain välisenä yönä katkoksesta.

With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft

www.theregister.com/2020/09/29/onedrive_azure_active_directory_outage/ Does Redmond have a reliability problem?. Microsoft has fixed an issue with its OneDrive and SharePoint services where users were unable to sign in, caused by a faulty remediation for the earlier Azure Active Directory outage.

You might be interested in …

Daily NCSC-FI news followup 2020-05-01

Ransomware mentioned in 1,000+ SEC filings over the past year www.zdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year/#ftag=RSSbaffb68 A growing number of public companies are now listing ransomware as a forward-looking risk factor in documents filed with the US Securities Exchange Commission. Listing ransomware as a risk factor in SEC filings shows that companies now understand the danger posed by a ransomware […]

Read More

Daily NCSC-FI news followup 2021-06-02

Ransomware: What board members should know and what they should be asking their technical experts www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and […]

Read More

Daily NCSC-FI news followup 2021-07-15

Brand Phishing Report Q2 2021: Microsoft Continues Reign blog.checkpoint.com/2021/07/15/brand-phishing-report-q2-2021-microsoft-continues-reign/ Our latest Brand Phishing Report for Q2 2021 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals personal information or payment credentials during April, May and June 2021. In a quarter that saw Microsoft warn of a new Russian […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.