Daily NCSC-FI news followup 2020-10-05

Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta

www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/ Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation Digipoolin teettämä kartoitus

MosaicRegressor: Lurking in the Shadows of UEFI

securelist.com/mosaicregressor/98849/ UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems. Replacing the legacy BIOS, it is typically used to facilitate the machine’s boot sequence and load the operating system, while using a feature-rich environment to do so. Lisäksi:

threatpost.com/bootkit-malware-north-korea-diplomats/159846/. Lisäksi:

www.zdnet.com/article/chinese-hacker-group-spotted-using-a-uefi-bootkit-in-the-wild/. Lisäksi:

arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/. Lisäksi:

www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/. Lisäksi: www.wired.com/story/hacking-team-uefi-tool-spyware/

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

threatpost.com/tenda-router-zero-days-spyware-botnet/159834/ A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.

Four npm packages found uploading user details on a GitHub page

www.zdnet.com/article/four-npm-packages-found-uploading-user-details-on-a-github-page/ Four JavaScript npm packages contained malicious code that collected user details and uploaded the information to a public GitHub page.

Crypto-mining worm adds Linux password stealing capability

www.bleepingcomputer.com/news/security/crypto-mining-worm-adds-linux-password-stealing-capability/ The TeamTNT cybercrime group has recently updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices.

Slack outage causes lag, message errors, blank screens worldwide

www.bleepingcomputer.com/news/technology/slack-outage-causes-lag-message-errors-blank-screens-worldwide/ Slack is experiencing a worldwide outage causing problems sending messages, editing messages, lag in chats, and channels displaying a blank screen. Lisäksi:

status.slack.com/2020-10/e8c094cc99aabf64

New ransomware vaccine kills programs wiping Windows shadow volumes

www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/ A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program

Häiriö ohi: HUSin koronabotin kaatanut vika on saatu korjattua

yle.fi/uutiset/3-11579085 Koronabotti itsepalveluajanvarauksessa aamulla alkanut häiriö on saatu korjattua, HUS tiedottaa.

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

thehackernews.com/2020/10/antivirus-software-vulnerabilities.html Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems.

You might be interested in …

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as […]

Read More

Daily NCSC-FI news followup 2019-11-09

Titanium: the Platinum group strikes again securelist.com/titanium-the-platinum-group-strikes-again/94961/ Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.