Daily NCSC-FI news followup 2020-10-05

Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta

www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/ Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation Digipoolin teettämä kartoitus

MosaicRegressor: Lurking in the Shadows of UEFI

securelist.com/mosaicregressor/98849/ UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems. Replacing the legacy BIOS, it is typically used to facilitate the machine’s boot sequence and load the operating system, while using a feature-rich environment to do so. Lisäksi:

threatpost.com/bootkit-malware-north-korea-diplomats/159846/. Lisäksi:

www.zdnet.com/article/chinese-hacker-group-spotted-using-a-uefi-bootkit-in-the-wild/. Lisäksi:

arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/. Lisäksi:

www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/. Lisäksi: www.wired.com/story/hacking-team-uefi-tool-spyware/

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

threatpost.com/tenda-router-zero-days-spyware-botnet/159834/ A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.

Four npm packages found uploading user details on a GitHub page

www.zdnet.com/article/four-npm-packages-found-uploading-user-details-on-a-github-page/ Four JavaScript npm packages contained malicious code that collected user details and uploaded the information to a public GitHub page.

Crypto-mining worm adds Linux password stealing capability

www.bleepingcomputer.com/news/security/crypto-mining-worm-adds-linux-password-stealing-capability/ The TeamTNT cybercrime group has recently updated its crypto-mining worm with password-stealing capabilities and with an additional network scanner to make it easier to spread to other vulnerable devices.

Slack outage causes lag, message errors, blank screens worldwide

www.bleepingcomputer.com/news/technology/slack-outage-causes-lag-message-errors-blank-screens-worldwide/ Slack is experiencing a worldwide outage causing problems sending messages, editing messages, lag in chats, and channels displaying a blank screen. Lisäksi:

status.slack.com/2020-10/e8c094cc99aabf64

New ransomware vaccine kills programs wiping Windows shadow volumes

www.bleepingcomputer.com/news/security/new-ransomware-vaccine-kills-programs-wiping-windows-shadow-volumes/ A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program

Häiriö ohi: HUSin koronabotin kaatanut vika on saatu korjattua

yle.fi/uutiset/3-11579085 Koronabotti itsepalveluajanvarauksessa aamulla alkanut häiriö on saatu korjattua, HUS tiedottaa.

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

thehackernews.com/2020/10/antivirus-software-vulnerabilities.html Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems.

You might be interested in …

Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two […]

Read More

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]

Read More

Daily NCSC-FI news followup 2021-08-10

Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/ Today is Microsoft’s August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities (51 including Microsoft […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.