Daily NCSC-FI news followup 2020-10-21

Useat tahot tutkivat psykoterapiakeskus Vastaamon tietomurtoa ja kiristystä Kyberturvallisuuskeskus pitää tapausta poikkeuksellisena

yle.fi/uutiset/3-11605223 Psykoterapiakeskus Vastaamoon on tehty tietomurto. Yritys kertoo tiedotteessaan, että ulkopuolinen henkilö on ollut heihin yhteydessä ja kertonut saaneensa asiakkaiden luottamuksellisia tietoja.. Tiedoista on myös yritetty kiristää rahaa.. katso myös

www.is.fi/digitoday/tietoturva/art-2000006677282.html

Kelan nimissä kalastellaan verkkopankkitunnuksia ja luottokorttitietoja

yle.fi/uutiset/3-11606389 Kelan nimissä lähetetyissä huijausviesteissä väitetään, että asiakkaiden terveystiedot ja luottokorttitiedot olisivat vaarantuneet.. Viesti on kirjoitettu suomeksi ja sen sisältämä linkki ohjaa kirjautumaan sivustolle, joka muistuttaa Suomi.fi – -kirjautumissivua. Huijaussivulla yritetään saada haltuun verkkopankkitunnuksia ja luottokorttitietoja.

Google releases Chrome security update to patch actively exploited zero-day

www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability.

Cisco warns of attacks targeting high severity router vulnerability

www.bleepingcomputer.com/news/security/cisco-warns-of-attacks-targeting-high-severity-router-vulnerability/ Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software.. “In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild,” the updated advisory reads.. Cisco fixed the CVE-2020-3118 security flaw in February 2020, together with four other severe vulnerabilities discovered by IoT security company Armis and collectively dubbed CDPwn.

Oracle Kills 402 Bugs in Massive October Patch Update

threatpost.com/oracle-october-patch-update/160407/ Over half of Oracles flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.

Life of Maze ransomware

securelist.com/maze-ransomware/99137/ In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola.

Microsoft says it took down 94% of TrickBot’s command and control servers

www.zdnet.com/article/microsoft-says-it-took-down-94-of-trickbots-command-and-control-servers/ TrickBot survived an initial takedown attempt, but Microsoft and its partners are countering TrickBot operators after every move, taking down any new infrastructure the group is attempting to bring up online.. see also

www.bleepingcomputer.com/news/security/trickbot-malware-under-siege-from-all-sides-and-its-working/

LockBit ransomware moves quietly on the network, strikes fast

www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/ LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Montreal’s STM public transport system hit by ransomware attack

www.bleepingcomputer.com/news/security/montreals-stm-public-transport-system-hit-by-ransomware-attack/ Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.

MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states

www.zdnet.com/article/mobileiron-enterprise-mdm-servers-under-attack-from-ddos-gangs-nation-states/ Threat actors range from DDoS botnets to Chinese state-sponsored hacking groups.

QNAP warns of Windows Zerologon flaw affecting some NAS devices

www.bleepingcomputer.com/news/security/qnap-warns-of-windows-zerologon-flaw-affecting-some-nas-devices/ Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon (CVE-2020-1472) vulnerability.

Moving to a cloud, not a storm

www.ncsc.gov.uk/blog-post/move-to-a-cloud-not-a-storm Avoiding common problems when moving to the cloud.

You might be interested in …

Daily NCSC-FI news followup 2021-04-25

VPN Hacks Are a Slow-Motion Disaster www.wired.com/story/vpn-hacks-pulse-secure-espionage/ Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown. Hacking campaign targets FileZen file-sharing network appliances therecord.media/hacking-campaign-targets-filezen-file-sharing-network-appliances/ Threat actors are using two vulnerabilities in a popular file-sharing server to breach corporate and government systems and steal sensitive data as part […]

Read More

Daily NCSC-FI news followup 2021-04-27

EU selvittää väärinkäytön mahdollisuutta koronasovellusten käyttämässä rajapinnassa – Koronavilkun käyttö edelleen turvallista thl.fi/fi/-/eu-selvittaa-vaarinkayton-mahdollisuutta-koronasovellusten-kayttamassa-rajapinnassa-koronavilkun-kaytto-edelleen-turvallista- EU selvittää mahdollista tietoturva-aukkoa Android-puhelinten koronasovelluksissa, jotka hyödyntävät Googlen valmistamaa rajapintaa ja Google Play -palveluita. Toistaiseksi ei ole tullut ilmi, että rajapintaa olisi käytetty vääriin tarkoituksiin. Myös Suomessa käytössä oleva Koronavilkku-sovellus käyttää kyseistä rajapintaa. “Koronavilkkua voi edelleen käyttää turvallisesti. Tietoomme ei ole […]

Read More

Daily NCSC-FI news followup 2021-04-13

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/ Today is Microsoft’s April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won’t be any easier, so […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.