Daily NCSC-FI news followup 2020-10-21

Useat tahot tutkivat psykoterapiakeskus Vastaamon tietomurtoa ja kiristystä Kyberturvallisuuskeskus pitää tapausta poikkeuksellisena

yle.fi/uutiset/3-11605223 Psykoterapiakeskus Vastaamoon on tehty tietomurto. Yritys kertoo tiedotteessaan, että ulkopuolinen henkilö on ollut heihin yhteydessä ja kertonut saaneensa asiakkaiden luottamuksellisia tietoja.. Tiedoista on myös yritetty kiristää rahaa.. katso myös

www.is.fi/digitoday/tietoturva/art-2000006677282.html

Kelan nimissä kalastellaan verkkopankkitunnuksia ja luottokorttitietoja

yle.fi/uutiset/3-11606389 Kelan nimissä lähetetyissä huijausviesteissä väitetään, että asiakkaiden terveystiedot ja luottokorttitiedot olisivat vaarantuneet.. Viesti on kirjoitettu suomeksi ja sen sisältämä linkki ohjaa kirjautumaan sivustolle, joka muistuttaa Suomi.fi – -kirjautumissivua. Huijaussivulla yritetään saada haltuun verkkopankkitunnuksia ja luottokorttitietoja.

Google releases Chrome security update to patch actively exploited zero-day

www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability.

Cisco warns of attacks targeting high severity router vulnerability

www.bleepingcomputer.com/news/security/cisco-warns-of-attacks-targeting-high-severity-router-vulnerability/ Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software.. “In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild,” the updated advisory reads.. Cisco fixed the CVE-2020-3118 security flaw in February 2020, together with four other severe vulnerabilities discovered by IoT security company Armis and collectively dubbed CDPwn.

Oracle Kills 402 Bugs in Massive October Patch Update

threatpost.com/oracle-october-patch-update/160407/ Over half of Oracles flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.

Life of Maze ransomware

securelist.com/maze-ransomware/99137/ In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations have fallen victim to this vile malware, including LG, Southwire, and the City of Pensacola.

Microsoft says it took down 94% of TrickBot’s command and control servers

www.zdnet.com/article/microsoft-says-it-took-down-94-of-trickbots-command-and-control-servers/ TrickBot survived an initial takedown attempt, but Microsoft and its partners are countering TrickBot operators after every move, taking down any new infrastructure the group is attempting to bring up online.. see also

www.bleepingcomputer.com/news/security/trickbot-malware-under-siege-from-all-sides-and-its-working/

LockBit ransomware moves quietly on the network, strikes fast

www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/ LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Montreal’s STM public transport system hit by ransomware attack

www.bleepingcomputer.com/news/security/montreals-stm-public-transport-system-hit-by-ransomware-attack/ Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.

MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states

www.zdnet.com/article/mobileiron-enterprise-mdm-servers-under-attack-from-ddos-gangs-nation-states/ Threat actors range from DDoS botnets to Chinese state-sponsored hacking groups.

QNAP warns of Windows Zerologon flaw affecting some NAS devices

www.bleepingcomputer.com/news/security/qnap-warns-of-windows-zerologon-flaw-affecting-some-nas-devices/ Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon (CVE-2020-1472) vulnerability.

Moving to a cloud, not a storm

www.ncsc.gov.uk/blog-post/move-to-a-cloud-not-a-storm Avoiding common problems when moving to the cloud.

You might be interested in …

Daily NCSC-FI news followup 2020-10-22

Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin arkaluontoisia potilaskertomuksia yle.fi/uutiset/3-11606925 Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja potilaskertomukset.. katso myös www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi Toimi näin, jos epäilet joutuneesi tietovuodon uhriksi yle.fi/uutiset/3-11608585 Kyberturvallisuuskeskus ja rikosuhripäivystys ovat koonneet toimintaohjeet tietovuodon uhriksi joutuneille.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/neuvoja-identiteettivarkauden-tai-tietovuodon-uhrille US govt: […]

Read More

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More

Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.