Daily NCSC-FI news followup 2020-10-22

Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin arkaluontoisia potilaskertomuksia

yle.fi/uutiset/3-11606925 Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja potilaskertomukset.. katso myös

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi

Toimi näin, jos epäilet joutuneesi tietovuodon uhriksi

yle.fi/uutiset/3-11608585 Kyberturvallisuuskeskus ja rikosuhripäivystys ovat koonneet toimintaohjeet tietovuodon uhriksi joutuneille.. katso myös

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/neuvoja-identiteettivarkauden-tai-tietovuodon-uhrille

US govt: Iran behind fake Proud Boys voter intimidation emails

www.bleepingcomputer.com/news/government/us-govt-iran-behind-fake-proud-boys-voter-intimidation-emails/ The US govt has stated that Iran is behind threatening emails sent to Democratic voters warning that they must vote for Trump or face consequences.

Iranian APT Actors Threaten Election-Related Systems

us-cert.cisa.gov/ncas/alerts/aa20-296b The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.

Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

us-cert.cisa.gov/ncas/alerts/aa20-296a Since at least September 2020, a Russian state-sponsored APT actorknown variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala in open-source reportinghas conducted a campaign against a wide variety of U.S. targets. . The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.

OP varoittaa erittäin vakuuttavista huijausviesteistä: Näin toimii vain rikollinen

www.is.fi/digitoday/tietoturva/art-2000006677551.html OP:n asiakkaille on lähetetty vakuuttavia ja valheellisia sähköposteja.

Microsoft Teams Phishing Attack Targets Office 365 Users

threatpost.com/microsoft-teams-phishing-office-365/160458/ Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a missed chat from Microsoft Teams.

Hacker says he correctly guessed Trumps Twitter passwordit was maga2020!

arstechnica.com/tech-policy/2020/10/hacker-says-he-correctly-guessed-trumps-twitter-password-it-was-maga2020/ A security researcher reportedly logged in to President Trump’s Twitter account last week by guessing the passwordit was “maga2020!”and then alerted the US government that Trump needed to upgrade his Twitter security practices.

French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected

www.theregister.com/2020/10/22/sopra_steria_ryuk_ransomware_reports/ You know, the firm that runs half of NHS Business Services

EU sanctions Russian hackers over 2015 German parliament attack

www.bleepingcomputer.com/news/security/eu-sanctions-russian-hackers-over-2015-german-parliament-attack/ The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag).. Dmitry Sergeyevich Badin and Igor Olegovich Kostyukov are the two military intelligence officers sanctioned today, both of them known members of the GTsSS (an APT group also tracked as APT28, Fancy Bear, Sofacy Group, Sednit, and Strontium) which is also a target of today’s restrictive measures imposed by the Council of the EU decision.

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/ Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix.

On the trail of the XMRig miner

securelist.com/miner-xmrig/99151/

Enhancing Threat Hunting with MITRE ATT&CK

blog.checkpoint.com/2020/10/22/enhancing-threat-hunting-with-mitre-attck/

You might be interested in …

Daily NCSC-FI news followup 2020-04-26

Hackers are exploiting a Sophos firewall zero-day www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/ Read also: community.sophos.com/kb/en-us/135412 and www.theregister.co.uk/2020/04/26/security_roundup_240420/. As well as: www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/ Reopen Domains: Shut the Front Dorr www.domaintools.com/resources/blog/reopen-domains-shut-the-front-dorr Update: We noticed that while working on this piece Brian Krebs posted an excellent article on the same. What can we say, but great minds think alike? Since we dug into […]

Read More

Daily NCSC-FI news followup 2020-04-12

Sodinokibi Ransomware to stop taking Bitcoin to hide money trail www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/ The Sodinokibi Ransomware has started to accept the Monero cryptocurrency to make it harder for law enforcement to track ransom payments and plans to stop allowing bitcoin payments in the future. Burning Cell Towers, Out of Baseless Fear They Spread the Virus www.msn.com/en-us/news/technology/how-a-virus-conspiracy-theory-fueled-arson-and-harassment-in-britain/ar-BB12rCms Across […]

Read More

Daily NCSC-FI news followup 2020-07-19

WSJ: Yhdysvaltalaistutkijat jäljittivät matkapuhelinten signaaleja lähellä venäläisiä sotilaskohteita yle.fi/uutiset/3-11455540 Kaupallisesti saatavilla olevaa paikannustietoa käytetään yhä enemmän myös valtiollisessa tiedustelussa. Amerikkalainen tutkijaryhmä Mississippin yliopistosta seurasi viime vuonna matkapuhelinten signaaleja lähellä Venäjän sotilasalueita, Wall Street Journal uutisoi. Lue myös: www.wsj.com/articles/academic-project-used-marketing-data-to-monitor-russian-military-sites-11595073601 iOS 13.6: Apple Just Gave iPhone Users 29 Security Reasons To Update Now www.forbes.com/sites/kateoflahertyuk/2020/07/19/ios-136-apple-just-gave-iphone-users-29-security-reasons-to-update-now/ Apple’s iOS 13.6 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.