Daily NCSC-FI news followup 2020-10-22

Psykoterapiakeskus Vastaamon kiristäjä julkaisi yöllä lisää erittäin arkaluontoisia potilaskertomuksia

yle.fi/uutiset/3-11606925 Psykoterapiakeskus Vastaamoa kiristävä henkilö on julkaissut yöllä Tor-verkossa lisää varastamiaan potilastietoja. Potilastiedoista ilmenee Vastaamon asiakkaiden nimet, osoitteet, henkilötunnukset ja potilaskertomukset.. katso myös

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_jatkaa_epaillyn_torkean_tietomurron_tutkintaa_uhreja_pyydetaan_tekemaan_rikosilmoitus_94140?language=fi

Toimi näin, jos epäilet joutuneesi tietovuodon uhriksi

yle.fi/uutiset/3-11608585 Kyberturvallisuuskeskus ja rikosuhripäivystys ovat koonneet toimintaohjeet tietovuodon uhriksi joutuneille.. katso myös

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/neuvoja-identiteettivarkauden-tai-tietovuodon-uhrille

US govt: Iran behind fake Proud Boys voter intimidation emails

www.bleepingcomputer.com/news/government/us-govt-iran-behind-fake-proud-boys-voter-intimidation-emails/ The US govt has stated that Iran is behind threatening emails sent to Democratic voters warning that they must vote for Trump or face consequences.

Iranian APT Actors Threaten Election-Related Systems

us-cert.cisa.gov/ncas/alerts/aa20-296b The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.

Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

us-cert.cisa.gov/ncas/alerts/aa20-296a Since at least September 2020, a Russian state-sponsored APT actorknown variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala in open-source reportinghas conducted a campaign against a wide variety of U.S. targets. . The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.

OP varoittaa erittäin vakuuttavista huijausviesteistä: Näin toimii vain rikollinen

www.is.fi/digitoday/tietoturva/art-2000006677551.html OP:n asiakkaille on lähetetty vakuuttavia ja valheellisia sähköposteja.

Microsoft Teams Phishing Attack Targets Office 365 Users

threatpost.com/microsoft-teams-phishing-office-365/160458/ Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a missed chat from Microsoft Teams.

Hacker says he correctly guessed Trumps Twitter passwordit was maga2020!

arstechnica.com/tech-policy/2020/10/hacker-says-he-correctly-guessed-trumps-twitter-password-it-was-maga2020/ A security researcher reportedly logged in to President Trump’s Twitter account last week by guessing the passwordit was “maga2020!”and then alerted the US government that Trump needed to upgrade his Twitter security practices.

French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected

www.theregister.com/2020/10/22/sopra_steria_ryuk_ransomware_reports/ You know, the firm that runs half of NHS Business Services

EU sanctions Russian hackers over 2015 German parliament attack

www.bleepingcomputer.com/news/security/eu-sanctions-russian-hackers-over-2015-german-parliament-attack/ The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag).. Dmitry Sergeyevich Badin and Igor Olegovich Kostyukov are the two military intelligence officers sanctioned today, both of them known members of the GTsSS (an APT group also tracked as APT28, Fancy Bear, Sofacy Group, Sednit, and Strontium) which is also a target of today’s restrictive measures imposed by the Council of the EU decision.

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/ Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix.

On the trail of the XMRig miner

securelist.com/miner-xmrig/99151/

Enhancing Threat Hunting with MITRE ATT&CK

blog.checkpoint.com/2020/10/22/enhancing-threat-hunting-with-mitre-attck/

You might be interested in …

Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts o365blog.com/post/phishing/ Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/ U.S. Bookstore giant Barnes & Noble has disclosed that they […]

Read More

Daily NCSC-FI news followup 2019-08-24

Kyberhyökkäykset ravistelevat suomalaiskuntia Tampere: “Harjoittelemme säännöllisesti” www.tivi.fi/uutiset/tv/d884768a-4cba-4abb-b990-64620669935d Sähköpostihuijareiden toimintatapoja tarkemmin – eiliseen 80 huijarin kiinniottoon liittyvä analyysi garwarner.blogspot.com/2019/08/los-angeles-court-charges-80-nigerians.html Fortnite-pelin huijausohjelma sisältääkin haittaohjelman ja vaatii lunnaat www.kaspersky.com/blog/ransomware-in-fortnite-cheats/28104/ FireEyen tuore raportti sote-sektorin toistuvasta kohdennuksesta ja altistumisesta tietovuodoille www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Facebook jakoi vuosittaisen Internet Defence Prize -palkintonsa saksalaisille tutkijoille: 100’000 USD uudesta suojausmekanismista. www.zdnet.com/article/facebook-awards-100000-prize-for-new-code-isolation-technique/ Esineiden internet: älyuunit päälle keskellä […]

Read More

Daily NCSC-FI news followup 2019-07-18

Bulgarias biggest leak: Suspect arrested after cyber attack www.euronews.com/2019/07/17/bulgaria-s-biggest-leak-suspect-arrested-after-cyber-attack Bulgarian police said on Wednesday they have arrested a suspect for a cyber attack on the country’s National Revenue Agency (NRA), which led to the leak of personal and financial data of millions of people.. Also www.grahamcluley.com/security-researcher-arrested-after-data-on-every-adult-in-bulgaria-hacked-from-government-site/. “Bulgarian anti-virus veteran Vesselin Bontchev tweeted a screenshot of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.