Tietoturvan suunnannäyttäjä -tunnustuksen voittajat tekevät korvaamatonta työtä yhteiskunnan kyberturvallisuuden hyväksi
www.epressi.com/tiedotteet/teknologia/tietoturvan-suunnannayttaja-tunnustuksen-voittajat-tekevat-korvaamatonta-tyota-yhteiskunnan-kyberturvallisuuden-hyvaksi.html Tietoturvan suunnannäyttäjä -tunnustus jaettiin 3.11.2020 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen ja Huoltovarmuuskeskuksen vuosittaisessa tietoturvaseminaarissa. Tunnustuksen saivat Jouko Katainen (Ilmarinen), Jussi Törhönen (Enfo), Tomi Vehkasalo (Aditro) ja Jani Räty (Aditro) tunnustuksena aktiivisesta yhteistyöstä Traficomin Kyberturvallisuuskeskuksen kanssa. Lue myös:
Vastaamon tietomurto aiheutti vyöryn: viikossa tehty yli 10 000 rekisterikieltopyyntöä, tavallisesti koko vuonna alle 300
yle.fi/uutiset/3-11628308 Psykoterapiakeskus Vastaamon tietomurto on saanut tuhannet suomalaiset tekemään Patentti- ja rekisterihallitukselle rekisterikieltopyynnön.
The NCSC Annual Review 2020
www.ncsc.gov.uk/news/annual-review-2020 Highlights from the last twelve months at the NCSC:
www.ncsc.gov.uk/files/Annual-Review-2020.pdf. Read also:
Miljoonan ihmisen tiedot vuotivat it-jäteille “Tällaista ei saisi tapahtua”
www.tivi.fi/uutiset/tv/9acacd54-c2a2-4340-919f-d016828140cf Folksamin verkkopalveluita käyttäneiden ihmisten arkaluonteisia tietoja on päätynyt esimerkiksi Facebookille, Googlelle, Microsoftille, LinkedInille ja Adobelle. Ruotsalainen vakuutusyhtiö Folksam kertoi tiistaina havainneensa, että yrityksen noin miljoonan asiakkaan tai sen sivuilla muuten vierailleen ihmisen henkilötietoja on vuotanut sen digitaalisille yhteistyökumppaneille. Lue myös:
Google tilkitsee Chromesta jo toisen vakavan turvallisuusaukon parin viikon sisällä
www.tivi.fi/uutiset/tv/c61e5878-861e-4bf9-ab2b-717b5a2781db Google Chrome 86.0.4240.183 on julkaistu ladattavaksi. Mukana on 10 turvallisuuspäivitystä, joista yksi aktiivisesti hyväksikäytettyyn ja aiemmin paikkaamattomaan aukkoon, kertoo ZDnet. Lue myös:
Maze operators claim they are shutting down
www.scmagazine.com/home/security-news/ransomware/maze-operators-claim-they-are-shutting-down/ One of the most powerful ransomware cartels on the web claims they are shutting down operations. In a bizarre open letter posted to their public website and dated Nov. 1, representatives from the group claimed in broken English that their “project” is “officially closed, ” and that the group never had any partners and doesn’t plan to bless any successor groups in the future. Read also:
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html Through Mandiant investigation of intrusions between February 2018 and September 2020, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks. UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection. UNC1945 demonstrated access to exploits, tools and malware for multiple operating systems, a disciplined interest in covering or manipulating their activity, and displayed advanced technical abilities during interactive operations. Mandiant discovered and reported to Oracle CVE-2020-14871, which was addressed in Oracle’s October 2020 Critical Patch Update. Mandiant recommends staying current on all current patch updates to ensure a high security posture. We will discuss this vulnerability in greater detail in a follow up blog post. Read also:
FireEye releases ThreatPursuit, a Windows VM for threat intel analysts
Google to GitHub: Time’s up this unfixed ‘high-severity’ security bug affects developers
www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/ No, GitHub, we can’t give you an extra two days for a flaw that we’ve already given you 104 days to fix, says Google. Read also:
Hospitals take action to avoid ransomware attacks, including pre-emptive email shut down
www.beckershospitalreview.com/cybersecurity/hospitals-take-action-to-avoid-ransomware-attacks-including-pre-emptive-email-shut-down.html Hospitals and health systems across the U.S. are on heightened alert and some are taking new action. Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center shut down its email to prevent cyberattacks, according to a local 7 News report. The hospital remains operational and has not reduced patient services. Online patient portals and the hospital’s website are still operating, according to the report.
Roundup: COVID-19 pandemic delivers extraordinary array of cybersecurity challenges
www.zdnet.com/article/roundup-the-coronavirus-pandemic-delivers-an-array-of-cyber-security-challenges/ As the COVID-19 outbreak threatens to overload the healthcare system and the global economy, it’s also having a powerful impact on the security of businesses and individuals.
Hospital ransomware: Gangs are back to target healthcare
blog.malwarebytes.com/ransomware/2020/11/ransomware-gangs-target-hospitals/ In late September, a chain of hospitals under the Universal Health Services (UHS), one of the largest healthcare providers in the United States, were hit with what appeared to be Ryuk ransomware. According to their official statement, they successfully provided patient care despite not being able to access their IT applications, largely because of back-up processes and offline documentation methods they already had in place. Thankfully, no patient and/or employee data were compromised during the attack.
Google Forms Used In Password-Stealing Spree: What You Need To Know
www.forbes.com/sites/daveywinder/2020/11/03/always-trust-google-here-are-256-password-stealing-reasons-you-shouldnt/ Seeing the google.com domain instills trust, which could lead to your password being compromised. Here’s what you need to know. Cybercriminals will use any, and every means possible to win your trust before going in for the kill. Security researchers at Zimperium have today revealed how that includes leveraging the trust that people have in the google.com domain. Here’s what they found and what you need to do to mitigate your risk of having your password and other credentials stolen.
Windows 10 bug: Certificates lost after feature upgrade? We’re working on fix, says Microsoft
www.zdnet.com/article/windows-10-bug-certificates-lost-after-feature-upgrade-were-working-on-fix-says-microsoft/ Microsoft confirms that upgrading to a newer version of Windows 10 sometimes results in lost certificates.
Malicious npm package opens backdoors on programmers’ computers
Q3 2020 Vulnerability Landscape
www.recordedfuture.com/q3-vulnerability-landscape/ This report examines high-risk vulnerabilities disclosed by major hardware and software vendors released from July 1 to September 30, 2020. Data was assembled from Recorded Future queries and public reporting on NVD data. This report does not attempt to summarize all vulnerabilities disclosed during this time period, but instead paints an overall picture of vulnerabilities disclosed in Q3 2020. Note that Recorded Future triggered risk rules are dynamic and apt to change after publication. Our client-only version of this report contains a full list of the vulnerabilities identified during the course of this research. Read also:
These software bugs are years old. But businesses still aren’t patching them
www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/ Almost two thirds of vulnerabilities on enterprise networks involve flaws which are over two years old which have not been patched, despite fixes being available. This lack of patching is putting businesses at risk of attacks which could often be easily avoided if security updates were applied.
SaltStack reveals new critical vulnerabilities, patch now
www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. Read also:
Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws
threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/ The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update. Read also:
Russian jailed for eight years in the US for writing code that sifted botnet logs for web banking creds for fraudsters
www.theregister.com/2020/11/02/botnet_brovko_jailed/ A Russian programmer has been sentenced to eight years behind bars in America for his part in a massive cybercriminal network that hacked into and drained victims’ bank accounts. Read also:
Analysis by Bitdefender found that 64 percent of all reported unpatched vulnerabilities during the first half of 2020 involve known bugs dating from 2018 and previous years, which means organisations are at risk from flaws that somebody should have fixed a long time ago
www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/ “The vast majority of organizations still have unpatched vulnerabilities that were identified anywhere between 2002 and 2018, ” the report said. Read also:
APT Groups Finding Success with Mix of Old and New Tools
threatpost.com/apt-groups-success-mix-tools/160927/ Advanced persistent threat (APT) groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. That’s according to Kaspersky’s most recent APT trends report for Q3 2020, which found that some groups are innovating and pushing technical boundaries, while others take a more low-tech approach, honing messaging around COVID, the elections and other headlines. Read also: securelist.com/apt-trends-report-q3-2020/99204/
Blackbaud sued in 23 class action lawsuits after ransomware attack
www.bleepingcomputer.com/news/security/blackbaud-sued-in-23-class-action-lawsuits-after-ransomware-attack/ Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020.
Look What Was Left On USB Drives Sold On eBay
www.forbes.com/sites/barrycollins/2020/11/03/passwords-bank-statements-and-cvs-left-on-usb-drives-sold-on-ebay/ Two thirds of USB drives bought off eBay contain some kind of retrievable personal data, according to a study conducted by British academics.
N-Day Vulnerabilities: How They Threaten Your ICS Systems’ Security
www.tripwire.com/state-of-security/featured/n-day-vulnerabilities-ics-systems-security/ In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors. These individuals were successful in their efforts because they employed a variety of attack vectors. Overall, ClearSky found that their most effective attack vector was the exploitation of “1-day” vulnerabilities in unpatched VPN solutions for the purpose of infiltrating and compromising critical corporate information storages.
Öljynporaaja on nettihuijarien trendiammatti netissä tavaroitaan myyvä huijataan koukkuun ja sitten alkaa erikoisten maksujen lypsäminen
www.mtvuutiset.fi/artikkeli/oljynporaaja-on-nettihuijarien-trendiammatti-netissa-tavaroitaan-myyva-huijataan-koukkuun-ja-sitten-alkaa-erikoisten-maksujen-lypsaminen/7972720 Twitterissä eilen kerrottiin tapauksesta, jossa huonekalujaan Tori.fi:ssä kaupannut joutui huijausyrityksen kohteeksi. Poliisi tunnisti kuvion tutuksi, mutta siinä todettiin myös aiemmin poliisin tietoon tulemattomia yksityiskohtia.