Daily NCSC-FI news followup 2020-11-03

Tietoturvan suunnannäyttäjä -tunnustuksen voittajat tekevät korvaamatonta työtä yhteiskunnan kyberturvallisuuden hyväksi

www.epressi.com/tiedotteet/teknologia/tietoturvan-suunnannayttaja-tunnustuksen-voittajat-tekevat-korvaamatonta-tyota-yhteiskunnan-kyberturvallisuuden-hyvaksi.html Tietoturvan suunnannäyttäjä -tunnustus jaettiin 3.11.2020 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen ja Huoltovarmuuskeskuksen vuosittaisessa tietoturvaseminaarissa. Tunnustuksen saivat Jouko Katainen (Ilmarinen), Jussi Törhönen (Enfo), Tomi Vehkasalo (Aditro) ja Jani Räty (Aditro) tunnustuksena aktiivisesta yhteistyöstä Traficomin Kyberturvallisuuskeskuksen kanssa. Lue myös:

www.tivi.fi/uutiset/tv/7d1639eb-94bc-452a-ab6b-0058bb0cbb51

Vastaamon tietomurto aiheutti vyöryn: viikossa tehty yli 10 000 rekisterikieltopyyntöä, tavallisesti koko vuonna alle 300

yle.fi/uutiset/3-11628308 Psykoterapiakeskus Vastaamon tietomurto on saanut tuhannet suomalaiset tekemään Patentti- ja rekisterihallitukselle rekisterikieltopyynnön.

The NCSC Annual Review 2020

www.ncsc.gov.uk/news/annual-review-2020 Highlights from the last twelve months at the NCSC:

www.ncsc.gov.uk/files/Annual-Review-2020.pdf. Read also:

www.theregister.com/2020/11/03/ncsc_annual_report_nhs_ransomware/. As well as:

www.zdnet.com/article/cybersecurity-one-in-three-attacks-are-coronavirus-related/ and

www.ncsc.gov.uk/news/ncsc-defends-uk-700-cyber-attack-national-pandemic

Miljoonan ihmisen tiedot vuotivat it-jäteille “Tällaista ei saisi tapahtua”

www.tivi.fi/uutiset/tv/9acacd54-c2a2-4340-919f-d016828140cf Folksamin verkkopalveluita käyttäneiden ihmisten arkaluonteisia tietoja on päätynyt esimerkiksi Facebookille, Googlelle, Microsoftille, LinkedInille ja Adobelle. Ruotsalainen vakuutusyhtiö Folksam kertoi tiistaina havainneensa, että yrityksen noin miljoonan asiakkaan tai sen sivuilla muuten vierailleen ihmisen henkilötietoja on vuotanut sen digitaalisille yhteistyökumppaneille. Lue myös:

www.tivi.fi/uutiset/tv/499da4a9-ef10-4ae2-b8dc-0a92bce8b94d ja

www.bleepingcomputer.com/news/security/folksam-data-breach-leaks-info-of-1m-swedes-to-google-facebook-more/. Ja:

www.reuters.com/article/us-dataprotection-folksam-leak/folksam-leak-shares-data-of-1-million-swedes-with-tech-giants-idUSKBN27J1VA

Google tilkitsee Chromesta jo toisen vakavan turvallisuusaukon parin viikon sisällä

www.tivi.fi/uutiset/tv/c61e5878-861e-4bf9-ab2b-717b5a2781db Google Chrome 86.0.4240.183 on julkaistu ladattavaksi. Mukana on 10 turvallisuuspäivitystä, joista yksi aktiivisesti hyväksikäytettyyn ja aiemmin paikkaamattomaan aukkoon, kertoo ZDnet. Lue myös:

www.zdnet.com/article/google-patches-second-chrome-zero-day-in-two-weeks/ and

www.bleepingcomputer.com/news/security/google-patches-one-more-actively-exploited-chrome-zero-day/. Ja:

thehackernews.com/2020/11/new-chrome-zero-day-under-active.html

Maze operators claim they are shutting down

www.scmagazine.com/home/security-news/ransomware/maze-operators-claim-they-are-shutting-down/ One of the most powerful ransomware cartels on the web claims they are shutting down operations. In a bizarre open letter posted to their public website and dated Nov. 1, representatives from the group claimed in broken English that their “project” is “officially closed, ” and that the group never had any partners and doesn’t plan to bless any successor groups in the future. Read also:

www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/ and

blog.malwarebytes.com/ransomware/2020/11/maze-ransomware-gang-announces-retirement/

Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945

www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html Through Mandiant investigation of intrusions between February 2018 and September 2020, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks. UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection. UNC1945 demonstrated access to exploits, tools and malware for multiple operating systems, a disciplined interest in covering or manipulating their activity, and displayed advanced technical abilities during interactive operations. Mandiant discovered and reported to Oracle CVE-2020-14871, which was addressed in Oracle’s October 2020 Critical Patch Update. Mandiant recommends staying current on all current patch updates to ensure a high security posture. We will discuss this vulnerability in greater detail in a follow up blog post. Read also:

www.zdnet.com/article/hacker-group-uses-solaris-zero-day-to-breach-corporate-networks/

FireEye releases ThreatPursuit, a Windows VM for threat intel analysts

www.zdnet.com/article/fireeye-releases-threatpursuit-a-windows-vm-for-threat-intel-analysts/ Check also: github.com/fireeye/ThreatPursuit-VM

Google to GitHub: Time’s up this unfixed ‘high-severity’ security bug affects developers

www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/ No, GitHub, we can’t give you an extra two days for a flaw that we’ve already given you 104 days to fix, says Google. Read also:

bugs.chromium.org/p/project-zero/issues/detail?id=2070 and

github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/. As well as:

www.theregister.com/2020/11/03/google_project_zero_github_flaw_deadline/

Hospitals take action to avoid ransomware attacks, including pre-emptive email shut down

www.beckershospitalreview.com/cybersecurity/hospitals-take-action-to-avoid-ransomware-attacks-including-pre-emptive-email-shut-down.html Hospitals and health systems across the U.S. are on heightened alert and some are taking new action. Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center shut down its email to prevent cyberattacks, according to a local 7 News report. The hospital remains operational and has not reduced patient services. Online patient portals and the hospital’s website are still operating, according to the report.

Roundup: COVID-19 pandemic delivers extraordinary array of cybersecurity challenges

www.zdnet.com/article/roundup-the-coronavirus-pandemic-delivers-an-array-of-cyber-security-challenges/ As the COVID-19 outbreak threatens to overload the healthcare system and the global economy, it’s also having a powerful impact on the security of businesses and individuals.

Hospital ransomware: Gangs are back to target healthcare

blog.malwarebytes.com/ransomware/2020/11/ransomware-gangs-target-hospitals/ In late September, a chain of hospitals under the Universal Health Services (UHS), one of the largest healthcare providers in the United States, were hit with what appeared to be Ryuk ransomware. According to their official statement, they successfully provided patient care despite not being able to access their IT applications, largely because of back-up processes and offline documentation methods they already had in place. Thankfully, no patient and/or employee data were compromised during the attack.

Google Forms Used In Password-Stealing Spree: What You Need To Know

www.forbes.com/sites/daveywinder/2020/11/03/always-trust-google-here-are-256-password-stealing-reasons-you-shouldnt/ Seeing the google.com domain instills trust, which could lead to your password being compromised. Here’s what you need to know. Cybercriminals will use any, and every means possible to win your trust before going in for the kill. Security researchers at Zimperium have today revealed how that includes leveraging the trust that people have in the google.com domain. Here’s what they found and what you need to do to mitigate your risk of having your password and other credentials stolen.

Windows 10 bug: Certificates lost after feature upgrade? We’re working on fix, says Microsoft

www.zdnet.com/article/windows-10-bug-certificates-lost-after-feature-upgrade-were-working-on-fix-says-microsoft/ Microsoft confirms that upgrading to a newer version of Windows 10 sometimes results in lost certificates.

Malicious npm package opens backdoors on programmers’ computers

www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/ JavaScript library posing as a Twilio-related library opens backdoors to let attackers access infected workstations.

Q3 2020 Vulnerability Landscape

www.recordedfuture.com/q3-vulnerability-landscape/ This report examines high-risk vulnerabilities disclosed by major hardware and software vendors released from July 1 to September 30, 2020. Data was assembled from Recorded Future queries and public reporting on NVD data. This report does not attempt to summarize all vulnerabilities disclosed during this time period, but instead paints an overall picture of vulnerabilities disclosed in Q3 2020. Note that Recorded Future triggered risk rules are dynamic and apt to change after publication. Our client-only version of this report contains a full list of the vulnerabilities identified during the course of this research. Read also:

go.recordedfuture.com/hubfs/reports/cta-2020-1103.pdf

These software bugs are years old. But businesses still aren’t patching them

www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/ Almost two thirds of vulnerabilities on enterprise networks involve flaws which are over two years old which have not been patched, despite fixes being available. This lack of patching is putting businesses at risk of attacks which could often be easily avoided if security updates were applied.

SaltStack reveals new critical vulnerabilities, patch now

www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today. Read also:

www.saltstack.com/blog/active-saltstack-cve-announced-10-30-20/ and

www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/ The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update. Read also:

www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-acrobat-reader/

Russian jailed for eight years in the US for writing code that sifted botnet logs for web banking creds for fraudsters

www.theregister.com/2020/11/02/botnet_brovko_jailed/ A Russian programmer has been sentenced to eight years behind bars in America for his part in a massive cybercriminal network that hacked into and drained victims’ bank accounts. Read also:

www.zdnet.com/article/russian-hacker-jailed-over-botnet-data-scraping-scheme-that-drained-victim-bank-accounts/. And:

threatpost.com/100m-botnet-russian-cybercriminal-8-years-jail/160852/

Analysis by Bitdefender found that 64 percent of all reported unpatched vulnerabilities during the first half of 2020 involve known bugs dating from 2018 and previous years, which means organisations are at risk from flaws that somebody should have fixed a long time ago

www.zdnet.com/article/these-software-bugs-are-years-old-but-businesses-still-arent-patching-them/ “The vast majority of organizations still have unpatched vulnerabilities that were identified anywhere between 2002 and 2018, ” the report said. Read also:

www.bitdefender.com/files/News/CaseStudies/study/378/Bitdefender-Whitepaper-2020-Business-Threat-Landscape-Report.pdf

APT Groups Finding Success with Mix of Old and New Tools

threatpost.com/apt-groups-success-mix-tools/160927/ Advanced persistent threat (APT) groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. That’s according to Kaspersky’s most recent APT trends report for Q3 2020, which found that some groups are innovating and pushing technical boundaries, while others take a more low-tech approach, honing messaging around COVID, the elections and other headlines. Read also: securelist.com/apt-trends-report-q3-2020/99204/

Blackbaud sued in 23 class action lawsuits after ransomware attack

www.bleepingcomputer.com/news/security/blackbaud-sued-in-23-class-action-lawsuits-after-ransomware-attack/ Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020.

Look What Was Left On USB Drives Sold On eBay

www.forbes.com/sites/barrycollins/2020/11/03/passwords-bank-statements-and-cvs-left-on-usb-drives-sold-on-ebay/ Two thirds of USB drives bought off eBay contain some kind of retrievable personal data, according to a study conducted by British academics.

N-Day Vulnerabilities: How They Threaten Your ICS Systems’ Security

www.tripwire.com/state-of-security/featured/n-day-vulnerabilities-ics-systems-security/ In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors. These individuals were successful in their efforts because they employed a variety of attack vectors. Overall, ClearSky found that their most effective attack vector was the exploitation of “1-day” vulnerabilities in unpatched VPN solutions for the purpose of infiltrating and compromising critical corporate information storages.

Öljynporaaja on nettihuijarien trendiammatti netissä tavaroitaan myyvä huijataan koukkuun ja sitten alkaa erikoisten maksujen lypsäminen

www.mtvuutiset.fi/artikkeli/oljynporaaja-on-nettihuijarien-trendiammatti-netissa-tavaroitaan-myyva-huijataan-koukkuun-ja-sitten-alkaa-erikoisten-maksujen-lypsaminen/7972720 Twitterissä eilen kerrottiin tapauksesta, jossa huonekalujaan Tori.fi:ssä kaupannut joutui huijausyrityksen kohteeksi. Poliisi tunnisti kuvion tutuksi, mutta siinä todettiin myös aiemmin poliisin tietoon tulemattomia yksityiskohtia.

You might be interested in …

Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of […]

Read More

Daily NCSC-FI news followup 2020-03-26

Coronavirus as a hook www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/ We tell how the coronavirus scare is being exploited by phishers to attack companies and install malware. E-mails imitating business correspondence with malicious attachments are nothing new. Weve been observing them in junk traffic for the last three years at least. The more precise the fake, the higher the likelihood […]

Read More

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.