Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa?

yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja.

Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona 4.11.2020. Epäilty on tunnustanut teon. Poliisi suhtautuu uhkauksiin aina vakavasti ja muistuttaa, että uhkailuilla on aina vakavat seuraamukset.

Tapaus Vastaamo toi esiin valkohattuiset hakkerit mitä he oikein tekevät?

www.is.fi/digitoday/tietoturva/art-2000007020423.html Yhteiskunnan parantaminen tietojärjestelmien heikkouksia penkomalla on saanut potkua Vastaamon kiristystapauksesta. Tällaisia ovat hyvät hakkerit.

Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file

www.theregister.com/2020/11/05/deloitte_hacker_test/ The site, found at the insecure non-HTTPS URL

deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database.

Mastonpolttajille haastetta: 5g voi tulla avaruudesta

www.tivi.fi/uutiset/tv/b9c5f00e-8555-4e36-a478-3523f68fcbb5 Kaksi brittifirmaa kehittää menetelmää, jossa 5g-tukiasemat sijaitsevat korkealla stratosfäärissä.

Millä perustein tietovuodon uhri voi muuttaa henkilötunnustaan? Digi- ja väestövirastolle tehty jo kymmeniä hakemuksia

www.tivi.fi/uutiset/tv/90872556-364a-48ce-bc51-6566375ddced Milloin henkilötunnusta on sitten mahdollista vaihtaa? Virheen korjaamisen ja sukupuolen juridisen vahvistamisen lisäksi henkilötunnus voidaan muuttaa väestötietojärjestelmästä säädetyn lain mukaan myös silloin, kun henkilön terveyteen tai turvallisuuteen kohdistuu ilmeinen ja pysyvä uhka. Käytännössä tämä tarkoittaa sitä, että henkilö on vaarassa joutua henkirikoksen tai pahoinpitelyn uhriksi. Lisäksi henkilötunnus voidaan muuttaa, jos joku muu on käyttänyt sitä toistuvasti väärin aiheuttaen taloudellista tai muuta haittaa henkilötunnuksen omistajalle. Taloudellista haittaa voi koitua, jos henkilötunnusta käytetään esimerkiksi luoton nostamiseen tai verkkokauppaostoksiin.

Russian authorities make rare arrest of malware author

www.zdnet.com/article/russian-authorities-make-rare-arrest-of-malware-author/ Malware dev made the grave error of deploying his malware inside Russia’s borders.

Company that runs US illegal immigration detention centers discloses ransomware attack

www.zdnet.com/article/company-that-runs-us-illegal-immigration-detention-centers-discloses-ransomware-attack/ Data for inmates and employees at three centers in California, Florida, and Pennsylvania was exposed in a ransomware attack on August 19.

Mysterious APT Leaves Curious KilllSomeOne’ Clue

threatpost.com/apt-leaves-killlsomeone-clue/160975/ Researchers are scratching their heads when it comes to unmasking a new advanced persistent threat (APT) group targeting non-governmental organizations in the Southeast Asian nation Myanmar (formerly Burma). Read also:

news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/

In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover CVE-2020-14871

www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html The security vulnerability occurs in the Pluggable Authentication Modules (PAM) library. PAM enables a Solaris application to authenticate users while allowing the system administrator to configure authentication parameters (e.g., password complexity and expiration) in one location that is consistently enforced by all applications.

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/ The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too.

Why Paying to Delete Stolen Data is Bonkers

krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/ Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway. Read also:

www.bleepingcomputer.com/news/security/scam-psa-ransomware-gangs-dont-always-delete-stolen-data-when-paid/

Japanese game dev Capcom hit by cyberattack, business impacted

www.bleepingcomputer.com/news/security/japanese-game-dev-capcom-hit-by-cyberattack-business-impacted/ Japanese game developer Capcom has disclosed that they suffered a cyberattack over the weekend that is impacting business operations, including email systems.. Read also:

www.zdnet.com/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/ as well as:

www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/

KRP: Vastaamo-kiristäjästä satoja vihjeitä tapauksesta jo 25 000 rikosilmoitusta

www.is.fi/digitoday/tietoturva/art-2000007216107.html Kiristäjän jäljittämisen ohella poliisi tutkii, täyttääkö Vastaamon toiminta rikoksen tunnusmerkit.

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

thehackernews.com/2020/11/premium-rate-phone-fraudsters-hack-voip.html Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1, 200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the threat actors believed to be located in the Palestinian Gaza Strip have targeted Sangoma PBX, an open-sourced user interface that’s used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol (SIP) servers. Read also:

blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/

Cisco Releases Security Updates for Multiple Products

us-cert.cisa.gov/ncas/current-activity/2020/11/05/cisco-releases-security-updates-multiple-products Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Read also:

tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

Sailing in the Sea of IoT

securityintelligence.com/posts/swimming-sea-of-iot/ Operational technology (OT), IoT and Internet of Medical things (IoMT) have been shaping productivity for decades, and each device is becoming smarter’ with every release. More and more, employers are asking security professionals to secure all these devices. This means bringing them into the world of IT and including them in our vulnerability management programs. Hop aboard this tour of this

Attacks on industrial enterprises using RMS and TeamViewer: new data

securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer-new-data/99206/ In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Read also:

ics-cert.kaspersky.com/media/Kaspersky-Attacks-on-industrial-enterprises-using-RMS-and-TeamViewer-EN.pdf

Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists

www.recordedfuture.com/q3-malware-trends/ In the third quarter of 2020, Recorded Future observed major expansions in the tactics, techniques, and procedures (TTPs) of prominent ransomware operators, including the targeting of educational institutions and a continued increase in new ransomware operators using extortion tactics. Between July and October 2020, we identified the development of five new ransomware extortion websites. In . Read also: go.recordedfuture.com/hubfs/reports/cta-2020-1105.pdf

You might be interested in …

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Read More

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Daily NCSC-FI news followup 2019-09-23

Dear network operators, please use the existing tools to fix security www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/ Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.. Routers use the Border Gateway Protocol (BGP) to tell each other the current […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.