Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa?
yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja.
Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa
www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona 4.11.2020. Epäilty on tunnustanut teon. Poliisi suhtautuu uhkauksiin aina vakavasti ja muistuttaa, että uhkailuilla on aina vakavat seuraamukset.
Tapaus Vastaamo toi esiin valkohattuiset hakkerit mitä he oikein tekevät?
www.is.fi/digitoday/tietoturva/art-2000007020423.html Yhteiskunnan parantaminen tietojärjestelmien heikkouksia penkomalla on saanut potkua Vastaamon kiristystapauksesta. Tällaisia ovat hyvät hakkerit.
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
www.theregister.com/2020/11/05/deloitte_hacker_test/ The site, found at the insecure non-HTTPS URL
deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database.
Mastonpolttajille haastetta: 5g voi tulla avaruudesta
www.tivi.fi/uutiset/tv/b9c5f00e-8555-4e36-a478-3523f68fcbb5 Kaksi brittifirmaa kehittää menetelmää, jossa 5g-tukiasemat sijaitsevat korkealla stratosfäärissä.
Millä perustein tietovuodon uhri voi muuttaa henkilötunnustaan? Digi- ja väestövirastolle tehty jo kymmeniä hakemuksia
www.tivi.fi/uutiset/tv/90872556-364a-48ce-bc51-6566375ddced Milloin henkilötunnusta on sitten mahdollista vaihtaa? Virheen korjaamisen ja sukupuolen juridisen vahvistamisen lisäksi henkilötunnus voidaan muuttaa väestötietojärjestelmästä säädetyn lain mukaan myös silloin, kun henkilön terveyteen tai turvallisuuteen kohdistuu ilmeinen ja pysyvä uhka. Käytännössä tämä tarkoittaa sitä, että henkilö on vaarassa joutua henkirikoksen tai pahoinpitelyn uhriksi. Lisäksi henkilötunnus voidaan muuttaa, jos joku muu on käyttänyt sitä toistuvasti väärin aiheuttaen taloudellista tai muuta haittaa henkilötunnuksen omistajalle. Taloudellista haittaa voi koitua, jos henkilötunnusta käytetään esimerkiksi luoton nostamiseen tai verkkokauppaostoksiin.
Russian authorities make rare arrest of malware author
www.zdnet.com/article/russian-authorities-make-rare-arrest-of-malware-author/ Malware dev made the grave error of deploying his malware inside Russia’s borders.
Company that runs US illegal immigration detention centers discloses ransomware attack
www.zdnet.com/article/company-that-runs-us-illegal-immigration-detention-centers-discloses-ransomware-attack/ Data for inmates and employees at three centers in California, Florida, and Pennsylvania was exposed in a ransomware attack on August 19.
Mysterious APT Leaves Curious KilllSomeOne’ Clue
threatpost.com/apt-leaves-killlsomeone-clue/160975/ Researchers are scratching their heads when it comes to unmasking a new advanced persistent threat (APT) group targeting non-governmental organizations in the Southeast Asian nation Myanmar (formerly Burma). Read also:
news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/
In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover CVE-2020-14871
www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html The security vulnerability occurs in the Pluggable Authentication Modules (PAM) library. PAM enables a Solaris application to authenticate users while allowing the system administrator to configure authentication parameters (e.g., password complexity and expiration) in one location that is consistently enforced by all applications.
QBot Trojan delivered via malspam campaign exploiting US election uncertainties
blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/ The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too.
Why Paying to Delete Stolen Data is Bonkers
krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/ Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway. Read also:
Japanese game dev Capcom hit by cyberattack, business impacted
www.bleepingcomputer.com/news/security/japanese-game-dev-capcom-hit-by-cyberattack-business-impacted/ Japanese game developer Capcom has disclosed that they suffered a cyberattack over the weekend that is impacting business operations, including email systems.. Read also:
www.zdnet.com/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/ as well as:
www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/
KRP: Vastaamo-kiristäjästä satoja vihjeitä tapauksesta jo 25 000 rikosilmoitusta
www.is.fi/digitoday/tietoturva/art-2000007216107.html Kiristäjän jäljittämisen ohella poliisi tutkii, täyttääkö Vastaamon toiminta rikoksen tunnusmerkit.
Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies
thehackernews.com/2020/11/premium-rate-phone-fraudsters-hack-voip.html Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1, 200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the threat actors believed to be located in the Palestinian Gaza Strip have targeted Sangoma PBX, an open-sourced user interface that’s used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol (SIP) servers. Read also:
Cisco Releases Security Updates for Multiple Products
us-cert.cisa.gov/ncas/current-activity/2020/11/05/cisco-releases-security-updates-multiple-products Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Read also:
tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Sailing in the Sea of IoT
securityintelligence.com/posts/swimming-sea-of-iot/ Operational technology (OT), IoT and Internet of Medical things (IoMT) have been shaping productivity for decades, and each device is becoming smarter’ with every release. More and more, employers are asking security professionals to secure all these devices. This means bringing them into the world of IT and including them in our vulnerability management programs. Hop aboard this tour of this
Attacks on industrial enterprises using RMS and TeamViewer: new data
securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer-new-data/99206/ In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Read also:
Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
www.recordedfuture.com/q3-malware-trends/ In the third quarter of 2020, Recorded Future observed major expansions in the tactics, techniques, and procedures (TTPs) of prominent ransomware operators, including the targeting of educational institutions and a continued increase in new ransomware operators using extortion tactics. Between July and October 2020, we identified the development of five new ransomware extortion websites. In . Read also: go.recordedfuture.com/hubfs/reports/cta-2020-1105.pdf