Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi:

yle.fi/uutiset/3-11637719

Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja parantamaan tietosuojaa

yle.fi/uutiset/3-11638974 Liikenne- ja viestintäministeriö (LVM) on asettanut työryhmän, jonka tehtävänä on kartoittaa yhteiskunnan toiminnan kannalta keskeisten toimialojen tietoturvaa, ministeriö kertoo tiedotteessaan.

Compal, the second-largest laptop manufacturer in the world, hit by ransomware – Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu

www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/ Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal employees with Yahoo Taiwan reporters. Lisäksi:

www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/

Le malware-as-a-service Emotet

www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-010/ Observé pour la première fois en 2014 en tant que cheval de Troie bancaire, Emotet a évolué vers une structure modulaire à partir de 2015. Depuis 2017, Emotet distribue, au sein des systèmes d’information qu’il infecte, des codes malveillants opérés par des groupes d’attaquants cybercriminels clients de TA542.

Active Directory Attacks – Red It Out

packetstormsecurity.com/files/159968/red-it-out.pdf This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network.

RDP and the remote desktop

blogs.cisco.com/security/rdp-and-the-remote-desktop There are two sides to the shift to remote work. On one side, you need to ensure that your people have access to equipment that will allow them to perform their day-to-day tasks. On the other, there needs to be a way to connect back to company resources that will help workers complete those tasks.

Fake Microsoft Teams updates lead to Cobalt Strike deployment

www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.

Ghimob: a Tétrade threat actor moves to infect mobile devices

securelist.com/ghimob-tetrade-threat-mobile-devices/99228/ Ghimob is a full-fledged spy in your pocket: once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioral systems.

Ultimate Member Plugin for WordPress Allows Site Takeover

threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/ A WordPress plugin installed on more than 100, 000 sites has three critical security bugs that each allow privilege escalation and potentially full control over a target WordPress site.

Microsoft Exchange Attack Exposes New xHunt Backdoors

threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/ Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait

Insecure APIs a Growing Risk for Organizations

www.darkreading.com/application-security/insecure-apis-a-growing-risk-for-organizations/d/d-id/1339402 Security models for application programming interfaces haven’t kept pace with requirements of a non-perimeter world, Forrester says.

Ransomware hits e-commerce platform X-Cart

www.zdnet.com/article/ransomware-hits-e-commerce-platform-x-cart E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform.

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

unit42.paloaltonetworks.com/xhunt-campaign-backdoors/ The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait.

You might be interested in …

Daily NCSC-FI news followup 2020-06-19

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy krebsonsecurity.com/2020/06/fema-it-specialist-charged-in-id-theft-tax-refund-fraud-conspiracy/ An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and […]

Read More

Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial […]

Read More

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.