Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi:


Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja parantamaan tietosuojaa

yle.fi/uutiset/3-11638974 Liikenne- ja viestintäministeriö (LVM) on asettanut työryhmän, jonka tehtävänä on kartoittaa yhteiskunnan toiminnan kannalta keskeisten toimialojen tietoturvaa, ministeriö kertoo tiedotteessaan.

Compal, the second-largest laptop manufacturer in the world, hit by ransomware – Compal factories build laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu

www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/ Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal employees with Yahoo Taiwan reporters. Lisäksi:


Le malware-as-a-service Emotet

www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-010/ Observé pour la première fois en 2014 en tant que cheval de Troie bancaire, Emotet a évolué vers une structure modulaire à partir de 2015. Depuis 2017, Emotet distribue, au sein des systèmes d’information qu’il infecte, des codes malveillants opérés par des groupes d’attaquants cybercriminels clients de TA542.

Active Directory Attacks – Red It Out

packetstormsecurity.com/files/159968/red-it-out.pdf This paper is focused on the Active directory attacks and various techniques which can be used by an attacker to abuse an AD environment in an enterprise network.

RDP and the remote desktop

blogs.cisco.com/security/rdp-and-the-remote-desktop There are two sides to the shift to remote work. On one side, you need to ensure that your people have access to equipment that will allow them to perform their day-to-day tasks. On the other, there needs to be a way to connect back to company resources that will help workers complete those tasks.

Fake Microsoft Teams updates lead to Cobalt Strike deployment

www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.

Ghimob: a Tétrade threat actor moves to infect mobile devices

securelist.com/ghimob-tetrade-threat-mobile-devices/99228/ Ghimob is a full-fledged spy in your pocket: once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioral systems.

Ultimate Member Plugin for WordPress Allows Site Takeover

threatpost.com/ultimate-member-plugin-wordpress-site-takeover/161053/ A WordPress plugin installed on more than 100, 000 sites has three critical security bugs that each allow privilege escalation and potentially full control over a target WordPress site.

Microsoft Exchange Attack Exposes New xHunt Backdoors

threatpost.com/microsoft-exchange-attack-xhunt-backdoors/161041/ Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait

Insecure APIs a Growing Risk for Organizations

www.darkreading.com/application-security/insecure-apis-a-growing-risk-for-organizations/d/d-id/1339402 Security models for application programming interfaces haven’t kept pace with requirements of a non-perimeter world, Forrester says.

Ransomware hits e-commerce platform X-Cart

www.zdnet.com/article/ransomware-hits-e-commerce-platform-x-cart E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform.

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

unit42.paloaltonetworks.com/xhunt-campaign-backdoors/ The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait.

You might be interested in …

Daily NCSC-FI news followup 2020-09-13

BLINDSIDE – A Speculative Execution Attack www.vusec.net/projects/blindside/ BlindSide allows attackers to hack blind in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory […]

Read More

Daily NCSC-FI news followup 2021-01-26

Poliisi tutkii jälleen huijauksia Mieheltä vietiin lähes 300 000 euroa poliisi.fi/-/poliisi-tutkii-jalleen-huijauksia-miehelta-vietiin-lahes-300-000-euroa Helsingin poliisi tutkii kahta erillistä tapausta, joissa uhreilta huijattiin puhelimitse ja sähköpostitse rahaa. Also: www.is.fi/digitoday/art-2000007763427.html CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating […]

Read More

Daily NCSC-FI news followup 2020-06-13

Fraudster gets maximum jail time for news site DDoS extortion www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/ Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500, 000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites. Microsoft […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.