Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea

yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.”

Australian government warns of possible ransomware attacks on health sector

www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. ACSC lähde:

www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector. Katso myös:

umbrella.cisco.com/blog/healthcare-industry-under-threat-of-trojan-and-ransomware-attacks

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/ Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. Microsoftin lähde:

blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/

Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices

blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/ With the low low detected rate on VT, and newly added IoT support, we think it is worthing providing a quick update to reflect the key new features with the new variants, so here are some quick outlines. We were able to sinkhole a few of the DGA domains so we could get a picture of how many bots the botnet has recruited. The following graph shows the V1 version of the bot count, about 3k active daily IPs.

New TroubleGrabber Discord malware steals passwords, system info

www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/ TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. “We identified more than 1, 000 generated binaries that were distributed via drive-by download URLs with file names posing as game cheats, Discord installers, and software cracks, ” Netskope says.

New Jupyter malware steals browser data, opens backdoor

www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/ Jupyter is.NET-based and focuses on stealing data from Chromium, Mozilla Firefox, and Google Chrome web browsers: cookies, credentials, certificates, autocomplete info.

DarkSide ransomware is creating a secure data leak service in Iran

www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

Info of 27.7 million Texas drivers exposed in Vertafore data breach

www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/ Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories.

You might be interested in …

Daily NCSC-FI news followup 2021-02-10

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7 www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/ An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. French MNH health insurance company hit by RansomExx ransomware www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/ French health insurance company Mutuelle Nationale des Hospitaliers (MNH) […]

Read More

Daily NCSC-FI news followup 2019-08-28

Avast and French police take over malware botnet and disinfect 850,000 computers decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ Cybercrime: Ransomware attacks have more than doubled this year www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/ TrickBot Modifications Target U.S. Mobile Users www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users TrickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims voice and text communications. WootCloud Discovers ARES […]

Read More

Daily NCSC-FI news followup 2020-09-10

Viranomainen varoittaa huijausviestistä – varo tätä sähköpostia www.is.fi/digitoday/tietoturva/art-2000006630773.html Apple ID -tunnusten kalastelu on nyt aktiivista. Huijauksen mukaan vastaanottajan Apple ID:tä olisi käytetty luvattomasti muualla Applen iCloud-palveluun kirjautumiseksi. Tämän väitetään tapahtuneen Moskovasta käsin. Mukana on keinotekoinen ip-osoite sekä päivämäärä ja kellonaika. Ne saattavat vaihdella viestistä toiseen. Katso myös meidän twiitti: https://twitter.com/CERTFI/status/1303604786361774080 Ransomware accounted for 41% of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.