Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea
yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.”
Australian government warns of possible ransomware attacks on health sector
www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. ACSC lähde:
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/ Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. Microsoftin lähde:
Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices
blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/ With the low low detected rate on VT, and newly added IoT support, we think it is worthing providing a quick update to reflect the key new features with the new variants, so here are some quick outlines. We were able to sinkhole a few of the DGA domains so we could get a picture of how many bots the botnet has recruited. The following graph shows the V1 version of the bot count, about 3k active daily IPs.
New TroubleGrabber Discord malware steals passwords, system info
www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/ TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. “We identified more than 1, 000 generated binaries that were distributed via drive-by download URLs with file names posing as game cheats, Discord installers, and software cracks, ” Netskope says.
New Jupyter malware steals browser data, opens backdoor
www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/ Jupyter is.NET-based and focuses on stealing data from Chromium, Mozilla Firefox, and Google Chrome web browsers: cookies, credentials, certificates, autocomplete info.
DarkSide ransomware is creating a secure data leak service in Iran
www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.
Info of 27.7 million Texas drivers exposed in Vertafore data breach
www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/ Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories.