Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea

yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.”

Australian government warns of possible ransomware attacks on health sector

www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. ACSC lähde:

www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector. Katso myös:

umbrella.cisco.com/blog/healthcare-industry-under-threat-of-trojan-and-ransomware-attacks

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/ Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. Microsoftin lähde:

blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/

Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices

blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/ With the low low detected rate on VT, and newly added IoT support, we think it is worthing providing a quick update to reflect the key new features with the new variants, so here are some quick outlines. We were able to sinkhole a few of the DGA domains so we could get a picture of how many bots the botnet has recruited. The following graph shows the V1 version of the bot count, about 3k active daily IPs.

New TroubleGrabber Discord malware steals passwords, system info

www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/ TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. “We identified more than 1, 000 generated binaries that were distributed via drive-by download URLs with file names posing as game cheats, Discord installers, and software cracks, ” Netskope says.

New Jupyter malware steals browser data, opens backdoor

www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/ Jupyter is.NET-based and focuses on stealing data from Chromium, Mozilla Firefox, and Google Chrome web browsers: cookies, credentials, certificates, autocomplete info.

DarkSide ransomware is creating a secure data leak service in Iran

www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

Info of 27.7 million Texas drivers exposed in Vertafore data breach

www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/ Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories.

You might be interested in …

Daily NCSC-FI news followup 2021-02-07

Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge www.theregister.com/2021/02/07/in_brief_security/ Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more. Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its […]

Read More

Daily NCSC-FI news followup 2020-09-28

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army thehackernews.com/2020/09/cyberattack-indian-army.html Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an […]

Read More

Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses. Stantinko botnet adds cryptomining to its pool of criminal activities www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.