Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea

yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.”

Australian government warns of possible ransomware attacks on health sector

www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 The ACSC says it has seen an uptick in attacks targeting the health sector with SDBBot, a known precursor of the Clop ransomware. ACSC lähde:

www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector. Katso myös:


Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/ Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. Microsoftin lähde:


Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices

blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/ With the low low detected rate on VT, and newly added IoT support, we think it is worthing providing a quick update to reflect the key new features with the new variants, so here are some quick outlines. We were able to sinkhole a few of the DGA domains so we could get a picture of how many bots the botnet has recruited. The following graph shows the V1 version of the bot count, about 3k active daily IPs.

New TroubleGrabber Discord malware steals passwords, system info

www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/ TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. “We identified more than 1, 000 generated binaries that were distributed via drive-by download URLs with file names posing as game cheats, Discord installers, and software cracks, ” Netskope says.

New Jupyter malware steals browser data, opens backdoor

www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/ Jupyter is.NET-based and focuses on stealing data from Chromium, Mozilla Firefox, and Google Chrome web browsers: cookies, credentials, certificates, autocomplete info.

DarkSide ransomware is creating a secure data leak service in Iran

www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/ The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. DarkSide is run as a Ransomware-as-a-Service (RaaS) where developers are in charge of programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

Info of 27.7 million Texas drivers exposed in Vertafore data breach

www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/ Vertafore blames incident on human error after user data was stored on an unsecured external storage service. The files were accessed by an external party. Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories.

You might be interested in …

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More

About the NCSC-FI daily news summary

The National Cyber Security Center of Finland provides a number of awesome services. One of those services is a news follow-up, which consists of the duty officers wading throught the masses of infosec news appearing every day and hand-picks the most important and significant ones. These are combined to an email digest, that is sent […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.