Daily NCSC-FI news followup 2020-11-16

Verkkorikolliset yrittävät nyt kiristää varastetulla datalla tuplasti Yhä useampi raportoi, ettei tietoja ole palautettu lunnaiden maksun jälkeen

www.kauppalehti.fi/uutiset/verkkorikolliset-yrittavat-nyt-kiristaa-varastetulla-datalla-tuplasti-yha-useampi-raportoi-ettei-tietoja-ole-palautettu-lunnaiden-maksun-jalkeen/5d70090b-104d-4950-a751-0… Esimerkiksi Revil-kiristysohjelmaa käyttäneet hakkerit olivat lähestyneet uhreja uudelleen viikkoja sen jälkeen, kun lunnaat oli vastaanotettu. Kun uhri saa lunnaat maksettuaan salausavaimen, sitä ei voida häneltä ottaa pois. Varastettujen tietojen avulla rikolliset sen sijaan voivat palata toiseen maksuun milloin tahansa tulevaisuudessa.

Tanskan yleisradio: USA vakoili tanskalaisministeriöitä ja Ruotsin hävittäjäyhtiötä – urkinnassa hyödynnettiin ilmeisesti Tanskan omaa tiedustelua

yle.fi/uutiset/3-11649117?origin=rss DR perustaa tietonsa nimettömiin tiedustelulähteisiin, jotka ovat nähneet nimettömän tietovuotajan asiasta laatiman raportin. Tietovuotaja oli varoittanut mahdollisesta laittomasta toiminnasta ja siitä, että NSA käyttää hyväkseen tanskalaisia merikaapeleita tiedustelutiedon keräämiseen. Vakoilussa on DR:n tietojen mukaan käytetty apuna Xkeyscore-tietokonejärjestelmää, jonka avulla on seulottu kiinnostavaa dataa. Alun perin NSA:n Xkeyscoren avulla tekemä vakoilu nousi yleiseen tietoisuuteen tietovuotaja Edward Snowdenin ansiosta.

How the U.S. Military Buys Location Data from Ordinary Apps

www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted

www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/ Cencosud is one of the largest retail companies in Latin America, with over 140, 000 employees and $15 billion in revenue for 2019. Cencosud manages a wide variety of stores in Argentina, Brazil, Chile, Colombia, and Peru. This weekend, Cencosud was hit with a ransomware attack that encrypted devices throughout their retail outlets and impacted the company’s operations.

Lazarus supplychain attack in South Korea

www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/ ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. Also:

www.zdnet.com/article/lazarus-malware-strikes-south-korean-supply-chains/

Heartbleed, BlueKeep and other vulnerabilities that didn’t disappear just because we don’t talk about them anymore

isc.sans.edu/diary/rss/26798

You might be interested in …

Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also: arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/ Microsoft Uses Trademark Law to […]

Read More

Daily NCSC-FI news followup 2020-11-22

Manchester United Shuts Down Systems To Fend Off A Sophisticated Cyber Attack www.forbes.com/sites/leemathews/2020/11/21/manchester-united-shuts-down-systems-to-fend-off-a-sophisticated-cyber-attack/?sh=2759d59b4b60 Its not often that you find cybersecurity headlines on sports websites, but you will this weekend. Manchester United, the third most valuable soccer team in the world, announced yesterday that its network had been breached by hackers.

Read More

Daily NCSC-FI news followup 2021-07-27

Microsoft Teams now automatically blocks phishing attempts www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/ Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.. This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.