Daily NCSC-FI news followup 2020-11-26

ENISA Report Highlights Resilience of Telecom Sector in Facing the Pandemic

www.enisa.europa.eu/news/enisa-news/telecom-security-and-resilience-during-covid19 ENISA is releasing its Telecom Security During a Pandemic report at the 32nd meeting of EU telecom security authorities. Underlining the current strength of the sector in the face of the pandemic, the report also calls for increased cooperation, as telecommunications become more and more essential for Europes society and economy.

Privacy campaigner flags concerns about Microsoft’s creepy Productivity Score

www.theregister.com/2020/11/26/productivity_score/ Vienna-based researcher (and co-creator of Data Dealer) Wolfie Christl suggested that the new features “turns Microsoft 365 into an full-fledged workplace surveillance tool.”. Christl’s concerns are not limited to the Productivity Score dashboard itself, but also regarding what is going on behind the scenes in the form of the Microsoft Graph. The People API, for example, is a handy jumping off point into all manner of employee data.

Sophos notifies customers of data exposure after database misconfiguration

www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/ “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email sent to customers and obtained by ZDNet.. Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).

[Western Australia] Auditor reveals ‘concerning’ security practices within state Registry System

www.zdnet.com/article/wa-auditor-reveals-concerning-security-practices-within-state-registry-system/ The audit in 2019 found the department did not appropriately monitor access to information, nor changes made. There was also 11 third-party vendor staff that had full access to the database and could make changes to information, such as names and life events.

5G on renki, isäntä vastaa turvallisuudesta

blog.kauppalehti.fi/vieraskyna/erillisverkot-kl-5g-on-renki-isanta-vastaa-turvallisuudesta Kun turvallisuus politisoituu, Suomen on tärkeää säilyttää digitaalinen itsenäisyytensä. Kansallista turvallisuutta ja yhteiskunnan toimivuutta ei voi ulkoistaa. Toki yhteistyötä voi ja tulee tehdä niiden tahojen kanssa, jotka jakavat Suomen arvomaailman.

Suomi saamassa oman Huawei-lakinsa HS: Rajauksesta sukset ristissä

www.tivi.fi/uutiset/tv/1b7db329-26a7-4e5c-b7fe-8b0d921a7ad9 Myös Suomessa on käynnissä ja oikeastaan jo loppusuoralla aiheeseen liittyvän lakiesityksen työstäminen. Lakimuutosehdotus, josta Tivi kirjoitti syyskuussa, koskee viestintäverkkojen kriittisiä osia. Lakiin on tarkoitus kirjata, mitkä osat verkoista ovat niin kriittisiä, ettei joitakin laitteita niihin haluta. Suomessa ei haluta kuitenkaan osoittaa syntipukiksi Huaweita tai mitään . muutakaan valmistajaa vaan turvaudutaan tekniseen määrittelyyn.. HS kertoo, että on suurta erimielisyyttä sen suhteen, mitkä verkon osat pitäisi laissa määritellä kriittisiksi. Näkemyseroja on etenkin teleoperaattoreiden ja esimerkiksi turvallisuusviranomaisten välillä.. Myös

www.hs.fi/paivanlehti/26112020/art-2000007642258.html

Koronavilkusta korjattiin iso ongelma päivitä sovellus nyt

www.is.fi/digitoday/mobiili/art-2000007641453.html Koronatartuntojen jäljitykseen Suomessa käytetty Koronavilkku-sovellus sai keskiviikkona tärkeän päivityksen. Se korjaa ongelman, jossa pitkät altistukset koronaan todistetusti sairastuneen kanssa esimerkiksi perheen sisällä ovat jääneet tulematta.

i-aml.com/financial-crime/synthetic-identity-fraud-worrying-u-s-regulators/ A synthetic identity is created by using a combination of real information, such as a legitimate Social Security number, and fictitious information, which can include a false name, address, or date of birth.. Synthetic identities can be used to establish accounts that behave like legitimate accounts and may not be flagged as suspicious using conventional fraud detection models. This affords perpetrators the time to cultivate these identities, build positive credit histories, and increase their borrowing or spending power before busting out the process of maxing out a line of credit with no . When we look at the market, roughly 20% of credit losses stem from synthetic identity fraud, said Johnny Ayers, CEO of Socure, a firm specializing in digital identity verification technology.. Traditional fraud models are not designed to detect synthetic identities, said the Boston Fed, citing research that showed such models were ineffective at catching 85% to 95% of likely synthetic identities.

www.vice.com/en/article/m7agpa/irs-location-data-venntel-contract “Im glad that the Inspector General agreed to our request to investigate this potential unconstitutional abuse of power by the IRS and its purchase of peoples mobile location history from a shady data broker, and potentially others, without a warrant. The IRS is not above the law, and we must ensure that people and their rights under the 4th Amendment are protected, [Senator] Warren told . Motherboard in a statement.

Challenges organizations face in combating third-party cyber risk

www.helpnetsecurity.com/2020/11/25/combating-third-party-cyber-risk/ Based on the third-party population ingested by enterprise customers, on average, 20% of an enterprises third-party portfolio pose high inherent risk. This means that if these third parties become compromised or unavailable, the fallout of that event will have a high impact on the enterprise.. Organizations tend to focus on the same set of vendors, but it is often the vendors they arent looking at that pose the greatest risk. Many companies tend to focus on the same set of third parties, and often on their larger third parties when they determine who to assess.

Belden networking giant’s company data stolen in cyberattack

www.bleepingcomputer.com/news/security/belden-networking-giants-company-data-stolen-in-cyberattack/ “Belden Inc. (NYSE: BDC), a leading global supplier of specialty networking solutions, today announced that it has taken decisive measures to investigate and address a data incident involving unauthorized access and copying of some current and former employee data, as well as limited company information regarding some business partners,” Belden announced.

Danish news agency Ritzau refuses to pay after ransomware attack

www.bleepingcomputer.com/news/security/danish-news-agency-ritzau-refuses-to-pay-after-ransomware-attack/ “The Ritzau news agency was subjected to an extensive hacker attack on Tuesday, and the hackers have subsequently demanded a ransom to release data,” Vesterløkke said. “Ritzau has refused to pay money to the hackers.”. During the attack, the ransomware group was able to compromise and encrypt roughly one-quarter of out of over 100 servers on Ritzau’s network.. The news agency expects to resume normal operations within 24 hours, switching from the emergency distribution system that uses six live blogs to its usual news release channels as soon as possible.

Analysis of Kinsing Malware’s Use of Rootkit

www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html With the constant evolution of shell scripts and Linux based malicious backdoors and agents, its not surprising that the creators of Kinsing have kept in step. In this entry, we discuss the malware variants current capabilities, including the addition of features intended to make it more difficult to detect in infected machines. Similar to how the Trident malware uses a rootkit to hide the . cryptocurrency mining payload, Kinsing also adapted the method integrating user-mode rootkits that use library preloading.

info.phishlabs.com/blog/ransomware-groups-break-promises-leak-data-anyway Ransomware groups are increasingly linking with other malware families and cybercrime operations to conduct campaigns. Attack collaboration and intelligence-sharing are becoming the norm as seasoned attackers profit with Ransomware-as-a-Service (RaaS) and partnerships with emerging groups. . There is no reason to believe that the data stolen during a ransomware attack will not be accessible to all parties involved. Lack of visibility into where data goes after it is stolen or who may have acquired copies of it means that despite paying the operators what was negotiated, the victim is still prone to future attacks.

Introducing BloodHound 4.0: The Azure Update

posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350 We released BloodHound in 2016. Since then, BloodHound has been used by attackers and defenders alike to identify and analyze attack paths in on-prem Active Directory environments. Now, I am very proud to announce the release of BloodHound 4.0: The Azure Update.. We are introducing 10 new node types with this release: tenants, Azure users, Azure security groups, Apps, Service Principals, Subscriptions, Resource Groups, Virtual Machines, Devices and Key Vaults:

You might be interested in …

Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also: thehackernews.com/2020/07/iranian-hacking-training-videos.html, arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/ Can the exfiltration of personal data by web trackers be stopped? freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of […]

Read More

Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa? yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja. Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona […]

Read More

Daily NCSC-FI news followup 2020-12-13

Exclusive: U.S. Treasury breached by hackers backed by foreign government – sources www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter. “The United States government is aware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.