Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta

www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa.

Italian police arrest two over hacking at defence group Leonardo

www.reuters.com/article/idUSL8N2IL08W A manager and a former employee of Leonardo were arrested on Saturday for their alleged role in hacking the Italian defence group’s computers to steal sensitive information between 2015 and 2017, prosecutors in the southern city of Naples said.

Threat Roundup for November 27 to December 4

blogs.cisco.com/security/talos/threat-roundup-1127-1204 Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 27 and December 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Maailmalla on uusi huijaussoittojen tyyppi myös soitoissa Suomeen uusi niksi

www.is.fi/digitoday/tietoturva/art-2000007661525.html Veroviranomaisten numeroista tulevat väärennetyt soitot ovat muodostuneet todelliseksi ongelmaksi Australiassa.

Ransomware gangs are now cold-calling victims if they restore from backups without paying

www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying/ Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.

Ransomware hits helicopter maker Kopter

www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/ Data from Kopter’s internal network has been published on the LockBit gang’s blog, hosted on the dark web.

How to avert an evil-maid attack

www.kaspersky.com/blog/evil-maid-attack/37901/ Protect your corporate computer from unauthorized physical access. In theory, a pro can compromise a device in 3 to 4 minutes, but that sort of thing tends to occur when the computer is left unattended and unlocked (or not password-protected). But even with basic security measures in place, an evil-maid attack still has a chance. The easiest and most reliable way to guard against evil-maid attacks is to keep your device where only you can access it. Don’t leave it in a hotel room if you can help it, for example. If your employees have to go on business trips with work laptops, however, here are some steps you can take to mitigate the risk:. a) Deploy temporary laptops with no access to critical corporate systems or work data, and then format the hard drive and reinstall the operating system after each trip, b) Require employees to turn off work laptops that must be left unattended, c) Encrypt the hard drives of any computers that leave the office building, d) Use security solutions that block suspicious outgoing traffic. e) Ensure your security solution detects BadUSB attacks, f) Update all software, especially the operating system, in a timely manner, g) Restrict direct access to device memory through FireWire, Thunderbolt, PCI, and PCI Express ports on every device that allows it.

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

www.forbes.com/sites/louiscolumbus/2020/12/05/top-20-predictions-of-how-ai-is-going-to-improve-cybersecurity-in-2021/ Bottom Line: In 2021, cybersecurity vendors will accelerate AI and machine learning app development to combine human and machine insights so they can out-innovate attackers intent on escalating an AI-based arms race.

The Week in Ransomware – December 4th 2020 – Education under attack

www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-4th-2020-education-under-attack/ Egregor was very active this week, with attacks on Kmart, Metro Vancouver’s transit system TransLink, and the Randstad staffing agency. Education was also hit hard this week, with Baltimore County Public Schools (BCPS) still recovering from last week’s attack and Huntsville City Schools district in Alabama shutting down for a week due to an attack. In addition to public school systems, Ryuk attacked online education giant K12 Inc, who paid the ransom to prevent students’ data from being leaked. Finally, the Clop ransomware gang showed that they don’t only breach networks to steal your files and encrypt your data. The threat actors also deploy other ransomware, such as POS malware, to steal credit cards.

“Sadat miljoonat käyttäjät vaarassa” monissa Android-sovelluksissa kummittelee haavoittuvuus

www.is.fi/digitoday/tietoturva/art-2000007661541.html Useilta kehittäjiltä on jäänyt korjaamatta vakava haavoittuvuus, ja käyttäjät saattavat maksaa siitä kalliisti. Lue myös:

blog.checkpoint.com/2020/12/03/widespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library/

Heightened Awareness for Iranian Cyber Activity

us-cert.cisa.gov/ncas/current-activity/2020/12/03/heightened-awareness-iranian-cyber-activity Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activitiesincluding social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks.

Campaign to help online Christmas shoppers fight festive fraud

www.ncsc.gov.uk/news/cyber-aware-aiding-christmas-shopping The NCSC launches a new Cyber Aware campaign aimed at helping people shop securely online this Christmas.

Weekly Threat Report 4th December 2020

www.ncsc.gov.uk/report/weekly-threat-report-4th-december-2020 The NCSC’s weekly threat report is drawn from recent open source reporting.

You might be interested in …

Daily NCSC-FI news followup 2020-07-01

Experts: COVID Multiplying Risks To Critical Infrastructure www.forbes.com/sites/paulfroberts/2020/07/01/experts-covid-multiplying-risks-to-critical-infrastructure/ Former DHS Secretary Michael Chertoff warned on Tuesday that changes wrought by the COVID global pandemic are exacerbating vulnerabilities in the global economy, including the risk of crippling cyber attacks on critical infrastructure like the electric grid. China’s Software Stalked Uighurs Earlier and More Widely, Researchers Learn […]

Read More

Daily NCSC-FI news followup 2019-07-05

Google Chrome to Unload Heavy Ads With Intensive Resource Usage www.bleepingcomputer.com/news/google/google-chrome-to-unload-heavy-ads-with-intensive-resource-usage/ Google is currently working on adding a new feature to the Chrome web browser designed to automatically unload ads which use an outrageous amount of system resources in an effort to shrink the browser’s CPU and network footprint. Samsung Update App with 10M+ Installs […]

Read More

Daily NCSC-FI news followup 2021-03-08

A Basic Timeline of the Exchange Mass-Hack krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.