Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta

www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa.

Italian police arrest two over hacking at defence group Leonardo

www.reuters.com/article/idUSL8N2IL08W A manager and a former employee of Leonardo were arrested on Saturday for their alleged role in hacking the Italian defence group’s computers to steal sensitive information between 2015 and 2017, prosecutors in the southern city of Naples said.

Threat Roundup for November 27 to December 4

blogs.cisco.com/security/talos/threat-roundup-1127-1204 Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 27 and December 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Maailmalla on uusi huijaussoittojen tyyppi myös soitoissa Suomeen uusi niksi

www.is.fi/digitoday/tietoturva/art-2000007661525.html Veroviranomaisten numeroista tulevat väärennetyt soitot ovat muodostuneet todelliseksi ongelmaksi Australiassa.

Ransomware gangs are now cold-calling victims if they restore from backups without paying

www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying/ Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.

Ransomware hits helicopter maker Kopter

www.zdnet.com/article/ransomware-hits-helicopter-maker-kopter/ Data from Kopter’s internal network has been published on the LockBit gang’s blog, hosted on the dark web.

How to avert an evil-maid attack

www.kaspersky.com/blog/evil-maid-attack/37901/ Protect your corporate computer from unauthorized physical access. In theory, a pro can compromise a device in 3 to 4 minutes, but that sort of thing tends to occur when the computer is left unattended and unlocked (or not password-protected). But even with basic security measures in place, an evil-maid attack still has a chance. The easiest and most reliable way to guard against evil-maid attacks is to keep your device where only you can access it. Don’t leave it in a hotel room if you can help it, for example. If your employees have to go on business trips with work laptops, however, here are some steps you can take to mitigate the risk:. a) Deploy temporary laptops with no access to critical corporate systems or work data, and then format the hard drive and reinstall the operating system after each trip, b) Require employees to turn off work laptops that must be left unattended, c) Encrypt the hard drives of any computers that leave the office building, d) Use security solutions that block suspicious outgoing traffic. e) Ensure your security solution detects BadUSB attacks, f) Update all software, especially the operating system, in a timely manner, g) Restrict direct access to device memory through FireWire, Thunderbolt, PCI, and PCI Express ports on every device that allows it.

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

www.forbes.com/sites/louiscolumbus/2020/12/05/top-20-predictions-of-how-ai-is-going-to-improve-cybersecurity-in-2021/ Bottom Line: In 2021, cybersecurity vendors will accelerate AI and machine learning app development to combine human and machine insights so they can out-innovate attackers intent on escalating an AI-based arms race.

The Week in Ransomware – December 4th 2020 – Education under attack

www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-4th-2020-education-under-attack/ Egregor was very active this week, with attacks on Kmart, Metro Vancouver’s transit system TransLink, and the Randstad staffing agency. Education was also hit hard this week, with Baltimore County Public Schools (BCPS) still recovering from last week’s attack and Huntsville City Schools district in Alabama shutting down for a week due to an attack. In addition to public school systems, Ryuk attacked online education giant K12 Inc, who paid the ransom to prevent students’ data from being leaked. Finally, the Clop ransomware gang showed that they don’t only breach networks to steal your files and encrypt your data. The threat actors also deploy other ransomware, such as POS malware, to steal credit cards.

“Sadat miljoonat käyttäjät vaarassa” monissa Android-sovelluksissa kummittelee haavoittuvuus

www.is.fi/digitoday/tietoturva/art-2000007661541.html Useilta kehittäjiltä on jäänyt korjaamatta vakava haavoittuvuus, ja käyttäjät saattavat maksaa siitä kalliisti. Lue myös:

blog.checkpoint.com/2020/12/03/widespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library/

Heightened Awareness for Iranian Cyber Activity

us-cert.cisa.gov/ncas/current-activity/2020/12/03/heightened-awareness-iranian-cyber-activity Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activitiesincluding social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks.

Campaign to help online Christmas shoppers fight festive fraud

www.ncsc.gov.uk/news/cyber-aware-aiding-christmas-shopping The NCSC launches a new Cyber Aware campaign aimed at helping people shop securely online this Christmas.

Weekly Threat Report 4th December 2020

www.ncsc.gov.uk/report/weekly-threat-report-4th-december-2020 The NCSC’s weekly threat report is drawn from recent open source reporting.

You might be interested in …

Daily NCSC-FI news followup 2019-11-07

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections www.theregister.co.uk/2019/11/07/ignite_2019_security/ Your guide to some of the security enhancements announced this week. Office 365 will be getting additional security protections through Application Guard, the sandboxing tool Microsoft debuted with its Edge browser. The idea is that Application Guard will isolate documents, preventing malicious […]

Read More

Daily NCSC-FI news followup 2019-10-16

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Docker Containers Riddled with Graboid Crypto-Worm […]

Read More

Daily NCSC-FI news followup 2021-01-21

Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta. Ransomware is now the biggest […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.