Daily NCSC-FI news followup 2020-12-06

Running in Circles – Uncovering the Clients of Cyberespionage Firm Circles

citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ The public discussion around surveillance and tracking largely focuses on well known technical means, such as targeted hacking and network interception. However, other forms of surveillance are regularly and extensively used by governments and third parties to engage in cross-border surveillance and monitoring. One of the widest-usedbut least appreciatedis the leveraging of weaknesses in the global mobile telecommunications infrastructure to monitor and intercept phone calls and traffic. Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe. Circles is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Circles, whose products work without hacking the phone itself, says they sell only to nation-states. According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud, ” which interconnects with telecommunications companies around the world.

LM: Sairaanhoitopiirit hankkivat yli miljoonalla eurolla palveluita tietomurron kohteeksi joutuneelta Vastaamolta

www.is.fi/digitoday/tietoturva/art-2000007664922.html Sairaanhoitopiirit ovat hankkineet tietomurron kohteeksi joutuneelta Psykoterapiakeskus Vastaamolta palveluita yli miljoonalla eurolla vuosina 20152020, kertoo Lännen Media. Asia käy ilmi LM:n toimituksen sairaanhoitopiireiltä hankkimista tiedoista. Tietojen perusteella sairaanhoitopiirit ovat psykoterapiapalveluiden osalta rekisterinpitäjiä ja Vastaamo palveluntuottaja. EU:n tietosuoja-asetuksen perusteella rekisterinpitäjän, eli Vastaamo-tapauksessa sairaanhoitopiirien, täytyy varmistaa, että palveluntarjoaja noudattaa tietosuoja-asetusta. Lue myös:


These 2 Words And 1 Number Appear In 44 Million Dangerous Passwords

www.forbes.com/sites/daveywinder/2020/12/06/dont-use-ass-eva-or-2010-in-your-password-heres-why/?sh=3dff4c37c5f5 I recently warned readers about the dangers of using the world’s worst passwords based on an analysis of more than 275 million examples found in breach databases. At the top of that list were the usual suspects of 123456 and 123456789 among others. Let’s start with the disappointing but sadly to be expected fact that only 2 billion of those passwords were unique. The researchers at CyberNews took an in-depth look at the passwords that were used more frequently. More to the point, they looked at the construction of those passwords to dig out specific words repeated time after time. The majority of that 15 billion number was passwords containing only eight characters or less. Yes, you read that right. In 2020, people are still using ridiculously short, and ridiculously easy to break, passwords. More worrying are the words that appear within them, though.

Reikä terveystietojen turvassa leväytti 243 miljoonan ihmisen datat verkkoon

www.tivi.fi/uutiset/tv/b2ab8089-704f-42ea-8f6f-d49080b40e98 Yli 243 miljoonan brasilialaisen henkilökohtaiset tiedot ovat olleet saatavilla puolen vuoden ajan netistä. Syynä tähän on Brasilian terveysministeriön heikosti suojatut tunnistetiedot. Asiasta uutisoi Verge brasilialaisen Estadaon uutiseen viitaten. Kaikkien Brasilian kansalliseen terveysjärjestelmään, Sistema Unico de Saudeen (SUS) kirjautuneiden tiedot olivat tarkasteltavissa. Tietoihin lukeutui muun muassa henkilön nimi, osoite sekä puhelinnumero. Lisäksi tietokantaan kuului ilmeisesti myös kuolleita ihmisiä, sillä Brasilian väkiluku on noin 211 miljoonaa. Ministeriö säilytti tietoja salattuna verkkosivustonsa lähdekoodissa, mikä jo itsessään kuulostaa hälyttävältä. Tiedot oli salattu käyttämällä Base64-koodausmenetelmää, joka on Vergen mukaan helposti purettavissa. Estadao-lehden mukaan Brasilian terveysministeriö on korjannut kyseisen haavoittuvuuden. Lue myös:


Kazakhstan government is intercepting HTTPS traffic in its capital

www.zdnet.com/article/kazakhstan-government-is-intercepting-https-traffic-in-its-capital/#ftag=RSSbaffb68 Under the guise of a “cybersecurity exercise, ” the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users’ devices via a technique called MitM (Man-in-the-Middle). Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government’s certificate.

Amerikkalaiset kybersotilaat operoivat Virossa Yhdysvaltojen presidentinvaalin aikaan

www.hs.fi/ulkomaat/art-2000007662175.html Hunt forward -joukoiksi kutsutut tietoverkkosotilaat ja -asiantuntijat ovat tehneet yhteistyötä aiemmin ainakin Montenegron valtion kanssa. Lue myös:


www.nytimes.com/2020/12/03/us/politics/cyber-command-elections-estonia.html?referringSource=articleShare ja


You might be interested in …

Daily NCSC-FI news followup 2019-09-25

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to […]

Read More

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Daily NCSC-FI news followup 2020-10-11

Settings That Impact The Windows OS windowsir.blogspot.com/2020/10/settings-that-impact-windows-os.html There are a number of settings within Windows systems that can and do significantly impact the functionality of Windows, and as a result, can also impact what is available to a DFIR analyst. These settings very often manifest as modifications to Registry keys or values. These settings also […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.