Daily NCSC-FI news followup 2020-12-07

KRP: Tässä ovat Vastaamo-kiristyksen päätutkintalinjat

www.is.fi/digitoday/tietoturva/art-2000007666543.html Keskusrikospoliisi käy yhä läpi valtavia datamääriä, joista etsitään Vastaamo-kiristäjän jättämiä jälkiä. KRP saa edelleen arvokkaita vihjeitä yleisöltä. Tutkintalinjoja on useita, ja niiden määrä vaihtelee uusien löydösten myötä. Päätutkintalinjat ovat itse tietomurron ja kiristäjän yhteys sekä Vastaamon kiristäjän ja yksittäisten uhrien kiristäjän yhteys. Vapaaehtoiset tietoturva-asiantuntijat, valkohattuhakkerit sekä monet yritykset ovat jakaneet omien selvitystensä tuloksia poliisille aktiivisesti. Leposen mukaan tutkijat joutuvat arvioimaan tämän aineiston suhteen, voiko sitä hyödyntää tutkinnassa. Poliisi ei pysty antamaan toimeksiantoja ulkopuolisille tutkijoille.

Valtion verkko joutuu syyniin “onko nykyinen malli edelleen toimiva?”

www.tivi.fi/uutiset/tv/ab0ad9ba-f789-4edd-b0fe-d3b20e052546 Valtiovarainministeriö (VM) on käynnistänyt julkisen hallinnon turvallisuusverkkotoiminnan järjestämistarkastelun. Turvallisuusverkon palvelutuotanto on ollut käynnissä noin kuusi vuotta, ja siitä vastaavat Suomen Erillisverkot -konsernin tytäryhtiö Suomen Turvallisuusverkko sekä Valtion tieto- ja viestintätekniikkakeskus Valtori. VM:n mukaan tarkastelussa arvioidaan, onko turvallisuusverkon nykyinen toimintamalli edelleen toimiva. Molemmat palvelutuottajat ovat aloittaneet sisäisen muutosohjelman, joiden tarkoituksena on parantaa asiakastyytyväisyyttä sekä kustannustehokkuutta. Suomen Turvallisuusverkon muutosohjelmaa viivästytetään turvallisuusverkkotoimintaa koskevilta osin. Valtorin muutosohjelmaa jatketaan puolestaan suunnitellusti, sillä turvallisuusverkkotoimintaa koskevat muutokset on aloitettu jo vuonna 2019 ja saatu lähes valmiiksi. Tarkastelun määrittelyvaiheessa päätetään jatkoselvitykseen otettavat turvallisuusverkkotoiminnan järjestämisvaihtoehdot sekä vaihtoehtojen vertailua varten tarvittavat kriteerit. Vaihe päättyy viimeistään ensi vuoden helmikuun puolivälissä, jonka jälkeen siirrytään vaihtoehtojen vertailuun. Vertailujen alustavat tulokset raportoidaan viimeistään toukokuun lopussa ja lopullinen raportti annetaan viimeistään syyskuun lopussa.

Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

www.enisa.europa.eu/news/enisa-news/national-cybersecurity-capabilities-framework The EU Agency for Cybersecurity issues a National Capabilities Assessment Framework (NCAF) to help EU Member States self-measure the level of maturity of their national cybersecurity capabilities. Read also:

www.enisa.europa.eu/publications/national-capabilities-assessment-framework and

www.enisa.europa.eu/publications/national-capabilities-assessment-framework/at_download/fullReport

Cisco fixes Security Manager vulnerabilities with public exploits

www.bleepingcomputer.com/news/security/cisco-fixes-security-manager-vulnerabilities-with-public-exploits/ Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco addressed two of the 12 vulnerabilities (CVE-2020-27125 and CVE-2020-27130) but didn’t provide any security updates to fix multiple security bugs, collectively tracked as CVE-2020-27131.

Foxconn electronics giant hit by ransomware, $34 million ransom

www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/ Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. Today, the DoppelPaymer ransomware published files belonging to Foxconn NA on their ransomware data leak site. The leaked data includes generic business documents and reports but does not contain any financial information or employee’s personal details.

Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/ The National Security Agency (NSA) released a Cybersecurity Advisory today detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware® products to access protected data on affected systems. This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks. Read also:

media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF as well as

www.bleepingcomputer.com/news/security/nsa-russian-state-hackers-exploit-new-vmware-vulnerability-to-steal-data/

Recruitment giant Randstad hit by ransomware, sensitive data stolen

grahamcluley.com/recruitment-giant-randstad-hit-by-ransomware-sensitive-data-stolen/ In a statement published on Thursday last week, Randstad said that it had “recently become aware of malicious activity” on its network. Read also:

tools.euroland.com/tools/pressreleases/GetPressRelease/?ID=3845464&lang=en-GB&companycode=NL-RAND&pid=2

The biggest hacks, data breaches of 2020

www.zdnet.com/article/the-biggest-hacks-data-breaches-of-2020/ A pandemic is no reason for hackers to hold off cyberattacks against everything from government bodies to healthcare providers.

Microsoft announces Azure cloud for top secret government data

www.bleepingcomputer.com/news/security/microsoft-announces-azure-cloud-for-top-secret-government-data/ Microsoft today announced the launch of a new offering for its mission-critical Azure Government cloud targeted at government customers and partners that regularly work with top-secret classified data. “Today, we are announcing the expansion of our mission-critical cloud for US Government with new capabilities in Azure Government, the expansion of Azure Government Secret, and the announcement of a new cloud to serve customers with Top Secret classified dataAzure Government Top Secret, ” Tom Keane, corporate vice president of Microsoft’s Azure Global, said.

Hackers leak data from Embraer, world’s third-largest airplane maker

www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/ The Brazilian company was the victim of a ransomware attack last month, in November. Read also:

www.tripwire.com/state-of-security/featured/aircraft-maker-embraer-admits-hackers-breached-its-systems-and-stole-data/. As well as:

threatpost.com/ransomexx-ransomware-gang-dumps-stolen-embraer-data-report/161918/

Bulletin (SB20-342) – Vulnerability Summary for the Week of November 30, 2020

us-cert.cisa.gov/ncas/bulletins/sb20-342 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

Travel agent leaked customer data by this is embarrassing giving it away in a hackathon

www.theregister.com/2020/12/07/data_breach_in_hackathon_data/ Bad design bites as Flight Centre’s policy of no credit card or passport numbers in app’s free text field was not enforced, therefore ignored

Cyber attacks on COVID-19 vaccine production are not quite a war crime

www.zdnet.com/article/cyber-attacks-on-covid-19-vaccine-production-are-not-quite-a-war-crime/ Hacking virus research labs to steal their secret recipes is just industrial espionage. But cyber attacks against vaccine production and distribution would be a war crime — if we were at war.

DMARC inching its way onto Australian government domains

www.zdnet.com/article/dmarc-inching-its-way-onto-australian-government-domains/ DPS has said the implementation of DMARC is funded in this fiscal year. Domain-based Message Authentication, Reporting & Conformance (DMARC) is one of the simplest and easiest ways to prevent email spoofing, which is used by those conducting phishing campaigns or business email compromise scams, by verifying whether an incoming email is actually from the server it purports to be. As of the end of 2018, only 5.5% of Australian government domains implemented DMARC, but that is set to change.

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

thehackernews.com/2020/12/how-dmarc-can-stop-criminals-sending.html 21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization’s security with DMARC, which if not implemented, will enable cyber-attackers to:

3 Million Pluto TV Users’ Data Was Hacked, But the Company Isn’t Telling Them

www.vice.com/en/article/88a8ma/pluto-tv-hacked-data-breach The data includes email addresses, IP addresses, and hashed passwords.

Living in a Post-quantum Cryptography World

blog.checkpoint.com/2020/12/07/living-in-a-post-quantum-cryptography-world/ Today, it is pretty expected from what we can see in the way hackers go after their victims. Whether through social engineering, phishing scams, or ransomware attacks ultimately it is just a hacker and his classic computer. Which means not a lot of computing power to decrypt complicated encryption protocols in a desired timeframe. There are just too many secure encryption keys in place and with the compute power we have today it is not enough to get the job done, it will take too much time to decrypt and not worth the effort it is all about quick wins. Now what if said hacker actually had a quantum computer to conduct his attacks and use it to break into your bank account in no time the hacker will have access to account details, funds, addresses, you name it, they can steal it. Not only will they be able to carry out their attack in real time but a quantum computer has the ability to retrospectively decrypt all previously recorded traffic quickly leaving millions exposed. The outcome could be devastating, the cost and damage could be overwhelming, and it would surely bring institutions to a halt in moments. The rise of super powerful quantum computers is not so far off.

QNAP patches QTS vulnerabilities allowing NAS device takeover

www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/ Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. The eight vulnerabilities patched today by QNAP affect all QNAP NAS devices running vulnerable software. Read also:

threatpost.com/qnap-flaws-plague-nas-systems/161924/

How to remove yourself from Internet search results and hide your identity

www.zdnet.com/article/how-to-erase-your-digital-footprint-and-make-google-forget-you/ Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times

threatpost.com/healthcare-in-crisis-diagnosing-cybersecurity-shortcomings-in-unprecedented-times/161917/ In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security.

Google publishes XS-Leaks to encourage research into the difficult to solve problem of cross-site leaks of user information

www.zdnet.com/article/google-these-new-data-leaking-website-attacks-are-a-growing-menace/#ftag=RSSbaffb68 Google has set up a new site to track cross-site leaks, warning that these types of flaw are being used by some sites to steal information about the user or their data in other web applications. Read also:

security.googleblog.com/2020/12/fostering-research-on-new-web-security.html and xsleaks.dev/

Iranian RANA Android Malware Also Spies On Instant Messengers

thehackernews.com/2020/12/iranian-rana-android-malware-also-spies.html A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implantdeveloped by a sanctioned Iranian threat actorthat could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations. Read also:

blog.reversinglabs.com/blog/rana-android-malware

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

thehackernews.com/2020/12/payment-card-skimmer-group-using.html A cybercrime group known for targeting e-commerce websites unleashed a “multi-stage malicious campaign” earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. Read also: www.group-ib.com/blog/fakesecurity

You might be interested in …

Daily NCSC-FI news followup 2020-09-30

Android Spyware Variant Snoops on WhatsApp, Telegram Messages threatpost.com/new-android-spyware-whatsapp-telegram/159694/ The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. The Emerald Connection: EquationGroup collaboration with Stuxnet fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/ This article is part of a continued ongoing effort in my research of the use of a series of libraries called Exploit […]

Read More

Daily NCSC-FI news followup 2020-03-22

Remote working safety and security www.kaspersky.com/blog/remote-work-security/34258/?utm_source=rss&utm_medium=rss&utm_campaign=remote-work-security That makes sense: If companies are to continue functioning, and if your job is location-neutral, staying home reduces the likelihood of catching and transmitting the coronavirus while letting you continue doing your job. Honeypot – Scanning and Targeting Devices & Services isc.sans.edu/forums/diary/Honeypot+Scanning+and+Targeting+Devices+Services/25928/ I was curious this week to see […]

Read More

Daily NCSC-FI news followup 2021-08-12

Microsoft confirms another Windows print spooler zero-day bug www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/ Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as ‘PrintNightmare, ‘ which abuses configuration settings for the Windows […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.