Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say

www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTechs COVID-19 vaccine candidate … had been unlawfully accessed.. Also www.bbc.com/news/technology-55249353.

www.bleepingcomputer.com/news/security/european-medicines-agency-fully-operational-after-cyberattack/.

www.ema.europa.eu/en/news/cyberattack-european-medicines-agency

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools. . Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting . engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.. Countermeasure rules

github.com/fireeye/red_team_tool_countermeasures. Also

www.wired.com/story/russia-fireeye-hack-statement-not-catastrophe/

Tietoturvamerkki täytti vuoden mitä sille oikein tapahtui?

www.is.fi/digitoday/tietoturva/art-2000007671801.html Traficom tiedotti tänään, että merkki on tänään myönnetty kahdelle uudelle tuotteelle: Koronavilkulle sekä Signifyn Philips Hue – -älyvaloratkaisulle.

Russian hackers hide Zebrocy malware in virtual disk images

www.bleepingcomputer.com/news/security/russian-hackers-hide-zebrocy-malware-in-virtual-disk-images/ The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy. The technique was seen before in phishing operations from the Cobalt group to distribute the CobInt loader in late December 2019.. Also uses covid-19 themes

thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html

Microsoft fixes new Windows Kerberos security bug in staged rollout

www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/ “Mitigation consists of the installation of the Windows updates on all devices that host the Active Directory domain controller role and read-only domain controllers (RODCs), and then enabling Enforcement mode,” Microsoft says.. Original guidance at

support.microsoft.com/en-us/help/4577252/managing-deployment-of-rbcd-protected-user-changes-for-cve-2020-16996

Hackers hide web skimmer inside a website’s CSS files

www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/ One of the recent additions to the CSS language was a feature that would allow it to load and run JavaScript code from within a CSS rule.. Willem de Groot, the founder of Dutch security firm Sanguine Security (SanSec), told ZDNet today that this CSS feature is now being abused by web skimmer gangs.

Open Source Developers Still Not Interested in Secure Coding

www.darkreading.com/application-security/open-source-developers-still-not-interested-in-secure-coding/d/d-id/1339654 Open source components and applications account for more than 70% of the code included in modern applications, making the security of those components of paramount concern. Yet, open source developers are more focused on working on the latest tools and implementing their own priorities, according to the 2020 FOSS Contributor Survey report.. Original at

www.linuxfoundation.org/blog/2020/12/download-the-report-on-the-2020-foss-contributor-survey/

Huawei Tested Facial Recognition System That Identifies Uighurs, Report Claims

www.forbes.com/sites/rachelsandler/2020/12/08/huawei-tested-facial-recognition-system-that-identifies-uighurs-report-claims/ TOPLINE Chinese tech giant Huawei helped test a facial recognition system that identifies Uighurs, according to a document found by Pennsylvania-based research group IPVM, offering the clearest evidence yet of the companys ties to Chinese government surveillance of the ethnic minority group.

OVER 20 MILLION GIONEE PHONES WERE FOUND TO BE ‘INTENTIONALLY INFLICTED’ WITH MALWARE

www.firstpost.com/tech/news-analysis/over-20-million-gionee-phones-were-found-to-be-intentionally-inflicted-with-malware-9087371.html A Chinese court has charged Gionee for intentionally installing malware on its smartphones. Between December 2018 and October 2019, Gionee was found to be infecting over 20 million smartphones with Trojan Horse via an app, according to a report by China Judgment Document Network. Reportedly, the app was being used as a tool to profit from users via unsolicited ads, and other illegal means. As per . the report, the app was automatically installed on Gioness users’ phones without their consent.

A dying man, a therapist and the ransom raid that shook the world

www.wired.co.uk/article/finland-mental-health-data-breach-vastaamo In Finland repercussions of breach are already being felt. The government is fast-tracking legislation that will let citizens change their personal identity codes in cases of data breaches that carry a high risk of identity theft. The conclusions of investigations into the Vastaamo hack, and the gravity of any sanctions imposed, will also likely become reference points for any future legal . assessments.

You might be interested in …

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. = Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-03-01

Switzerland files criminal complaint over Crypto spying scandal www.reuters.com/article/us-swiss-spying-crypto/switzerland-files-criminal-complaint-over-crypto-spying-scandal-idUSKBN20O1VD The Swiss government has filed a criminal complaint over the U.S. Central Intelligence Agencys alleged use of a cryptography company as a front to spy on various governments secret communications, the Swiss attorney generals office said on Sunday.. The complaint against persons unknown for alleged breaches […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.