Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say

www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that the agency has been subject to a cyber attack and that some documents relating to the regulatory submission for Pfizer and BioNTechs COVID-19 vaccine candidate … had been unlawfully accessed.. Also www.bbc.com/news/technology-55249353.



FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools. . Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting . engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.. Countermeasure rules

github.com/fireeye/red_team_tool_countermeasures. Also


Tietoturvamerkki täytti vuoden mitä sille oikein tapahtui?

www.is.fi/digitoday/tietoturva/art-2000007671801.html Traficom tiedotti tänään, että merkki on tänään myönnetty kahdelle uudelle tuotteelle: Koronavilkulle sekä Signifyn Philips Hue – -älyvaloratkaisulle.

Russian hackers hide Zebrocy malware in virtual disk images

www.bleepingcomputer.com/news/security/russian-hackers-hide-zebrocy-malware-in-virtual-disk-images/ The use of VHD disk images appears to be a new page in the malware delivery book of the threat group behind Zebrocy. The technique was seen before in phishing operations from the Cobalt group to distribute the CobInt loader in late December 2019.. Also uses covid-19 themes


Microsoft fixes new Windows Kerberos security bug in staged rollout

www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/ “Mitigation consists of the installation of the Windows updates on all devices that host the Active Directory domain controller role and read-only domain controllers (RODCs), and then enabling Enforcement mode,” Microsoft says.. Original guidance at


Hackers hide web skimmer inside a website’s CSS files

www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/ One of the recent additions to the CSS language was a feature that would allow it to load and run JavaScript code from within a CSS rule.. Willem de Groot, the founder of Dutch security firm Sanguine Security (SanSec), told ZDNet today that this CSS feature is now being abused by web skimmer gangs.

Open Source Developers Still Not Interested in Secure Coding

www.darkreading.com/application-security/open-source-developers-still-not-interested-in-secure-coding/d/d-id/1339654 Open source components and applications account for more than 70% of the code included in modern applications, making the security of those components of paramount concern. Yet, open source developers are more focused on working on the latest tools and implementing their own priorities, according to the 2020 FOSS Contributor Survey report.. Original at


Huawei Tested Facial Recognition System That Identifies Uighurs, Report Claims

www.forbes.com/sites/rachelsandler/2020/12/08/huawei-tested-facial-recognition-system-that-identifies-uighurs-report-claims/ TOPLINE Chinese tech giant Huawei helped test a facial recognition system that identifies Uighurs, according to a document found by Pennsylvania-based research group IPVM, offering the clearest evidence yet of the companys ties to Chinese government surveillance of the ethnic minority group.


www.firstpost.com/tech/news-analysis/over-20-million-gionee-phones-were-found-to-be-intentionally-inflicted-with-malware-9087371.html A Chinese court has charged Gionee for intentionally installing malware on its smartphones. Between December 2018 and October 2019, Gionee was found to be infecting over 20 million smartphones with Trojan Horse via an app, according to a report by China Judgment Document Network. Reportedly, the app was being used as a tool to profit from users via unsolicited ads, and other illegal means. As per . the report, the app was automatically installed on Gioness users’ phones without their consent.

A dying man, a therapist and the ransom raid that shook the world

www.wired.co.uk/article/finland-mental-health-data-breach-vastaamo In Finland repercussions of breach are already being felt. The government is fast-tracking legislation that will let citizens change their personal identity codes in cases of data breaches that carry a high risk of identity theft. The conclusions of investigations into the Vastaamo hack, and the gravity of any sanctions imposed, will also likely become reference points for any future legal . assessments.

You might be interested in …

Daily NCSC-FI news followup 2021-10-03

Sandhills online machinery markets shut down by ransomware attack www.bleepingcomputer.com/news/security/sandhills-online-machinery-markets-shut-down-by-ransomware-attack/ Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations. Sandhills Global is a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries. Numerous sources have […]

Read More

Daily NCSC-FI news followup 2020-08-15

PoC Exploit Targeting Apache Struts Surfaces on GitHub threatpost.com/poc-exploit-github-apache-struts/158393/ Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack krebsonsecurity.com/2020/08/medical-debt-collection-firm-r1-rcm-hit-in-ransomware-attack/ R1 RCM Inc. [NASDAQ:RCM], one of the nations largest medical debt collection companies, […]

Read More

Daily NCSC-FI news followup 2020-10-08

Saitko tekstiviestin Postin nimissä? Varothan, viesti voi olla huijaus www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Päivitetty 07.10.2020 14:28. Uudessa huijaustyypissä tekstiviestillä lähetetystä linkistä aukeava kalastelusivu muuntautuu päätelaitteesi mukaan: iOS-laitteilta kalastellaan iCloud-tunnuksia, Androideille tarjotaan haitallista sovellusta (.apk-paketti). Android Users Beware: Delete These 240 Malicious Apps Now www.forbes.com/sites/kateoflahertyuk/2020/10/08/android-users-beware-delete-these-240-malicious-apps-now/ Android users need to check their devices today after security researchers revealed 240 malicious […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.