Daily NCSC-FI news followup 2020-12-18

Kansallinen turvallisuusauditointikriteeristö Katakri 2020 julkaistu

valtioneuvosto.fi/-/kansallinen-turvallisuusauditointikriteeristo-katakri-2020-julkaistu Kansallisen turvallisuusviranomainen NSA julkaisee Katakri 2020:n, eli viranomaisten tietoturvallisuuden auditointityökaluksi tarkoitetun kansallisen auditointikriteeristön 18.joulukuuta 2020 verkkoversiona.. Katakrin neljännen version päivitystyön taustalla keskeisimpänä tekijänä on ollut vastaaminen 2020 alusta uusiutuneen kansallisen lainsäädännön muutoksiin.. Painettu julkaisu ja englanninkielinen verkkoversio on saatavilla vuoden 2021 alkupuolella.

SolarWinds hackers breach US nuclear weapons agency

www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/ US DOE has confirmed that the hacking group behind the SolarWinds compromise also hacked the networks of the US nuclear weapons agency. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA)

Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims

threatpost.com/sunburst-c2-secrets-rsolarwinds-victims/162426/ Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.

NSA warns of hackers forging cloud authentication information

www.bleepingcomputer.com/news/security/nsa-warns-of-hackers-forging-cloud-authentication-information/ NSA released the guidance “in response to ongoing cybersecurity events, ” referring to SolarWinds supply-chain attack that targeted private and government organizations in at least seven countries by Microsoft’s count. The two tactics, techniques, and procedures (TTPs) discussed in NSA’s advisory have been in use since at least 2017 and refer to forging Security Assertion Markup Language (SAML) tokens for single sign-on (SSO) authentication to other service providers. NSA Advisory PDF:

media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF

Europol launches new decryption platform for law enforcement

www.bleepingcomputer.com/news/security/europol-launches-new-decryption-platform-for-law-enforcement/ Europol and the European Commission have launched a new decryption platform that will help boost Europol’s ability to gain access to information stored in encrypted media collected during criminal investigations. The new decryption platform operated by Europol’s European Cybercrime Centre (EC3) was developed in collaboration with the European Commission’s Joint Research Centre science and knowledge service. “In full respect of fundamental rights and without limiting or weakening encryption, this initiative will be available to national law enforcement authorities of all Member States to help keep societies and citizens safe and secure, ” the Europol added.

You might be interested in …

Daily NCSC-FI news followup 2020-07-01

Experts: COVID Multiplying Risks To Critical Infrastructure www.forbes.com/sites/paulfroberts/2020/07/01/experts-covid-multiplying-risks-to-critical-infrastructure/ Former DHS Secretary Michael Chertoff warned on Tuesday that changes wrought by the COVID global pandemic are exacerbating vulnerabilities in the global economy, including the risk of crippling cyber attacks on critical infrastructure like the electric grid. China’s Software Stalked Uighurs Earlier and More Widely, Researchers Learn […]

Read More

Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and […]

Read More

Daily NCSC-FI news followup 2019-08-18

Over 20 Texas local governments hit in ‘coordinated ransomware attack’ www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/ Infection blamed on a strain of ransomware known only as the “.JSE ransomware.” Steam Accounts Being Stolen Through Elaborate Free Game Scam www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/ An elaborate scam is underway that pretends to be a free game giveaway site, but instead hacks a user’s Steam account, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.