Daily NCSC-FI news followup 2020-12-19

Tietoturva NYT! – SolarWinds Orion Platformin takaovi mahdollisti vakoilun ja tietomurtoja

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/solarwinds-orion-platformin-takaovi-mahdollisti-vakoilun-ja-tietomurtoja SolarWinds Orion Platform -hallintatyökaluun lisätty takaovi on merkittävä tietoturvatapaus. Tietomurron ja vakoilun mahdollistanut takaovi onnistuttiin levittämään tuhansiin organisaatioihin. Työkalun haavoittuvaa versiota käyttävien organisaatioiden pyydetään olemaan yhteydessä Kyberturvallisuuskeskukseen. Lue myös:

yle.fi/uutiset/3-11707606

Google OAuth incident – 14.12.2020

status.cloud.google.com/incident/zall/20013 On Monday 14 December, 2020, for a duration of 47 minutes, customer-facing Google services that required Google OAuth access were unavailable. Google uses an evolving suite of automation tools to manage the quota of various resources allocated for services. As part of an ongoing migration of the User ID Service to a new quota system, a change was made in October to register the User ID Service with the new quota system. Parts of the previous quota system were left in place which incorrectly reported the usage for the User ID Service as 0.

Stealthy Magecart malware mistakenly leaks list of hacked stores

www.bleepingcomputer.com/news/security/stealthy-magecart-malware-mistakenly-leaks-list-of-hacked-stores/ Despite the quite advanced RAT malware they used as a backdoor into hacked e-commerce servers, the Magecart group also made one rookie mistake by including a list of hacked online stores within their dropper’s code. Sansec has also reached out to the online stores included in the Magecart malware dropper’s code to let them know that their servers have been infiltrated.

Operation SignSight: Supplychain attack against a certification authority in Southeast Asia

www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/ The attackers modified two of the software installers available for download on this website and added a backdoor in order to compromise users of the legitimate application. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software. With the compromise of Able Desktop, the attack on WIZVERA VeraPort by Lazarus and the recent supply-chain attack on SolarWinds Orion, we see that supply-chain attacks are a quite common compromise vector for cyberespionage groups. In this specific case, they compromised the website of a Vietnamese certificate authority, in which users are likely to have a high level of trust.

Smart toy security: How to keep your kids safe this Christmas

blog.malwarebytes.com/cybercrime/2020/12/smart-toy-security-this-christmas/

Apple, Google, Microsoft, and Mozilla ban Kazakhstan’s MitM HTTPS certificate

www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/#ftag=RSSbaffb68 This marks the second time browsers makers had to intervene and block a certificate used by the Kazakhstan government to spy on its citizens. The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices.

You might be interested in …

Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa. Italian police arrest two over hacking at defence group Leonardo www.reuters.com/article/idUSL8N2IL08W A manager and a […]

Read More

Daily NCSC-FI news followup 2021-03-07

Biden administration labels China top tech threat, promises proportionate responses to cyberattacks www.theregister.com/2021/03/05/bide_administration_interim_national_security_guidance/ That assessment was offered in a new Interim National Security Guidance [PDF] issued on Wednesday, in which the administration also outlines plans to seek more regulation of advanced technologies and an intention to strike back after cyberattacks.. Guidance document at www.whitehouse.gov/wp-content/uploads/2021/03/NSC-1v2.pdf AdGuard […]

Read More

Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi. Detecting and Preventing Emotet 2019 Campaign media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.