Tietoturva NYT! – SolarWinds Orion Platformin takaovi mahdollisti vakoilun ja tietomurtoja
www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/solarwinds-orion-platformin-takaovi-mahdollisti-vakoilun-ja-tietomurtoja SolarWinds Orion Platform -hallintatyökaluun lisätty takaovi on merkittävä tietoturvatapaus. Tietomurron ja vakoilun mahdollistanut takaovi onnistuttiin levittämään tuhansiin organisaatioihin. Työkalun haavoittuvaa versiota käyttävien organisaatioiden pyydetään olemaan yhteydessä Kyberturvallisuuskeskukseen. Lue myös:
Google OAuth incident – 14.12.2020
status.cloud.google.com/incident/zall/20013 On Monday 14 December, 2020, for a duration of 47 minutes, customer-facing Google services that required Google OAuth access were unavailable. Google uses an evolving suite of automation tools to manage the quota of various resources allocated for services. As part of an ongoing migration of the User ID Service to a new quota system, a change was made in October to register the User ID Service with the new quota system. Parts of the previous quota system were left in place which incorrectly reported the usage for the User ID Service as 0.
Stealthy Magecart malware mistakenly leaks list of hacked stores
www.bleepingcomputer.com/news/security/stealthy-magecart-malware-mistakenly-leaks-list-of-hacked-stores/ Despite the quite advanced RAT malware they used as a backdoor into hacked e-commerce servers, the Magecart group also made one rookie mistake by including a list of hacked online stores within their dropper’s code. Sansec has also reached out to the online stores included in the Magecart malware dropper’s code to let them know that their servers have been infiltrated.
Operation SignSight: Supplychain attack against a certification authority in Southeast Asia
www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/ The attackers modified two of the software installers available for download on this website and added a backdoor in order to compromise users of the legitimate application. The Vietnam Government Certification Authority confirmed that they were aware of the attack before our notification and that they notified the users who downloaded the trojanized software. With the compromise of Able Desktop, the attack on WIZVERA VeraPort by Lazarus and the recent supply-chain attack on SolarWinds Orion, we see that supply-chain attacks are a quite common compromise vector for cyberespionage groups. In this specific case, they compromised the website of a Vietnamese certificate authority, in which users are likely to have a high level of trust.
Smart toy security: How to keep your kids safe this Christmas
Apple, Google, Microsoft, and Mozilla ban Kazakhstan’s MitM HTTPS certificate
www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/#ftag=RSSbaffb68 This marks the second time browsers makers had to intervene and block a certificate used by the Kazakhstan government to spy on its citizens. The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices.