Daily NCSC-FI news followup 2020-12-22

Kyberturvallisuuskeskuksen uusi julkaisu: Opas tietomurtojen havaitsemiseen

www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen Tässä ohjeessa keskitytään erityisesti tietomurron havaitsemiseen lokitietojen avulla. Esimerkkeinä käytetään Windows Event Log – -­tapahtumalokeja tai muita Windows-­käyttöjärjestelmän lokitapahtumia. Valittuja esimerkkitapahtumia on havaittu tutkituissa tietomurroista tunkeutujien jäljiltä. PDF:

www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Opas-tietomurtojen-havaitsemiseen.pdf

SolarWinds hackers breached US Treasury officials’ email accounts

www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/ US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. The statement was issued after the US Treasury Department and the Internal Revenue Service (IRS) briefed the Committee staff on the SolarWinds supply chain attack.

Microsoft Security Response Center: Solorigate Resource Center

msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/

Law enforcement take down three bulletproof VPN providers

www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/ Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. The three services were active at insorg[.]org, safe-inet[.]com, and safe-inet[.]net before the domains were seized and replaced with law enforcement banners on Monday.

UK cryptocurrency exchange EXMO suffers breach, funds stolen

grahamcluley.com/uk-cryptocurrency-exchange-exmo-suffers-breach-funds-stolen/

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

threatpost.com/nosy-exes-passwords-serious-threat/162533/ Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge a handful for malicious reasons. Get help for this: Disobey Outreach Guides – www.outrch.org/

Microsoft and McAfee headline newly-formed ‘Ransomware Task Force’

www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/ A group made up of 19 security firms, tech companies, and non-profits, headlined by big names such as Microsoft and McAfee, have announced on Monday plans to form a new coalition to deal with the rising threat of ransomware. The Ransomware Task Force website, including full membership details and leadership roles, will be launched next month, in January 2021, followed by a two-to-three month sprint to get the task force off the ground.

Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group

threatpost.com/tech-giants-lend-whatsapp-support-in-spyware-case-against-nso-group/162552/ Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities. Electronic Frontier Foundation (EFF) filed an amicus brief of its own to support WhatsApp, asserting that the case is not merely a battle of tech companies, but has a potential outcome that will have “profound implications for millions of Internet users and other citizens of countries around the world.”. Also:

venturebeat.com/2020/12/22/microsoft-and-google-join-facebooks-legal-battle-against-hacking-company-nso/

Cybersecurity errors at Nakatomi

www.kaspersky.com/blog/die-hard-cybersecurity/38169/ We examine the first installment in the Die Hard series from a cybersecurity standpoint.

You might be interested in …

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Read More

[NCSC-FI News] Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group

In recent months, we observed likely network intrusions targeting at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China […]

Read More

[NCSC-FI News] Twisted Panda: Check Point Research unveils a Chinese APT espionage campaign against Russian state-owned defense institutes

In the past two months, Check Point Research (CPR) observed multiple APT groups attempting to leverage the Russia and Ukraine conflict and sanctions against Russian companies as baits for espionage operations It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.