Daily NCSC-FI news followup 2021-01-02

The Week in Ransomware – January 1st 2021 – New Year Edition

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-1st-2021-new-year-edition/ This holiday edition cover the latest ransomware news from the past two weeks, including known ransomware attacks and law enforcement takedowns. Over the past two weeks, we have seen ransomware attacks on scent and flavor designed Symrise, FreePBX developer Sangoma, trucking giant Air Forward, and home appliance maker Whirlpool,

Extracting Security Products from SUNBURST DNS Beacons

www.netresec.com/?page=Blog&month=2020-12&post=Extracting-Security-Products-from-SUNBURST-DNS-Beacons The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS queries for “avsvmcloud.com” subdomains, which is used by SUNBURST as a beacon and C2 channel.

Koronavilkku-sovellus yhteentoimivaksi muiden EU/Eta-maiden sovellusten kanssa

stm.fi/-/koronavilkku-sovellus-yhteentoimivaksi-muiden-eu-eta-maiden-sovellusten-kanssa Koronavilkku-sovelluksesta tulee yhteentoimiva muissa EU/Eta-maissa tai Sveitsissä kehitettyjen sovellusten kanssa. Päivitys tulee loppiaisen jälkeen. Lisäksi:

www.is.fi/digitoday/mobiili/art-2000007712308.html

Revenge RAT targeting users in South America

www.uptycs.com/blog/revenge-rat-targeting-users-in-south-america The Uptycs threat research team recently came across multiple document samples that download Revenge RAT. The campaign currently seems to be active in Brazil.

Pirate Site Search Traffic Tanked Following Google Updates

torrentfreak.com/pirate-site-search-traffic-tanked-following-google-updates-210101/ Pirate sites lost quite a bit of traffic in 2020. A detailed analysis of the yearly trend shows that visitors from search engines dropped by roughly a third. Interestingly, it appears that Google’s algorithm updates did most of the damage.

You might be interested in …

Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/ Zoom reverses course to kill off Mac local web server www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more. New FinSpy iOS and Android implants revealed ITW securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is […]

Read More

Daily NCSC-FI news followup 2019-08-22

TechCrunch: T-Mobile hit by hours-long nationwide outage techcrunch.com/2019/08/21/t-mobile-outage/ Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi” yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin. Fonectalla laaja tietovuoto: Tavallisella käyttäjä­tunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arka­luontoisiin henkilö­tietoihin www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on […]

Read More

Daily NCSC-FI news followup 2020-07-29

www.zdnet.com/article/hacker-gang-behind-garmin-attack-doesnt-have-a-history-of-stealing-user-data ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot The vulnerability, codenamed BootHole, allows attackers to tamper with the boot-loading process that precedes starting up the actual operating system (OS). Lisäksi: kb.cert.org/vuls/id/174059 ja www.openwall.com/lists/oss-security/2020/07/29/3. Lisäksi: www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/ ja www.theregister.com/2020/07/29/grub2_code_exec_flaw/ ja eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ APT reports – APT trends report Q2 2020 securelist.com/apt-trends-report-q2-2020/97937/ For […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.