Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta”
www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota.
China’s APT hackers move to ransomware attacks
www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/ Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse. Lisäksi:
medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e. Lisäksi:
shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf
Slack suffers its first massive outage of 2021
www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/ As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved. Lisäksi: status.slack.com/. Lisäksi:
www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error. Lisäksi: www.theregister.com/2021/01/04/slack_down/
Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email
www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain.. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months.. Lisäksi: Interpol:
Internet Bank Account Takeover of +1M Users Without User Interaction
medium.com/bugbountywriteup/internet-bank-account-takeover-of-1m-users-without-user-interaction-75bd184936c5 OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Zend Framework remote code execution vulnerability revealed
www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/ An untrusted deserialization vulnerability disclosed this week in Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites. This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.
Citrix adds NetScaler ADC setting to block recent DDoS attacks
www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/ Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic
threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500, 000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.
Malware uses WiFi BSSID for victim identification
www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location.