Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta”

www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota.

China’s APT hackers move to ransomware attacks

www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/ Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse. Lisäksi:

medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e. Lisäksi:


Slack suffers its first massive outage of 2021

www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/ As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved. Lisäksi: status.slack.com/. Lisäksi:

www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error. Lisäksi: www.theregister.com/2021/01/04/slack_down/

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain.. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months.. Lisäksi: Interpol:


Internet Bank Account Takeover of +1M Users Without User Interaction

medium.com/bugbountywriteup/internet-bank-account-takeover-of-1m-users-without-user-interaction-75bd184936c5 OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Zend Framework remote code execution vulnerability revealed

www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/ An untrusted deserialization vulnerability disclosed this week in Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites. This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.

Citrix adds NetScaler ADC setting to block recent DDoS attacks

www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/ Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.

Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500, 000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.

Malware uses WiFi BSSID for victim identification

www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location.

You might be interested in …

Daily NCSC-FI news followup 2020-03-14

Etätyö kaatoi valtion salatun verkkoyhteyden työntekijöiltä estetään Facebookiin pääsy ensi viikolla yle.fi/uutiset/3-11255717 Moni työpaikka kehottaa nyt tekemään etätöitä koronaviruksen leviämisen estämiseksi. Salattuja eli VPN-verkkoyhteyksiä ei ole kuitenkaan suunniteltu siten, että suurin osa työntekijöistä olisi etätöissä. Silloin ne saattavat kaatua. Kapasiteettia kuormittaa käyttäjämäärän lisäksi se, mitä käyttäjät tekevät verkossa. Esimerkiksi videoiden katsominen kuormittaa verkkoa. Keskisuurissa ja […]

Read More

Daily NCSC-FI news followup 2020-05-10

Microsoft adds protection against Reply-All email storms in Office 365 www.zdnet.com/article/microsoft-adds-protection-against-reply-all-email-storms-in-office-365/ Microsoft rolled out this week a new feature to Office 365 customers to help their IT staff detect and stop “Reply-All email storms.”. The term refers to situations when employees use the Reply-All option in mass-mailed emails, such as company-wide notifications. Sodinokibi ransomware can […]

Read More

Daily NCSC-FI news followup 2020-04-03

A hacker has wiped, defaced more than 15,000 Elasticsearch servers www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/ For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.