Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta”

www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota.

China’s APT hackers move to ransomware attacks

www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/ Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse. Lisäksi:

medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e. Lisäksi:

shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf

Slack suffers its first massive outage of 2021

www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/ As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved. Lisäksi: status.slack.com/. Lisäksi:

www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error. Lisäksi: www.theregister.com/2021/01/04/slack_down/

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain.. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months.. Lisäksi: Interpol:

www.interpol.int/en/News-and-Events/News/2020/INTERPOL-warns-of-organized-crime-threat-to-COVID-19-vaccines

Internet Bank Account Takeover of +1M Users Without User Interaction

medium.com/bugbountywriteup/internet-bank-account-takeover-of-1m-users-without-user-interaction-75bd184936c5 OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Zend Framework remote code execution vulnerability revealed

www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/ An untrusted deserialization vulnerability disclosed this week in Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites. This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.

Citrix adds NetScaler ADC setting to block recent DDoS attacks

www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/ Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.

Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500, 000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.

Malware uses WiFi BSSID for victim identification

www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location.

You might be interested in …

Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination www.securityfocus.com/archive/1/542248 CISA Publishes 2020 Chemical Security Presentations www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others. Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese […]

Read More

Daily NCSC-FI news followup 2021-07-18

Japan Has Shattered the Internet Speed Record at 319 Terabits per Second interestingengineering.com/japan-shattered-internet-speed-record-319-terabits The new record was made on a line of fibers more than 3, 000 km long. It’s nearly double the previous record of 178 Tb/s, which was set in 2020. And it’s seven times the speed of the earlier record of 44.2 […]

Read More

Daily NCSC-FI news followup 2021-06-02

Ransomware: What board members should know and what they should be asking their technical experts www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards. This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.