Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta”

www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota.

China’s APT hackers move to ransomware attacks

www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/ Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse. Lisäksi:

medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e. Lisäksi:

shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf

Slack suffers its first massive outage of 2021

www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/ As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved. Lisäksi: status.slack.com/. Lisäksi:

www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error. Lisäksi: www.theregister.com/2021/01/04/slack_down/

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain.. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months.. Lisäksi: Interpol:

www.interpol.int/en/News-and-Events/News/2020/INTERPOL-warns-of-organized-crime-threat-to-COVID-19-vaccines

Internet Bank Account Takeover of +1M Users Without User Interaction

medium.com/bugbountywriteup/internet-bank-account-takeover-of-1m-users-without-user-interaction-75bd184936c5 OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Zend Framework remote code execution vulnerability revealed

www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/ An untrusted deserialization vulnerability disclosed this week in Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites. This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.

Citrix adds NetScaler ADC setting to block recent DDoS attacks

www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/ Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.

Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500, 000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.

Malware uses WiFi BSSID for victim identification

www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location.

You might be interested in …

Daily NCSC-FI news followup 2020-01-01

Chrome extension caught stealing crypto-wallet private keys www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/ A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

Read More

Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. Microsoft warns of new BlueKeeplike flaws www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in […]

Read More

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.