Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta”

www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota.

China’s APT hackers move to ransomware attacks

www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/ Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse. Lisäksi:

medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e. Lisäksi:


Slack suffers its first massive outage of 2021

www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/ As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved. Lisäksi: status.slack.com/. Lisäksi:

www.theverge.com/2021/1/4/22213105/slack-outage-down-2021-server-error. Lisäksi: www.theregister.com/2021/01/04/slack_down/

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

www.zdnet.com/article/be-warned-covid-19-vaccine-scams-are-now-appearing-online-over-text-and-over-email Over the past few weeks, scammers and other threat actors have launched their own programs: not for public health, but to steal personal information, conduct identity theft, scam victims, and all with the potential for criminal financial gain.. In December, Interpol warned that law enforcement should be prepared to deal with COVID-19-related scams and cybercrime over the coming months.. Lisäksi: Interpol:


Internet Bank Account Takeover of +1M Users Without User Interaction

medium.com/bugbountywriteup/internet-bank-account-takeover-of-1m-users-without-user-interaction-75bd184936c5 OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Zend Framework remote code execution vulnerability revealed

www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/ An untrusted deserialization vulnerability disclosed this week in Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites. This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.

Citrix adds NetScaler ADC setting to block recent DDoS attacks

www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/ Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol utilized to secure and to prevent eavesdropping and tampering in delay-sensitive apps and services.

Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

threatpost.com/game-publishers-hit-by-leaked-credentials/162725/ Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500, 000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.

Malware uses WiFi BSSID for victim identification

www.zdnet.com/article/malware-uses-wifi-bssid-for-victim-identification Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location.

You might be interested in …

Daily NCSC-FI news followup 2021-09-30

Rikolliset urkkivat suomalaisten pankkitunnuksia ota talteen vinkit turvalliseen asiointiin www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia Kela, Keskusrikospoliisi ja Kyberturvallisuuskeskus kehottavat huolellisuuteen verkkopalveluihin kirjautumisessa. Rikolliset kalastelevat pankkitunnuksia suomalaisten pankkien ja Omakanta-palvelun nimissä. Asioithan verkossa turvallisesti ja tunnista huijaukset. Kerro huijauksista myös läheisillesi. GhostEmperor: From ProxyLogon to kernel mode securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ While investigating a recent rise of attacks against Exchange servers, we noticed […]

Read More

Daily NCSC-FI news followup 2020-01-04

Police Tracked a Terror Suspect Until His Phone Went Dark After a Facebook Warning www.morningstar.com/news/dow-jones/202001026663/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning WhatsApp, Facebook Inc.’s popular messaging tool, had just notified about 1,400 users — among them the suspected terrorist — that their phones had been hacked by an “advanced cyber actor.” An elite surveillance team was using spyware from NSO Group, […]

Read More

Daily NCSC-FI news followup 2019-11-04

Chrome bug squashed, QNAP NAS nasty hits, BlueKeep malware spreads, and more www.theregister.co.uk/2019/11/04/security_roundup_november1/ Including Spanish camgirl sites spill info, domain registrars hacked Happy Birthday, CVE! Naked Security nationalcybersecurity.com/happy-birthday-cve-naked-security/ It was October 1999. Macs had just got embedded Wi-Fi, Napster had launched, and Yahoo had purchased Geocities for $3.6bn. Something else happened that escaped most computer […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.