Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten

www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa 2020. Intensiiviharjoituksia on järjestetty toimialoittain. Kaikkiaan edustettuna on ollut 128 organisaatiota, 12 toimialaa, ja harjoitteluun on käytetty 10 000 työtuntia.

OpenWRT Forum user data stolen in weekend data breach

www.bleepingcomputer.com/news/security/openwrt-forum-user-data-stolen-in-weekend-data-breach/ The intruder used the account of an OpenWRT administrator. The intruder used the account of an OpenWRT administrator. Although the account had “a good password, ” additional security provided by two-factor authentication (2FA) was not active. Email addresses and handles of the forum users have been stolen, the moderators say. They add that they believe the attacker was not able to download the forum database, meaning that passwords should be safe.

BitLocker Lockscreen bypass

secret.club/2021/01/15/bitlocker-bypass.html Given a Windows 10 system without known passwords and a BitLocker-protected hard drive, an administrator account could be added. Note: This attack works only when no BitLocker password/pin is required prior to login screen.

Medical Device Security: Diagnosis Critical

threatpost.com/medical-device-security/163127/ Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced. Last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued more than a half-dozen warnings tied to connected drug pumps alone. Vulnerabilities found in pumps made by Baxter International and Becton Dickinson Alaris System, for example, could be exploited to launch a DDoS attack, alter system configurations or siphon off patient data.

Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack

www.zdnet.com/article/google-cloud-we-do-use-some-solarwinds-but-we-werent-affected-by-mega-hack/ Google’s first CISO explains how you avoid being owned by hackers engaged in supply chain attacks. “Based on what is known about the attack today, we are confident that no Google systems were affected by the SolarWinds event, ” [the CISO] said in a blogpost. Google:

cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely

You might be interested in …

Daily NCSC-FI news followup 2020-12-27

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. Koei Tecmo discloses data breach after hacker leaks stolen data www.bleepingcomputer.com/news/security/koei-tecmo-discloses-data-breach-after-hacker-leaks-stolen-data/ Japanese game developer Koei Tecmo has disclosed […]

Read More

Daily NCSC-FI news followup 2020-07-04

Hackers are trying to steal admin passwords from F5 BIG-IP devices www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/#ftag=RSSbaffb68 In an interview earlier today, [NCC group researcher] Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices. New Behave! extension warns of website port scans, local attacks www.bleepingcomputer.com/news/security/new-behave-extension-warns-of-website-port-scans-local-attacks/ A new browser […]

Read More

Daily NCSC-FI news followup 2020-05-23

The Week in Ransomware – May 22nd 2020 – Constantly Innovating www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-22nd-2020-constantly-innovating/ Ransomware operators continue to leak data for their victims and develop new ways to infect victims without being detected by security software. This week, we saw Snake ransomware leak data from Fresenius Medical Care, and REvil claims to have a buyer for the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.