Daily NCSC-FI news followup 2021-01-21

Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä

www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta.

Ransomware is now the biggest cybersecurity concern for CISOs

www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/ A survey of chief information security officers (CISOs) and chief security officers (CSOs) by cybersecurity Proofpoint found that ransomware is now viewed as the main cybersecurity threat to their organisation over the course of the next year.

UK govt gives malware infected laptops to vulnerable students

www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/ The devices are given out for free by the government to support disadvantaged students unable to access remote education during the COVID-19 pandemic, including children and young people who have no digital devices, have only a smartphone, or share a single device with other family members. “Upon unboxing and preparing them, it was discovered that a number of the laptops were infected with a self-propagating network worm, ” according to one of the teachers.

QNAP warns users of a new crypto-miner named Dovecat infecting their devices

www.zdnet.com/article/qnap-warns-users-of-a-new-crypto-miner-named-dovecat-infecting-their-devices/ QNAP has published a security advisory today warning customers of a new malware strain named Dovecat that is currently targeting its line of network-attached storage (NAS) devices to abuse local resources and mine cryptocurrency behind users’ backs. The company said the malware is currently spreading by connecting to QNAP NAS systems left exposed online using weak passwords.

Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/ Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed. Interestingly, due to a simple mistake in their attack chain, the attackers behind the phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers. With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.

DDoS booters use Windows Remote Desktop servers to amplify attacks

www.bleepingcomputer.com/news/security/ddos-booters-use-windows-remote-desktop-servers-to-amplify-attacks/ Attacks taking advantage of this new UDP reflection/amplification attack vector by targeting Windows servers with RDP enabled on UDP/3389 have an amplification ratio of 85.9:1 and peak at ca. 750 Gbps. Around 14, 000 vulnerable Windows RDP servers are reachable over the Internet according to NETSCOUT advisory published earlier today.

Singapore widens security labelling to include all consumer IoT devices

ww.zdnet.com/article/singapore-widens-security-labelling-to-include-all-consumer-iot-devices/ Introduced last October as a voluntary programme, the Cybersecurity Labelling Scheme rates devices according to their level of cybersecurity features and will now be extended to include all consumer smart devices such as smart lights and smart printers.

Microsoft Edge gets a password generator, leaked credentials monitor

www.bleepingcomputer.com/news/security/microsoft-edge-gets-a-password-generator-leaked-credentials-monitor/ Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version.

You might be interested in …

Daily NCSC-FI news followup 2021-02-12

Tori.fissä kaksi kieroa huijausta varo tällaisia yhteydenottoja www.is.fi/digitoday/tietoturva/art-2000007799557.html Meneillään on kaksi erilaista huijauskampanjaa. Tori.fi antaa kolme turvavinkkiä. After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy hotforsecurity.bitdefender.com/blog/after-hackers-blackmailed-their-clients-finnish-therapy-firm-declares-bankruptcy-25313.html Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.. According to data collected […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Daily NCSC-FI news followup 2020-05-26

New Zealand introduces Bill to block violent extremist content www.zdnet.com/article/new-zealand-introduces-bill-to-block-violent-extremist-content/ It would make livestreaming of objectionable content a criminal offence, censorship calls will be made immediately, and take-down notices will be backed by law. YK: kyberiskuissa roimaa kasvua supervalta boikotoi kokousta www.tivi.fi/uutiset/tv/b9faeb00-ec81-42a1-ba54-18f88164034f YK varoitti perjantaina kyberrikosten olevan kasvussa koronapandemian aikana. YK:n epävirallisessa turvallisuusneuvoston kokouksessa perjantaina […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.