Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä
www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta.
Ransomware is now the biggest cybersecurity concern for CISOs
www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/ A survey of chief information security officers (CISOs) and chief security officers (CSOs) by cybersecurity Proofpoint found that ransomware is now viewed as the main cybersecurity threat to their organisation over the course of the next year.
UK govt gives malware infected laptops to vulnerable students
www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/ The devices are given out for free by the government to support disadvantaged students unable to access remote education during the COVID-19 pandemic, including children and young people who have no digital devices, have only a smartphone, or share a single device with other family members. “Upon unboxing and preparing them, it was discovered that a number of the laptops were infected with a self-propagating network worm, ” according to one of the teachers.
QNAP warns users of a new crypto-miner named Dovecat infecting their devices
www.zdnet.com/article/qnap-warns-users-of-a-new-crypto-miner-named-dovecat-infecting-their-devices/ QNAP has published a security advisory today warning customers of a new malware strain named Dovecat that is currently targeting its line of network-attached storage (NAS) devices to abuse local resources and mine cryptocurrency behind users’ backs. The company said the malware is currently spreading by connecting to QNAP NAS systems left exposed online using weak passwords.
Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight
blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/ Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed. Interestingly, due to a simple mistake in their attack chain, the attackers behind the phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers. With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.
DDoS booters use Windows Remote Desktop servers to amplify attacks
www.bleepingcomputer.com/news/security/ddos-booters-use-windows-remote-desktop-servers-to-amplify-attacks/ Attacks taking advantage of this new UDP reflection/amplification attack vector by targeting Windows servers with RDP enabled on UDP/3389 have an amplification ratio of 85.9:1 and peak at ca. 750 Gbps. Around 14, 000 vulnerable Windows RDP servers are reachable over the Internet according to NETSCOUT advisory published earlier today.
Singapore widens security labelling to include all consumer IoT devices
ww.zdnet.com/article/singapore-widens-security-labelling-to-include-all-consumer-iot-devices/ Introduced last October as a voluntary programme, the Cybersecurity Labelling Scheme rates devices according to their level of cybersecurity features and will now be extended to include all consumer smart devices such as smart lights and smart printers.
Microsoft Edge gets a password generator, leaked credentials monitor
www.bleepingcomputer.com/news/security/microsoft-edge-gets-a-password-generator-leaked-credentials-monitor/ Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version.