Kyberharjoitusskenaariot 2021 – uusia ideoita kyberharjoituksiin
www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoitusskenaariot-2021-uusia-ideoita-kyberharjoituksiin Uusi Kyberharjoitusskenaariot 2021 -julkaisumme sisältää todentuntuisia kyberuhkia maksujärjestelmän tietovuodosta laajamittaiseen epidemiaan. Skenaarioiden tarkoitus on auttaa organisaatioita löytämään itselleen sopivimmat uhkakuvat, joiden torjumista ne voivat harjoitella.
WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION
www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. Also:
www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/. Also:
krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/. Also: yle.fi/uutiset/3-11759178. Also:
www.theregister.com/2021/01/27/emotet_botnet_taken_down_europol/
Tällainen on suomalaisten puhelimiin parhaillaan levitettävä haittaohjelma “Voidaan puhua epidemiasta”
www.is.fi/digitoday/tietoturva/art-2000007764380.html Suomalaisten puhelimiin levitetään haittaohjelmaa tekstiviestillä, jota lähetetään Postin nimissä. Viestissä oleva linkki ohjaa verkkosivulle, joka yrittää asentaa Android-puhelimiin haittaohjelman. IPhone-käyttäjiin isketään toisella tavalla. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Ville Kontinen kertoo, että nyt aktiivinen levityskampanja on ollut käynnissä vuodenvaihteesta alkaen.
Vanha puhelimesi kiinnostaa rikollisia nämä laitteet kannattaa tuhota huolellisesti, jos et halua tietojasi vääriin käsiin
yle.fi/uutiset/3-11756262 Tietomurrot ovat lisänneet kuluttajien tietoisuutta datalaitteiden oikeaoppisesta hävittämisestä.
Ehkä jopa 32 000 Vastaamon potilaan tiedot ilmestyivät viime yönä Tor-verkkoon poliisi: “Emme tiedä, monenko käsissä tietokanta on”
yle.fi/uutiset/3-11757676 Ainakin osa julkaistuista potilastiedoista on aitoja eli luultavasti peräisin Vastaamon tietomurrosta. Also:
www.is.fi/digitoday/tietoturva/art-2000007765480.html. Also:
www.tivi.fi/uutiset/tv/1858de83-77c0-45b8-99db-be668fd56876. Also: www.is.fi/digitoday/tietoturva/art-2000007765875.html. Also:
Apple critical patches fix in-the-wild iPhone exploits update now!
nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/ Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. Also:
www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:
www.forbes.com/sites/kateoflahertyuk/2021/01/27/ios-144-update-now-warning-issued-to-all-iphone-users/. Also: www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:
www.zdnet.com/article/apple-fixes-another-three-ios-zero-days-exploited-in-the-wild/. Also: www.is.fi/digitoday/tietoturva/art-2000007765612.html. Also:
www.tivi.fi/uutiset/tv/f3189bf1-34e7-4fb9-952d-9917b4563162. Also:
thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html. Also: cyber.gc.ca/en/alerts/apple-security-advisory-23. Also:
www.kyberturvallisuuskeskus.fi/fi/apple-korjasi-ios-144-paivityksella-vakavia-haavoittuvuuksia
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html The attack starts with an email imitating DHL, as seen in Figure 1. The email tries to trick the recipient into clicking on a link, which would take them to a fake DHL website. In Figure 2, we can see the fake page asking for credit card details that, if submitted, would give the user a generic response while in the background the credit card data is shared with the attackers.
Australian men extradited to US over $65m mobile phone scam
ASIC reports server breached via Accellion vulnerability
www.zdnet.com/article/asic-reports-server-breached-via-accellion-vulnerability/ “This incident is related to Accellion software used by ASIC to transfer files and attachments, ” the corporate regulator said in a notice posted on the evening before a public holiday.
23M Gamer Records Exposed in VIPGames Leak
threatpost.com/gamer-records-exposed-vipgames-leak/163352/ The personal data of 66, 000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. In this case, the site’s unprotected server leaked more than 30GB of data containing 23 million individual records, including usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and even data on players who were banned from the platform, WizCase said.
Top Cyber Attacks of 2020
thehackernews.com/2021/01/top-cyber-attacks-of-2020.html Attack 1: Fraudulent unemployment claims rise in response to the pandemic. Attack 2: T-Mobile breach exposes sensitive customer datatwice. Attack 3: Hackers try to meddle with the coronavirus pandemic response. Attack 4: The FireEye attack that exposed a major breach of the U.S. government
Today’s ‘sophisticated cyber attack’ victim is the Woodland Trust: Pre-Xmas breach under investigation
www.theregister.com/2021/01/27/woodland_trust_cyber_attack/ Read also: www.woodlandtrust.org.uk/security-incident/
Mimecast links security breach to SolarWinds hackers
www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/ Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. Also:
www.mimecast.com/blog/important-security-update/
Bypassing the Protections MFA Bypass Techniques for the Win
blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab
Here’s how a researcher broke into Microsoft VS Code’s GitHub
www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/ This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code.
How We Hacked Azure Functions and Escaped Docker
www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/ After an internal assessment, Microsoft has determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host.
Google’s Project Zero discovered that a security flaw might have allowed hackers to eavesdrop on Android users. After an investigation conducted by cybersecurity researcher Natalie Silvanovich, the expert discovered vulnerabilities in many apps with 10M+ installs on Google Play that accept incoming calls
www.pandasecurity.com/en/mediacenter/mobile-news/vulnerability-messaging-apps/ The affected applications include hugely popular apps such as Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. She described her findings in a Project Zero blog post.
Using the Manager Attribute in Active Directory (AD) for Password Resets
thehackernews.com/2021/01/using-manager-attribute-in-active.html Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic.
cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool. TeamTNT delivers malware with new detection evasion tool. AT&T Alien Labs has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.
Insurers defend covering ransomware payments
www.bbc.com/news/technology-55811165 Also:
www.zdnet.com/article/uk-association-defends-ransomware-payments-in-cyber-insurance-policies/. Also:
www.tivi.fi/uutiset/tv/ff49c07f-7626-4027-a9dd-c7cc102fe9f3
Are.club Websites Unsafe? This Security Firm Says So
www.forbes.com/sites/barrycollins/2021/01/27/are-club-websites-unsafe-this-security-firm-says-so/
Iran blocks Signal messaging app after WhatsApp exodus
www.aljazeera.com/news/2021/1/26/iran-blocks-signal-messaging-app-after-whatsapp-exodus Iran’s government has moved to block Signal after Iranians flocked to the messaging platform following privacy concerns from Facebook-owned WhatsApp.
New Google cloud service aims to bring zero trust security to the web
www.zdnet.com/article/google-new-cloud-service-aims-to-bring-zero-trust-security-to-the-web/ Google launches BeyondCorp Enterprise, a new enterprise security service.
Russian Hacker Pleads Guilty to Administering a Website that Catered to Criminals
www.justice.gov/usao-sdca/pr/russian-hacker-pleads-guilty-administering-website-catered-criminals Kirill Victorovich Firsov, a Russian citizen, pleaded guilty in federal court today to a cybercrime, admitting that he was the administrator of a website that catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information and services to be used for criminal activity.
5G-verkko puhuttaa enemmän kuin aiemmat Säteilyturvakeskuksen mukaan säteilyn raja-arvojen ja terveyshaittojen välille jää reilu turvaväli
yle.fi/uutiset/3-11757881 Tutkimusta aiempien sukupolvien verkoista voidaan STUKin mukaan soveltaa luotettavasti myös 5G:hen, jonka osalta terveysvaikutusten tutkimus on vasta alkutaipaleella.
Ransomware: Should Governments Hack Cybercrime Cartels?
www.bankinfosecurity.com/ransomware-should-governments-hack-cybercrime-cartels-a-15861 Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted