Daily NCSC-FI news followup 2021-01-27

Kyberharjoitusskenaariot 2021 – uusia ideoita kyberharjoituksiin

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoitusskenaariot-2021-uusia-ideoita-kyberharjoituksiin Uusi Kyberharjoitusskenaariot 2021 -julkaisumme sisältää todentuntuisia kyberuhkia maksujärjestelmän tietovuodosta laajamittaiseen epidemiaan. Skenaarioiden tarkoitus on auttaa organisaatioita löytämään itselleen sopivimmat uhkakuvat, joiden torjumista ne voivat harjoitella.

WORLD’S MOST DANGEROUS MALWARE EMOTET DISRUPTED THROUGH GLOBAL ACTION

www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. Also:

www.bleepingcomputer.com/news/security/emotet-botnet-disrupted-after-global-takedown-operation/. Also:

www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/. Also:

krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/. Also: yle.fi/uutiset/3-11759178. Also:

www.theregister.com/2021/01/27/emotet_botnet_taken_down_europol/

Tällainen on suomalaisten puhelimiin parhaillaan levitettävä haittaohjelma “Voidaan puhua epidemiasta”

www.is.fi/digitoday/tietoturva/art-2000007764380.html Suomalaisten puhelimiin levitetään haittaohjelmaa tekstiviestillä, jota lähetetään Postin nimissä. Viestissä oleva linkki ohjaa verkkosivulle, joka yrittää asentaa Android-puhelimiin haittaohjelman. IPhone-käyttäjiin isketään toisella tavalla. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Ville Kontinen kertoo, että nyt aktiivinen levityskampanja on ollut käynnissä vuodenvaihteesta alkaen.

Vanha puhelimesi kiinnostaa rikollisia nämä laitteet kannattaa tuhota huolellisesti, jos et halua tietojasi vääriin käsiin

yle.fi/uutiset/3-11756262 Tietomurrot ovat lisänneet kuluttajien tietoisuutta datalaitteiden oikeaoppisesta hävittämisestä.

Ehkä jopa 32 000 Vastaamon potilaan tiedot ilmestyivät viime yönä Tor-verkkoon poliisi: “Emme tiedä, monenko käsissä tietokanta on”

yle.fi/uutiset/3-11757676 Ainakin osa julkaistuista potilastiedoista on aitoja eli luultavasti peräisin Vastaamon tietomurrosta. Also:

www.is.fi/digitoday/tietoturva/art-2000007765480.html. Also:

www.tivi.fi/uutiset/tv/1858de83-77c0-45b8-99db-be668fd56876. Also: www.is.fi/digitoday/tietoturva/art-2000007765875.html. Also:

www.kauppalehti.fi/uutiset/vastaamon-anastetut-potilastiedot-vuotivat-julki-yle-jopa-30-000-suomalaisen-tietoja-esilla-pimeassa-verkossa/f9027016-fb5b-4cc7-86ac-381c167f592f

Apple critical patches fix in-the-wild iPhone exploits update now!

nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/ Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. Also:

www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:

www.forbes.com/sites/kateoflahertyuk/2021/01/27/ios-144-update-now-warning-issued-to-all-iphone-users/. Also: www.theregister.com/2021/01/26/apple_ios_zero_days/. Also:

www.zdnet.com/article/apple-fixes-another-three-ios-zero-days-exploited-in-the-wild/. Also: www.is.fi/digitoday/tietoturva/art-2000007765612.html. Also:

www.tivi.fi/uutiset/tv/f3189bf1-34e7-4fb9-952d-9917b4563162. Also:

thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html. Also: cyber.gc.ca/en/alerts/apple-security-advisory-23. Also:

www.kyberturvallisuuskeskus.fi/fi/apple-korjasi-ios-144-paivityksella-vakavia-haavoittuvuuksia

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html The attack starts with an email imitating DHL, as seen in Figure 1. The email tries to trick the recipient into clicking on a link, which would take them to a fake DHL website. In Figure 2, we can see the fake page asking for credit card details that, if submitted, would give the user a generic response while in the background the credit card data is shared with the attackers.

Australian men extradited to US over $65m mobile phone scam

www.watoday.com.au/national/australian-men-accused-over-us-50m-scam-in-america-s-biggest-phone-fraud-20210127-p56x8u.html

ASIC reports server breached via Accellion vulnerability

www.zdnet.com/article/asic-reports-server-breached-via-accellion-vulnerability/ “This incident is related to Accellion software used by ASIC to transfer files and attachments, ” the corporate regulator said in a notice posted on the evening before a public holiday.

23M Gamer Records Exposed in VIPGames Leak

threatpost.com/gamer-records-exposed-vipgames-leak/163352/ The personal data of 66, 000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds. In this case, the site’s unprotected server leaked more than 30GB of data containing 23 million individual records, including usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and even data on players who were banned from the platform, WizCase said.

Top Cyber Attacks of 2020

thehackernews.com/2021/01/top-cyber-attacks-of-2020.html Attack 1: Fraudulent unemployment claims rise in response to the pandemic. Attack 2: T-Mobile breach exposes sensitive customer datatwice. Attack 3: Hackers try to meddle with the coronavirus pandemic response. Attack 4: The FireEye attack that exposed a major breach of the U.S. government

Today’s ‘sophisticated cyber attack’ victim is the Woodland Trust: Pre-Xmas breach under investigation

www.theregister.com/2021/01/27/woodland_trust_cyber_attack/ Read also: www.woodlandtrust.org.uk/security-incident/

Mimecast links security breach to SolarWinds hackers

www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/ Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. Also:

www.mimecast.com/blog/important-security-update/

Bypassing the Protections MFA Bypass Techniques for the Win

blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab

Here’s how a researcher broke into Microsoft VS Code’s GitHub

www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/ This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code.

How We Hacked Azure Functions and Escaped Docker

www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/ After an internal assessment, Microsoft has determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host.

Google’s Project Zero discovered that a security flaw might have allowed hackers to eavesdrop on Android users. After an investigation conducted by cybersecurity researcher Natalie Silvanovich, the expert discovered vulnerabilities in many apps with 10M+ installs on Google Play that accept incoming calls

www.pandasecurity.com/en/mediacenter/mobile-news/vulnerability-messaging-apps/ The affected applications include hugely popular apps such as Facebook Messenger, Signal, Google Duo, JioChat, and Mocha. She described her findings in a Project Zero blog post.

Using the Manager Attribute in Active Directory (AD) for Password Resets

thehackernews.com/2021/01/using-manager-attribute-in-active.html Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic.

cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool. TeamTNT delivers malware with new detection evasion tool. AT&T Alien Labs has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.

Insurers defend covering ransomware payments

www.bbc.com/news/technology-55811165 Also:

www.zdnet.com/article/uk-association-defends-ransomware-payments-in-cyber-insurance-policies/. Also:

www.tivi.fi/uutiset/tv/ff49c07f-7626-4027-a9dd-c7cc102fe9f3

Are.club Websites Unsafe? This Security Firm Says So

www.forbes.com/sites/barrycollins/2021/01/27/are-club-websites-unsafe-this-security-firm-says-so/

Iran blocks Signal messaging app after WhatsApp exodus

www.aljazeera.com/news/2021/1/26/iran-blocks-signal-messaging-app-after-whatsapp-exodus Iran’s government has moved to block Signal after Iranians flocked to the messaging platform following privacy concerns from Facebook-owned WhatsApp.

New Google cloud service aims to bring zero trust security to the web

www.zdnet.com/article/google-new-cloud-service-aims-to-bring-zero-trust-security-to-the-web/ Google launches BeyondCorp Enterprise, a new enterprise security service.

Russian Hacker Pleads Guilty to Administering a Website that Catered to Criminals

www.justice.gov/usao-sdca/pr/russian-hacker-pleads-guilty-administering-website-catered-criminals Kirill Victorovich Firsov, a Russian citizen, pleaded guilty in federal court today to a cybercrime, admitting that he was the administrator of a website that catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information and services to be used for criminal activity.

5G-verkko puhuttaa enemmän kuin aiemmat Säteilyturvakeskuksen mukaan säteilyn raja-arvojen ja terveyshaittojen välille jää reilu turvaväli

yle.fi/uutiset/3-11757881 Tutkimusta aiempien sukupolvien verkoista voidaan STUKin mukaan soveltaa luotettavasti myös 5G:hen, jonka osalta terveysvaikutusten tutkimus on vasta alkutaipaleella.

Ransomware: Should Governments Hack Cybercrime Cartels?

www.bankinfosecurity.com/ransomware-should-governments-hack-cybercrime-cartels-a-15861 Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted

You might be interested in …

Daily NCSC-FI news followup 2020-10-25

Presidentti Niinistö Vastaamon tietomurrosta: Tämä koskettaa meitä kaikkia yle.fi/uutiset/3-11612492 Tasavallan presidentti Sauli Niinistön mukaan jokaisen on torjuttava rikollisesti saatu tieto. Tasavallan presidentti Sauli Niinistö sanoo Vastaamon tietomurron herättävän suurta vastenmielisyyttä tekoa kohtaan, jota Niinistö kutsuu säälimättömän julmaksi. – Tämä koskettaa meitä kaikkia. Jokaisesta meistä kertyy tietoa jatkuvasti eri alustoille. Se koskee meitä myös niin, että […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Daily NCSC-FI news followup 2020-01-22

The Guardian: Amazonin perustajan puhelimeen lähetetty hakkerointitiedosto näyttää tulleen Saudi-Arabian kruununprinssiltä yle.fi/uutiset/3-11169416 Verkkokauppa Amazonin perustajan Jeff Bezosin puhelimen hakkerointiin käytetty tiedosto vaikuttaa tulleen Saudi-Arabian kruununprinssin Mohammed bin Salmanin henkilökohtaiselta tililtä, brittiläinen The Guardian -sanomalehti kirjoittaa. The Guardian artikkeli: www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince Glenn Greenwald Charged With Cybercrimes in Brazil www.nytimes.com/2020/01/21/world/americas/glenn-greenwald-brazil-cybercrimes.html Federal prosecutors in Brazil on Tuesday charged the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.