Daily NCSC-FI news followup 2021-01-29

“Kun Vastaamo-tiedosto poistetaan yhdestä paikasta, se ilmestyy kahteen uuteen” poliisilta vahva vetoomus netin käyttäjille

www.is.fi/digitoday/tietoturva/art-2000007768820.html Vastaamo-tietojen jakaminen ja uudelleenjulkaiseminen on avannut uuden haaran keskusrikospoliisin tutkinnassa. Poliisi peräänkuuluttaa verkon käyttäjiltä yhteiskuntavastuuta. Poliisi vetoaa kansalaisiin, etteivät nämä koskisi Vastaamo-tiedostoon tai jakaisi sitä eteenpäin. Sillä saattaa olla rikosoikeudellisia seurauksia, mutta kyse on myös vastuullisuudesta. – Poliisi korostaa tässä yhteiskuntavastuuta. Asiaa kannattaa miettiä siltä kanalta, että mitä jos olisi itse jaettujen tietojen joukossa, Leponen sanoo.

1 381 569 suomalaista puhelinnumeroa väärissä käsissä näin neuvoo asiantuntija

www.is.fi/digitoday/tietoturva/art-2000007770210.html Facebookin vuosia sitten paikkaamaa haavoittuvuutta ehdittiin käyttää hyväksi 533 miljoonan käyttäjän tietojen kaapimiseksi talteen. Tällä viikolla tuli julkisuuteen, että tietoja on kaupiteltu Telegram-viestipalvelussa toimivan automaattisen ohjelman kautta. Suomalaisia puhelinnumeroita on raportoitu olevan myynnissä kaikkiaan 1 381 569 kappaletta. – Kyllä sitä voi kuvailla poikkeuksellisen suureksi määräksi. Ainakaan meille ei tämän kokoisia henkilötietovuotoja ole suomalaisista ilmoitettu, erityisasiantuntija Juha Tretjakov korostaa.

Huawei-pomo ihmettelee ulossulkemista 5g-Ruotsin kisasta “perustuu vain olettamuksille”

www.tivi.fi/uutiset/tv/9fbb22dd-6235-4447-bf7a-19f58be42336 Huawei kokee, että sen ulossulkeminen Ruotsin 5g-verkosta perustuu oletuksiin. Yhtiö toivoo pääsevänsä Ruotsin kanssa nopeaan sovintoratkaisuun. Ruotsissa kohuttu 5g-taajuushuutokauppa toteutettiin viime viikolla, vaikka kysymys Huawein laitteiden käyttämisestä on yhä avoin. Kuohuntaa huutokaupan ympärillä on aiheuttanut etenkin kiinalaisvalmistaja Huawein kohtalo. Kaikki alkoi viime lokakuussa, kun taajuushuutokauppaa järjestävä telehallintoviranomainen PTS (Post- och telestyrelsen) ilmoitti, ettei Huawein tai toisen kiinalaisvalmistajan ZTE:n laitteita saisi käyttää 5g-verkon rakentamisessa.

A network of Twitter bots has attacked the Belgian government’s Huawei 5G ban

www.zdnet.com/article/a-network-of-twitter-bots-has-attacked-the-belgian-governments-huawei-5g-ban/ Social media research group Graphika has published a report today exposing a small network of 14 Twitter accounts that engaged in a coordinated campaign to criticize the Belgian government’s plan to ban Huawei from supplying 5G equipment to local telecommunications providers. The accounts used fake names and posed as Belgium-based tech and 5G experts. They also used profile images generated using machine learning GAN algorithms, a technique that is gaining traction with more and more social media influence networks. Graphika report (PDF):


Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601 Approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds, Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview. Last week, computer security company Malwarebytes Inc. said that a number of its Microsoft cloud email accounts were compromised by the same attackers who targeted SolarWinds, using what Malwarebytes called “another intrusion vector.”

SolarWinds attack is not an outlier, but a moment of reckoning for security industry, says Microsoft exec

www.zdnet.com/article/solarwinds-attack-is-not-an-outlier-but-a-moment-of-reckoning-for-security-industry-says-microsoft-exec/ “What SolarWinds has taught us is that this landscape is more complex and more sophisticated. Is this a different attack? It is a really sophisticated attack, ” Vasu Jakkal, Microsoft’s corporate vice president of security, compliance and identity told ZDNet in an interview. “These attacks are going to continue to get more sophisticated. So we should expect that. This is not the first and not the last. This is not an outlier. This is going to be the norm. This is why what we do is more important than ever, ” she said. “I believe that SolarWinds is a moment of reckoning in the industry. This is not going to change and we have to do better as a defender community and we have to be unified in our responses. We have been out there, leading in this response.”

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

www.cyberscoop.com/nsa-juniper-backdoor-wyden-espionage/ As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill and concern in the Pentagon about the potential exposure of its contractors to the hack there has been no public U.S. government assessment of who carried out the hack, and what data was accessed.

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

thehackernews.com/2021/01/google-uncovers-new-ios-security.html Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. “One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages, ” Groß said. “Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.”. also:


ZINC attacks against security researchers

www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/ In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations. This ongoing campaign was reported by Google’s Threat Analysis Group (TAG) earlier this week, capturing the browser-facing impact of this attack. By sharing additional details of the attack, we hope to raise awareness in the cybersecurity community about additional techniques used in this campaign and serve as a reminder to security professionals that they are high-value targets for attackers.

Trickbot is back again – with fresh phishing and malware attacks

www.zdnet.com/article/trickbot-is-back-again-with-fresh-phishing-and-malware-attacks/ The Trickbot botnet was disrupted by a coalition of cybersecurity companies late last year – but researchers have detailed what appears to be a new Trickbot campaign.

Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs

www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/ Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.The threat actor likely accessed more than 250 Oracle and Atlassian servers belonging mainly to organizations providing mobile communications and internet-based services. ClearSky report:


LogoKit Can Manipulate Phishing Pages in Real Time E Hacking News

rootdaemon.com/2021/01/29/logokit-can-manipulate-phishing-pages-in-real-time-e-hacking-news/ A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims’ organization logos onto the phishing login page. Cybercriminals have depended on LogoKit to dispatch phishing assaults on in excess of 700 unique domains in the course of 30 days (including 300 in the past week). These focused on services range from generic login portals to bogus SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals.

The rise of ransomware

www.ncsc.gov.uk/blog-post/rise-of-ransomware Toby L, Technical Lead for Incident Management, explains how modern-day ransomware attacks are evolving.

Vovalex is likely the first ransomware written in D

www.bleepingcomputer.com/news/security/vovalex-is-likely-the-first-ransomware-written-in-d/ A new ransomware called Vovalex is being distributed through fake pirated software that impersonates popular Windows utilities, such as CCleaner. While Vovalex is no different, what stands out to Advanced Intel’s Vitali Kremez is that it may be the first ransomware written in D.

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ Unit 42 researchers documented cloud-targeted malware used by the Rocke Group to conduct cryptojacking attacks to mine for Monero. In response, the threat actors updated the malware. Here, we uncover a revised version of the same cloud-targeted cryptojacking malware, which now includes new and improved rootkit and worm capabilities. We also detail the hiding techniques used by the malware to dodge cybersecurity companies’ detection methods, while explaining its four-module structure. In our analysis, we found Pro-Ocean targeting Apache ActiveMQ (CVE-2016-3088), Oracle WebLogic (CVE-2017-10271) and Redis (unsecure instances). Once installed, the malware kills any process that uses the CPU heavily, so that it’s able to use 100% of the CPU and mine Monero efficiently.

Data Driven Security Hardening in Android

security.googleblog.com/2021/01/data-driven-security-hardening-in.html This post focuses on the decision-making process that goes into these proactive measures: in particular, how we choose which hardening techniques to deploy and where they are deployed. As device capabilities vary widely within the Android ecosystem, these decisions must be made carefully, guided by data available to us to maximize the value to the ecosystem as a whole.

Näin laitat pk-yrityksen tietoturvan kuntoon katso 10 kohdan muistilista

www.tivi.fi/uutiset/nain-laitat-pk-yrityksen-tietoturvan-kuntoon-katso-10-kohdan-muistilista/332591f6-e1de-44ab-a6c4-90c20710c0a8 Vastaamon tapaus herätti monet yritykset pohtimaan tietoturvansa tasoa. Etenkin pienen tai keskisuuren yrityksen kannattaa tuntea tietoturvasta huolehtimisen perusteet.

You might be interested in …

Daily NCSC-FI news followup 2020-07-24

Garmin outage caused by confirmed WastedLocker ransomware attack www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/ Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Lisäksi www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/ ja www.forbes.com/sites/leemathews/2020/07/23/garmins-alleged-ransomware-wastedlocker-evil-corp/ ja thehackernews.com/2020/07/garmin-ransomware-attack.html ja threatpost.com/garmin-suffers-ransomware-attack/157698/ Poliisi varoittaa Microsoft huijaussoitoista […]

Read More

Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. Russian Hacks on U.S. Voting System Wider Than Previously Known www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral […]

Read More

Daily NCSC-FI news followup 2021-09-20

Alaska discloses sophisticated’ nation-state cyberattack on health service therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/ A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week. While the DHSS made the incident public on May 18 and published two updates in June and August, the agency […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.