Daily NCSC-FI news followup 2021-02-10

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/ An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.

French MNH health insurance company hit by RansomExx ransomware

www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/ French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company’s operations.

North Korean attacks on crypto exchanges reportedly netted $316m in two years

www.theregister.com/2021/02/10/north_korea_cryptocurrency/ United Nations sanctions made silly by sloppy security. North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei.

Adobe patches wave of critical bugs in Magento, Acrobat, Reader

www.zdnet.com/article/adobe-patches-wave-of-critical-bugs-in-magento-acrobat-reader/ Some of the vulnerabilities were reported through a hacking contest.

Hybrid, Older Users Most-Targeted by Gmail Attackers

threatpost.com/hybrid-older-users-gmail-attackers/163826/ Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.

SIM hijackers arrested after stealing millions from US celebrities

www.bleepingcomputer.com/news/security/sim-hijackers-arrested-after-stealing-millions-from-us-celebrities/ Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium.

Microsoft now forces secure RPC to block Windows Zerologon attacks

www.bleepingcomputer.com/news/security/microsoft-now-forces-secure-rpc-to-block-windows-zerologon-attacks/ Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month’s Patch Tuesday security updates.

Daily NCSC-FI news followup 2019-12-10

Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit: Macronin toimisto sumutti vakoojia vitseillä www.hs.fi/ulkomaat/art-2000006337940.html Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia jakamalla heille väärää tietoa. Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/ Researchers discovered a new Snatch ransomware strain that will reboot computers it […]

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Daily NCSC-FI news followup 2019-08-08

Porin kaupunki joutunut tietomurron kohteeksi www.pori.fi/uutinen/2019-08-08_porin-kaupunki-joutunut-tietomurron-kohteeksi Keskiviikkona 7. elokuuta iltapäivällä yhdellä Porin kaupungin opetusverkon työasemalla havaittiin tietomurto. Kyseisen työaseman kautta oli saatu asennettua haittaohjelma opetusverkon käyttäjähakemistopalvelimille.. Haittaohjelman tarkoituksena oli datan kerääminen, joka on saattanut vaarantaa käyttäjien kirjautumistietoja. Varotoimenpiteenä kaikkien opetusverkon käyttäjien salasanat vaihdetaan, sanoo ICT-yksikön päällikkö Heikki Haaparanta. . Reagoimme tilanteeseen nopeasti, minkä vuoksi murto […]