Daily NCSC-FI news followup 2021-02-12

Tori.fissä kaksi kieroa huijausta varo tällaisia yhteydenottoja

www.is.fi/digitoday/tietoturva/art-2000007799557.html Meneillään on kaksi erilaista huijauskampanjaa. Tori.fi antaa kolme turvavinkkiä.

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

hotforsecurity.bitdefender.com/blog/after-hackers-blackmailed-their-clients-finnish-therapy-firm-declares-bankruptcy-25313.html Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.. According to data collected by security researcher Adrian Sanabria, Vastaamo is one of less than two dozen companies to have been ruined by a data breach, and is the largest so far, at 400 employees.

Yandex suffers data breach after sysadmin sold access to user emails

www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/ Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes.

Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

blog.sonatype.com/sonatype-spots-150-malicious-npm-packages-copying-recent-software-supply-chain-attacks Just three days ago on February 9th, Sonatype released our findings on Alex Birsans research in which he used the dependency or namespace confusion technique to push his malicious proof-of-concept (PoC) code to internal development builds of over 35 major tech organizations including Microsoft, Apple, Tesla, Uber and others.. With the news making headlines, it didn’t take long for other researchers to start imitating Birsans open source software supply chain attack research.. see also


Alert (AA21-042A) Compromise of U.S. Water Treatment Facility

us-cert.cisa.gov/ncas/alerts/aa21-042a On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA systems software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process.

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

threatpost.com/singtel-zero-day-cyberattack/163938/ The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.

Military, Nuclear Entities Under Target By Novel Android Malware

threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/ The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.

Microsoft is seeing a big spike in Web shell use

arstechnica.com/information-technology/2021/02/microsoft-is-seeing-a-big-spike-in-web-shell-use/ Spike shows just how useful and hard to detect these simple programs can be.

Cyberpunk 2077 studios hacked data has reportedly been sold

www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale The hackers say they received an offer outside of the auction

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/ Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub.

Researchers identify 223 vulnerabilities used in recent ransomware attacks

www.scmagazine.com/home/security-news/ransomware/researchers-identify-223-vulnerabilities-used-in-recent-ransomware-attacks/ Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.

Internet Explorer 11 zero-day vulnerability gets unofficial micropatch

www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-unofficial-micropatch/ An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

“On moraalitonta jättää haittojen torjunta rikoksen uhrille”, sanoo tutkija henkilötunnuksen muuttaminen ei poista mahdollisuutta identiteettivarkauteen

yle.fi/uutiset/3-11782128 Nykyistä laajempi vahva tunnistaminen esimerkiksi verkkokaupassa estäisi tehokkaasti henkilötunnuksen väärinkäyttöä.

AgentTesla Dropped Through Automatic Click in Microsoft Help File


You might be interested in …

Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Daily NCSC-FI news followup 2021-01-25

Kyberturvallisuus­keskus: Whatsapp-tilejä yritetään kaapata Suomessa huijausviesteillä www.hs.fi/kotimaa/art-2000007758688.html Rikolliset yrittävät kaapata tilejä muun muassa tekeytymällä Whatsappin tekniseksi tueksi. Lukijoilta: Huijari tyhjäsi netissä pankkitilini ilkkapohjalainen.fi/mielipide/yleisolta/lukijoilta-huijari-tyhjasi-netissa-pankkitilini-1.4810770 Tämä on esimerkki omasta tapauksesta, jossa hyväuskoisena luotin soittoon, jossa soittaja ilmoitti soittavansa Lontoossa sijaitsevasta Microsoft Support -tukipalvelukeskuksesta. Matkapuhelin­verkko voi kavaltaa kenen tahansa sijainnin: Siepattiinko arabi­prinsessa ja hänen suomalainen ystävänsä luksus­jahdilta kapteenin […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.