Daily NCSC-FI news followup 2021-02-12

Tori.fissä kaksi kieroa huijausta varo tällaisia yhteydenottoja

www.is.fi/digitoday/tietoturva/art-2000007799557.html Meneillään on kaksi erilaista huijauskampanjaa. Tori.fi antaa kolme turvavinkkiä.

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

hotforsecurity.bitdefender.com/blog/after-hackers-blackmailed-their-clients-finnish-therapy-firm-declares-bankruptcy-25313.html Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.. According to data collected by security researcher Adrian Sanabria, Vastaamo is one of less than two dozen companies to have been ruined by a data breach, and is the largest so far, at 400 employees.

Yandex suffers data breach after sysadmin sold access to user emails

www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/ Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes.

Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

blog.sonatype.com/sonatype-spots-150-malicious-npm-packages-copying-recent-software-supply-chain-attacks Just three days ago on February 9th, Sonatype released our findings on Alex Birsans research in which he used the dependency or namespace confusion technique to push his malicious proof-of-concept (PoC) code to internal development builds of over 35 major tech organizations including Microsoft, Apple, Tesla, Uber and others.. With the news making headlines, it didn’t take long for other researchers to start imitating Birsans open source software supply chain attack research.. see also

www.bleepingcomputer.com/news/security/copycat-researchers-imitate-supply-chain-attack-that-hit-tech-giants/

Alert (AA21-042A) Compromise of U.S. Water Treatment Facility

us-cert.cisa.gov/ncas/alerts/aa21-042a On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA systems software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process.

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

threatpost.com/singtel-zero-day-cyberattack/163938/ The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.

Military, Nuclear Entities Under Target By Novel Android Malware

threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/ The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.

Microsoft is seeing a big spike in Web shell use

arstechnica.com/information-technology/2021/02/microsoft-is-seeing-a-big-spike-in-web-shell-use/ Spike shows just how useful and hard to detect these simple programs can be.

Cyberpunk 2077 studios hacked data has reportedly been sold

www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale The hackers say they received an offer outside of the auction

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/ Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub.

Researchers identify 223 vulnerabilities used in recent ransomware attacks

www.scmagazine.com/home/security-news/ransomware/researchers-identify-223-vulnerabilities-used-in-recent-ransomware-attacks/ Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.

Internet Explorer 11 zero-day vulnerability gets unofficial micropatch

www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-unofficial-micropatch/ An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

“On moraalitonta jättää haittojen torjunta rikoksen uhrille”, sanoo tutkija henkilötunnuksen muuttaminen ei poista mahdollisuutta identiteettivarkauteen

yle.fi/uutiset/3-11782128 Nykyistä laajempi vahva tunnistaminen esimerkiksi verkkokaupassa estäisi tehokkaasti henkilötunnuksen väärinkäyttöä.

AgentTesla Dropped Through Automatic Click in Microsoft Help File

isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/

You might be interested in …

Daily NCSC-FI news followup 2020-08-31

Bluetoothin turvallinen käyttö älylaitteissa www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/bluetoothin-turvallinen-kaytto-alylaitteissa Suomen korona-altistuksia jäljittävä sovellus auttaa katkaisemaan tartuntaketjuja ja hillitsemään viruksen leviämistä. Jäljittäminen perustuu Bluetooth Low Energy (BLE) -tekniikkaan: laitteet tunnistavat olevansa toisen laitteen lähellä BLE-signaalien voimakkuuden perusteella. Tässä artikkelissa korjaamme oletuksia ja vastaamme kysymyksiin, jotka liittyvät Bluetoothin käytön tietoturvariskeihin. Cisco warns of actively exploited bug in carrier-grade routers www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/ Cisco […]

Read More

Daily NCSC-FI news followup 2020-03-08

Data-Stealing FormBook Malware Preys on Coronavirus Fears www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/ Another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO) is distributing a malware downloader that installs the FormBook information-stealing Trojan. Hackers can clone millions of Toyota, Hyundai, and Kia keys arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/ Encryption flaws in common anti-theft feature expose vehicles from major […]

Read More

Daily NCSC-FI news followup 2020-12-04

KUTSU TRAFICOMIN KYBERTURVALLISUUSKESKUKSEN MEDIAWEBINAARIIN: ONKO KODIN ÄLYLAITE AVOIN OVI HAKKERILLE? www.epressi.com/tiedotteet/teknologia/kutsu-traficomin-kyberturvallisuuskeskuksen-mediawebinaariin-onko-kodin-alylaite-avoin-ovi-hakkerille.html Verkossa olevat älylaitteet voivat olla kanava koteihin suuntautuviin tietoturvahyökkäyksiin. Siksi tuotteiden valmistajien ja markkinoijien täytyy varmistaa laitteidensa tietoturvataso. Miten vuosi sitten Liikenne- ja viestintävirasto Traficomin julkistama Tietoturvamerkki on otettu vastaan yrityksissä? Miten se auttaa kuluttajia löytämään tietoturvallisen älylaitteen?. Ilmoittaudu mediawebinaariimme viimeistään ti 8.12. klo […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.