Daily NCSC-FI news followup 2021-02-12

Tori.fissä kaksi kieroa huijausta varo tällaisia yhteydenottoja

www.is.fi/digitoday/tietoturva/art-2000007799557.html Meneillään on kaksi erilaista huijauskampanjaa. Tori.fi antaa kolme turvavinkkiä.

After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy

hotforsecurity.bitdefender.com/blog/after-hackers-blackmailed-their-clients-finnish-therapy-firm-declares-bankruptcy-25313.html Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt.. According to data collected by security researcher Adrian Sanabria, Vastaamo is one of less than two dozen companies to have been ruined by a data breach, and is the largest so far, at 400 employees.

Yandex suffers data breach after sysadmin sold access to user emails

www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/ Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes.

Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

blog.sonatype.com/sonatype-spots-150-malicious-npm-packages-copying-recent-software-supply-chain-attacks Just three days ago on February 9th, Sonatype released our findings on Alex Birsans research in which he used the dependency or namespace confusion technique to push his malicious proof-of-concept (PoC) code to internal development builds of over 35 major tech organizations including Microsoft, Apple, Tesla, Uber and others.. With the news making headlines, it didn’t take long for other researchers to start imitating Birsans open source software supply chain attack research.. see also

www.bleepingcomputer.com/news/security/copycat-researchers-imitate-supply-chain-attack-that-hit-tech-giants/

Alert (AA21-042A) Compromise of U.S. Water Treatment Facility

us-cert.cisa.gov/ncas/alerts/aa21-042a On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA systems software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process.

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

threatpost.com/singtel-zero-day-cyberattack/163938/ The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.

Military, Nuclear Entities Under Target By Novel Android Malware

threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/ The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.

Microsoft is seeing a big spike in Web shell use

arstechnica.com/information-technology/2021/02/microsoft-is-seeing-a-big-spike-in-web-shell-use/ Spike shows just how useful and hard to detect these simple programs can be.

Cyberpunk 2077 studios hacked data has reportedly been sold

www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale The hackers say they received an offer outside of the auction

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/ Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the worlds largest adult platforms including PornHub.

Researchers identify 223 vulnerabilities used in recent ransomware attacks

www.scmagazine.com/home/security-news/ransomware/researchers-identify-223-vulnerabilities-used-in-recent-ransomware-attacks/ Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.

Internet Explorer 11 zero-day vulnerability gets unofficial micropatch

www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-unofficial-micropatch/ An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

“On moraalitonta jättää haittojen torjunta rikoksen uhrille”, sanoo tutkija henkilötunnuksen muuttaminen ei poista mahdollisuutta identiteettivarkauteen

yle.fi/uutiset/3-11782128 Nykyistä laajempi vahva tunnistaminen esimerkiksi verkkokaupassa estäisi tehokkaasti henkilötunnuksen väärinkäyttöä.

AgentTesla Dropped Through Automatic Click in Microsoft Help File

isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/

You might be interested in …

Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise […]

Read More

Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has […]

Read More

Daily NCSC-FI news followup 2021-05-11

Companies 5 Million Personal identifiable information records detected on an AWS service due to misconception of users blog.checkpoint.com/2021/05/11/companies-5-million-personal-identifiable-information-records-detected-on-an-aws-service-due-to-misconception-of-users/ CPR was able to detect personal records in Amazon Web Services (AWS). By analyzing and enumerating public AWS Systems Manager (SSM) documents, CPR retrieved over five million personally identifiable information records and credit card transactions of companies, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.