Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree

www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.”. In fact, DomainTools’ Slowik says the intrusions instead appear to have been carried out simply by exploiting internet-facing servers running Centreon’s software inside the victims’ networks.

North Korea may have hacked into Pfizer servers looking for COVID data

arstechnica.com/gadgets/2021/02/north-korea-may-have-hacked-into-pfizer-servers-looking-for-covid-data/ South Korea’s NIS warned lawmakers of Russian and North Korean hacking activity.

Beware of COVID19 vaccine scams and misinformation

www.welivesecurity.com/2021/02/16/beware-covid19-vaccine-scams-misinformation/ The vaccination push provides a vital shot in the arm for the worlds battle against the pandemic, but it’s also a topic ripe for exploitation by fraudsters and purveyors of misinformation

Kia Motors America experiences massive IT outage across the US

www.bleepingcomputer.com/news/security/kia-motors-america-experiences-massive-it-outage-across-the-us/ Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.. One Twitter user shared that they could not pick up their car due to a ransomware attack taking down Kia’s systems.

Malvertisers exploited browser zero-day to redirect users to scams

www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/ The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.

Misconfigured Baby Monitors Allow Unauthorized Viewing

threatpost.com/baby-monitors-unauthorized-viewing/163982/ Hundreds of thousands of individuals are potentially affected by this vulnerability.. The issue exists in the manufacturers implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. Its possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.

How DNS-over-HTTPS (DoH) has Changed the Threat Landscape For Companies

quointelligence.eu/2021/02/dns-over-https-doh/ DNS-over-HTTPS (DoH) protocol is now offered and in some instances standard, in major Internet browsers. DoH provides the benefit of communicating DNS information over a secure HTTPS connection in an encrypted manner. . The protocol offers increased privacy for home-users but presents new challenges for enterprise networks and new opportunities for malicious actors. In order to prevent evolving threats from malware authors, organizations should stay updated and follow the latest security recommendations.

Supply chain attacks are on the rise: Check your software build pipeline security

www.zdnet.com/article/supply-chain-attacks-are-on-the-rise-check-your-software-build-pipeline-security/ Defending against supply chain attacks is more than trying to stop the theft of encryption keys to access protected cloud resources.

Recordhigh number of vulnerabilities reported in 2020

www.welivesecurity.com/2021/02/15/record-breaking-number-vulnerabilities-reported-2020/ High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior

LähiTapiola päästi hakkerit käymään konttorillaan turvakamerasta löytyi ikävä haavoittuvuus

www.tivi.fi/uutiset/tv/e46db25d-4b6f-459b-96b5-065bc4fced8f Järjestyksessään 11. Hack Day toteutettiin koronarajoitusten puitteissa.

This cybersecurity threat costs business millions. And it’s the one they often forget about

www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ Phishing emails that dupe users into sending cyber criminals wire transfers is by far the most lucrative form of cybercrime – here’s what you need to know.

DDoS attacks in Q4 2020


Introducing DNS Shotgun

en.blog.nic.cz/2021/02/16/introducing-dns-shotgun/ DNS Shotgun is a bechmarking tool specifically developed for realistic performance testing of DNS resolvers. Its goal is to simulate real clients and their behaviour, including timing of queries and realistic connection management, which are areas where traditional tools are lacking.

Bluetooth Overlay Skimmer That Blocks Chip

krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/ I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminals ability to read chip-based cards, forcing customers to swipe the stripe instead.

You might be interested in …

Daily NCSC-FI news followup 2021-06-03

Exchange Servers Targeted by Epsilon Red’ Malware threatpost.com/exchange-servers-epsilon-red-ransomware/166640/ Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in […]

Read More

Daily NCSC-FI news followup 2021-01-21

Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta. Ransomware is now the biggest […]

Read More

Daily NCSC-FI news followup 2021-09-30

Rikolliset urkkivat suomalaisten pankkitunnuksia ota talteen vinkit turvalliseen asiointiin www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia Kela, Keskusrikospoliisi ja Kyberturvallisuuskeskus kehottavat huolellisuuteen verkkopalveluihin kirjautumisessa. Rikolliset kalastelevat pankkitunnuksia suomalaisten pankkien ja Omakanta-palvelun nimissä. Asioithan verkossa turvallisesti ja tunnista huijaukset. Kerro huijauksista myös läheisillesi. GhostEmperor: From ProxyLogon to kernel mode securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ While investigating a recent rise of attacks against Exchange servers, we noticed […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.