Daily NCSC-FI news followup 2021-03-02

Vastaamon tietomurrosta seuraa jotain hyvääkin: suomalaisille uusi verkkopalvelu voit jo testata

www.tivi.fi/uutiset/tv/fedd3f89-7853-4b68-b851-a9608706a533 Ensimmäisessä vaiheessa Suomi.fi-sivustolle kootaan identiteettivarkauksia ja tietomurtoa koskevat ohjeistukset ja palvelut helppokäyttöiseksi kansalaista toimimaan opastavaksi poluksi. Tämä kokonaisuus valmistuu huhtikuussa 2021 yhteistyössä hankkeessa mukana olevan verkoston kanssa.. Kevään aikana palveluun tuodaan myös mahdollisuus hallinnoida osaa Digi- ja väestötietovirastolle tehtävistä kielloista. Tällaisia ovat väestötietojärjestelmään tehtävät tietojenluovutuskiellot ja osoitteenmuutoksen tekemistä koskevat kiellot (ns. muuttoesto).

Koulujen Wilma-palveluun saapui viime viikolla viesti, jota tutkii nyt poliisi lähes jokaisen väärinkäytön taustalla on sama ongelma, sanoo ohjelmistoyhtiön toimitusjohtaja

yle.fi/uutiset/3-11816741?origin=rss Kaksivaiheinen tunnistautuminen voisi ehkäistä väärinkäytöksiä, mutta kaikissa kunnissa se ei ole vielä käytössä. Poliisi tutkii palvelussa lähetettyä pommiuhkausta.

Malaysia Airlines discloses a nine-year-long data breach

www.bleepingcomputer.com/news/security/malaysia-airlines-discloses-a-nine-year-long-data-breach/ According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019.

ObliqueRAT returns with new campaign using hijacked websites

blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html The usage of compromised websites is another attempt at detection evasion. The adversaries have also introduced steganography as a way to hide the ObliqueRAT payloads in image files. This technique is novel to ObliqueRAT’s distribution chain (not observed in the past).

Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features

www.forbes.com/sites/kateoflahertyuk/2021/03/02/microsoft-teams-issues-major-blow-to-zoom-with-game-changing-new-security-features/ In the first release, customers will have the ability to enable end-to-end encryptionwhich means no one can access video chats, including Microsoft, and law enforcementfor 1:1 Teams calls for designated users. Microsoft says it is just the beginning of the E2EE work to expand to online meetings soon.

Security design with principles

medium.com/ouspg/security-design-with-principles-a8c045765b93 These ten secure design principles are mostly about avoiding unwanted features in the system. This either means dropping extra functionality altogether or controlling the access to the required functionality. Access control may call for implementing additional security features in your system.

‘It was human error’: Cyberattacks took place but didn’t cause Mumbai power outage, says govt

timesofindia.indiatimes.com/india/2020-mumbai-power-outage-caused-by-human-error-not-cyber-attack-union-power-minister/articleshow/81292545.cms Union power minister RK Singh on Tuesday denied reports that Chinese cyberattacks led to a major power outage in Mumbai last year, saying there is no evidence to connect the grid failure to a hacking attempt.

Malicious NPM packages target Amazon, Slack with new dependency attacks

www.bleepingcomputer.com/news/security/malicious-npm-packages-target-amazon-slack-with-new-dependency-attacks/ That is until today when open-source security firm Sonatype discovered malicious packages targeting applications related to Amazon, Zillow, Lyft, and Slack to steal passwords and open remote shells.. While we have seen numerous security researchers impersonate Birsan’s work by creating harmless PoCs to earn bug bounties, we had not seen any malicious activities.That is until today when open-source security firm Sonatype discovered malicious packages targeting applications related to Amazon, Zillow, Lyft, and Slack to steal passwords and open remote shells.

The Hijacking of Perl.com

www.perl.com/article/the-hijacking-of-perl-com/ This part veers into some speculation, and Perl.com wasnt the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. Theres no reason for Network Solutions to reveal anything to me (again, Im not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.. John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars . makes the recovery much harder.

Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

www.theregister.com/2021/03/02/python_pypi_purges/ Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.. The deluge of malicious Python packages over the past week included unauthorized versions of projects like CuPy, an implementation of NumPy-compatible multi-dimensional array on CUDA, Nvidia’s parallel computing platform.

Cyber Attack on the Ministry of Finance of Kosovo

exit.al/en/2021/03/01/cyber-attack-on-the-ministry-of-finance-of-kosovo/ The Ministry of Finance in Kosovo was a target of a cyber attack, Kosovo media reported on Sunday.. It was reported that the cyber attack took place in the Tax Department.

Far-Right Platform Gab Has Been HackedIncluding Private Data

www.wired.com/story/gab-hack-data-breach-ddosecrets/ The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists.

Cyber Threats 2020: A Year in Retrospect

www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf In a continuation from 2019, there were several instances of espionage threat actors being linked to financially motivated activity. These dual motivations are likely due to activity being performed for personal gain as opposed to a wider shift in operational objectives.. However the variation in activity, in terms of a deviation in expected targeting and tooling, provides extra challenges in both defence and attribution efforts. 2020 also saw a number of hacker-for-hire operations publicly exposed, changing our traditional understanding of espionage activity.

The Norwegian Intelligence Services assessment of current security challenges

www.forsvaret.no/aktuelt-og-presse/publikasjoner/fokus/rapporter/Focus2021-english.pdf/_/attachment/inline/450b1ed0-1983-4e6b-bc65-4aa7631aa36f:21c5241a06c489fa1608472c3c8ab855c0ac3511/Focus2021-en… As you will see when you read Focus, the superpowers use a variety of means, and the security challenges span across many sectors, blurring the distinction between state security. and public safety. Especially in the cyber domain, the means are used continuously, adapted. to the situation and the level of tension. This emphasises the need for close cooperation. between Norways secret services, police, defence and other authorities

news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/ To accomplish this phase of the attack, the operators of Gootloader must maintain a network of servers hosting hacked, legitimate websites (we estimate roughly 400 such servers are in operation at any given time). The example shown above belongs to a legitimate business, a neonatal medical practice based in Canada. … Google itself indicates the result is not an ad, and they have known about the . site for nearly seven years. To the end user, the entire thing looks on the up-and-up.. In our experience, many of these hacked sites serving the fake message board are running a well-known content management system, to which the threat actors make modifications that subtly rewrite how the contents of the website are presented to certain visitors, based on characteristics of the individual visitors (including how they arrive on the hacked site).

Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web

www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265 Yes, there are “criminal job boards” in the traditional sense on the Dark Web. The Edge spoke with several security researchers, including the Photon Research Team at Digital Shadows, about the growing number of English- and Russian-language Dark Web forums that feature job boards with specific sections dedicated to the topic of recruitment and the skills required.

You might be interested in …

Daily NCSC-FI news followup 2020-09-03

Suomalaisten ammattiliittojen jäsenten tietoja kalasteltiin toimi näin, jos lankesit ansaan www.tivi.fi/uutiset/tv/3b254379-c90e-48fa-b97f-282f4e7086ee Ylemmät toimihenkilöt YTN edustaa Suomessa 20 akavalaisen liiton kautta noin 170 000 asiantuntijaa ja esimiestä eri toimialoilla. YTN kertoo tiedotteessaan joutuneensa 25. elokuuta tietomurron kohteeksi. Uhriksi joutui yksi YTN:n työntekijän sähköpostilaatikko. YTN:n mukaan hyökkäys rajoittui tähän, eikä esimerkiksi henkilötietoja päätynyt murron myötä vääriin käsiin. […]

Read More

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.