Daily NCSC-FI news followup 2021-03-02

Vastaamon tietomurrosta seuraa jotain hyvääkin: suomalaisille uusi verkkopalvelu voit jo testata

www.tivi.fi/uutiset/tv/fedd3f89-7853-4b68-b851-a9608706a533 Ensimmäisessä vaiheessa Suomi.fi-sivustolle kootaan identiteettivarkauksia ja tietomurtoa koskevat ohjeistukset ja palvelut helppokäyttöiseksi kansalaista toimimaan opastavaksi poluksi. Tämä kokonaisuus valmistuu huhtikuussa 2021 yhteistyössä hankkeessa mukana olevan verkoston kanssa.. Kevään aikana palveluun tuodaan myös mahdollisuus hallinnoida osaa Digi- ja väestötietovirastolle tehtävistä kielloista. Tällaisia ovat väestötietojärjestelmään tehtävät tietojenluovutuskiellot ja osoitteenmuutoksen tekemistä koskevat kiellot (ns. muuttoesto).

Koulujen Wilma-palveluun saapui viime viikolla viesti, jota tutkii nyt poliisi lähes jokaisen väärinkäytön taustalla on sama ongelma, sanoo ohjelmistoyhtiön toimitusjohtaja

yle.fi/uutiset/3-11816741?origin=rss Kaksivaiheinen tunnistautuminen voisi ehkäistä väärinkäytöksiä, mutta kaikissa kunnissa se ei ole vielä käytössä. Poliisi tutkii palvelussa lähetettyä pommiuhkausta.

Malaysia Airlines discloses a nine-year-long data breach

www.bleepingcomputer.com/news/security/malaysia-airlines-discloses-a-nine-year-long-data-breach/ According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019.

ObliqueRAT returns with new campaign using hijacked websites

blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html The usage of compromised websites is another attempt at detection evasion. The adversaries have also introduced steganography as a way to hide the ObliqueRAT payloads in image files. This technique is novel to ObliqueRAT’s distribution chain (not observed in the past).

Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features

www.forbes.com/sites/kateoflahertyuk/2021/03/02/microsoft-teams-issues-major-blow-to-zoom-with-game-changing-new-security-features/ In the first release, customers will have the ability to enable end-to-end encryptionwhich means no one can access video chats, including Microsoft, and law enforcementfor 1:1 Teams calls for designated users. Microsoft says it is just the beginning of the E2EE work to expand to online meetings soon.

Security design with principles

medium.com/ouspg/security-design-with-principles-a8c045765b93 These ten secure design principles are mostly about avoiding unwanted features in the system. This either means dropping extra functionality altogether or controlling the access to the required functionality. Access control may call for implementing additional security features in your system.

‘It was human error’: Cyberattacks took place but didn’t cause Mumbai power outage, says govt

timesofindia.indiatimes.com/india/2020-mumbai-power-outage-caused-by-human-error-not-cyber-attack-union-power-minister/articleshow/81292545.cms Union power minister RK Singh on Tuesday denied reports that Chinese cyberattacks led to a major power outage in Mumbai last year, saying there is no evidence to connect the grid failure to a hacking attempt.

Malicious NPM packages target Amazon, Slack with new dependency attacks

www.bleepingcomputer.com/news/security/malicious-npm-packages-target-amazon-slack-with-new-dependency-attacks/ That is until today when open-source security firm Sonatype discovered malicious packages targeting applications related to Amazon, Zillow, Lyft, and Slack to steal passwords and open remote shells.. While we have seen numerous security researchers impersonate Birsan’s work by creating harmless PoCs to earn bug bounties, we had not seen any malicious activities.That is until today when open-source security firm Sonatype discovered malicious packages targeting applications related to Amazon, Zillow, Lyft, and Slack to steal passwords and open remote shells.

The Hijacking of Perl.com

www.perl.com/article/the-hijacking-of-perl-com/ This part veers into some speculation, and Perl.com wasnt the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. Theres no reason for Network Solutions to reveal anything to me (again, Im not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.. John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars . makes the recovery much harder.

Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

www.theregister.com/2021/03/02/python_pypi_purges/ Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.. The deluge of malicious Python packages over the past week included unauthorized versions of projects like CuPy, an implementation of NumPy-compatible multi-dimensional array on CUDA, Nvidia’s parallel computing platform.

Cyber Attack on the Ministry of Finance of Kosovo

exit.al/en/2021/03/01/cyber-attack-on-the-ministry-of-finance-of-kosovo/ The Ministry of Finance in Kosovo was a target of a cyber attack, Kosovo media reported on Sunday.. It was reported that the cyber attack took place in the Tax Department.

Far-Right Platform Gab Has Been HackedIncluding Private Data

www.wired.com/story/gab-hack-data-breach-ddosecrets/ The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists.

Cyber Threats 2020: A Year in Retrospect

www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf In a continuation from 2019, there were several instances of espionage threat actors being linked to financially motivated activity. These dual motivations are likely due to activity being performed for personal gain as opposed to a wider shift in operational objectives.. However the variation in activity, in terms of a deviation in expected targeting and tooling, provides extra challenges in both defence and attribution efforts. 2020 also saw a number of hacker-for-hire operations publicly exposed, changing our traditional understanding of espionage activity.

The Norwegian Intelligence Services assessment of current security challenges

www.forsvaret.no/aktuelt-og-presse/publikasjoner/fokus/rapporter/Focus2021-english.pdf/_/attachment/inline/450b1ed0-1983-4e6b-bc65-4aa7631aa36f:21c5241a06c489fa1608472c3c8ab855c0ac3511/Focus2021-en… As you will see when you read Focus, the superpowers use a variety of means, and the security challenges span across many sectors, blurring the distinction between state security. and public safety. Especially in the cyber domain, the means are used continuously, adapted. to the situation and the level of tension. This emphasises the need for close cooperation. between Norways secret services, police, defence and other authorities

news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/ To accomplish this phase of the attack, the operators of Gootloader must maintain a network of servers hosting hacked, legitimate websites (we estimate roughly 400 such servers are in operation at any given time). The example shown above belongs to a legitimate business, a neonatal medical practice based in Canada. … Google itself indicates the result is not an ad, and they have known about the . site for nearly seven years. To the end user, the entire thing looks on the up-and-up.. In our experience, many of these hacked sites serving the fake message board are running a well-known content management system, to which the threat actors make modifications that subtly rewrite how the contents of the website are presented to certain visitors, based on characteristics of the individual visitors (including how they arrive on the hacked site).

Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web

www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265 Yes, there are “criminal job boards” in the traditional sense on the Dark Web. The Edge spoke with several security researchers, including the Photon Research Team at Digital Shadows, about the growing number of English- and Russian-language Dark Web forums that feature job boards with specific sections dedicated to the topic of recruitment and the skills required.

You might be interested in …

Daily NCSC-FI news followup 2021-03-11

February 2021s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals. Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has […]

Read More

Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2020-11-24

TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416. Historic campaigns by this actor have also been publicly attributed to Mustang Panda and RedDelta. This new activity appears to be a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.