Daily NCSC-FI news followup 2021-03-23

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector The NCSC is responding to further targeted ransomware attacks on the education sector by cyber criminals.

When & How to Report Security Incidents

www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents by national telecom security authorities.

ENCE-tähti Aleksi Jallin pelitili hakkeroitiin, peliyhtiö riensi hätiin näillä vinkeillä suojaudut huijareilta

www.is.fi/digitoday/esports/art-2000007876835.html ENCEn Counter-Strike-pelaajan Aleksi “allu” Jallin henkilökohtainen Steam-pelitunnus hakkeroitiin maanantaina. Pelaaja kertoi asiasta Twitterissä.

Pimeästä verkosta löytyi Sputnikia asiantuntija antaa tärkeän neuvon jo rokotetuille

www.is.fi/digitoday/tietoturva/art-2000007876273.html Kuvaa rokotetodistuksesta ei pitäisi jakaa sosiaalisessa mediassa, sillä se saattaa päätyä rikolliseen käyttöön.

Muutimme punaisen Exchange-varoituksen keltaiseksi

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/Varoitus_TTN_0221 Annoimme 3.3.2021 punaisen varoituksen haavoittuvista Exchange-palvelimista. Akuuttivaihe on takana, mutta organisaatioiden, joilla Exchange on tai on ollut käytössä, tulee tehdä tietoturvatutkinta.

45 000 suomalaista joutui identiteettivarkauden uhriksi mutta entä Vastaamo?

www.is.fi/digitoday/tietoturva/art-2000007877152.html Koronan värittämä vuosi lisäsi identiteettivarkauksien yrityksiä huomattavasti, uusi kyselytutkimus kertoo. Lue:

www.mysafety.fi/sites/mysafety.fi/files/MySafety_ID_tutkimusraportti_B2C_2021_176x250mm_22032021_web.pdf. Myös:

www.tivi.fi/uutiset/tv/68f836bd-ee1c-47ed-9e42-16c267a45b34 ja

yle.fi/uutiset/3-11850804

Threat Trends: DNS Security, Part 2

blogs.cisco.com/security/threat-trends-dns-security-part-2 We’ll focus on specific industries, looking at two things: the top threat categories they face, and the categories that they’re more likely to encounter when compared to other industries. In this way, you’ll be better armed knowing which threats you’re more likely to encounter within your industry.

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks

thehackernews.com/2021/03/warning-new-android-zero-day.html Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an “improper input validation” issue in Qualcomm’s Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access to a huge chunk of the device’s memory. Also:

www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin. Also: source.android.com/security/bulletin/2021-01-01

1-15 March 2021 Cyber Attack Timeline

www.hackmageddon.com/2021/03/23/1-15-march-2021-cyber-attack-timeline/ Here’s the first cyber attacks timeline of March, covering the main events occurred in the first half of this month. What an unbelievable period from an infosecurity standpoint! I have collected a staggering 150 events, and the reason is that there are some factors that are undoubtedly characterizing the period and will probably leave some consequences throughout the entire 2021.

IS selvitti: Näin pimeässä verkossa myydään korona­rokotteita yli­proviisorilta selkeä kommentti

www.is.fi/digitoday/art-2000007875751.html IS Digitoday teki selvityksensä kymmenellä pimeän verkon kauppapaikalla.

Facebook ilmoittaa puhdistaneensa palveluaan yli 1, 3 miljardia valetiliä poistettiin

yle.fi/uutiset/3-11850460 Sosiaalisen median jätti Facebook on poistanut palvelustaan yli 1, 3 miljardia valetiliä, kertoo Guy Rosen, yksi yhtiön varatoimitusjohtajista. Valetilit poistettiin viime vuoden loka-joulukuun aikana. Valetilejä käytetään usein koordinoiduissa kampanjoissa, joiden tarkoituksena on levittää virheellistä tietoa.

How to enable Facebook’s hardware key authentication for iOS and Android

blog.malwarebytes.com/how-tos-2/2021/03/how-to-enable-facebooks-hardware-key-authentication-for-ios-and-android/ Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push notifications (which are also vulnerable to phishing).

MangaDex manga site temporarily shut down after cyberattack

www.bleepingcomputer.com/news/security/mangadex-manga-site-temporarily-shut-down-after-cyberattack/ Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen.

CISA Warns of Security Flaws in GE Power Management Devices

threatpost.com/cisa-security-flaws-ge-power-management/164961/ The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition. Also:

us-cert.cisa.gov/ics/advisories/icsa-21-075-02

Microsoft Exchange servers now targeted by Black Kingdom ransomware

www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/ Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts

therecord.media/suspected-bec-gang-arrested-in-nigeria-amid-internet-fraud-crackdown-efforts/ Nigerian authorities arrested 18 suspects last week in the province of Ogun on internet fraud-related charges, including malware and business email compromise (BEC) attacks, officials told The Record today.

Microsoft warns of phishing attacks bypassing email gateways

www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/ An ongoing phishing operation that stole an estimated 400, 000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs). The attacks are part of multiple phishing campaigns collectively dubbed the “Compact” Campaign, active since early 2020 first detected by the WMC Global Threat Intelligence Team. Also: https://twitter.com/MsftSecIntel/status/1374148166912647168

High-availability server maker Stratus hit by ransomware

www.bleepingcomputer.com/news/security/high-availability-server-maker-stratus-hit-by-ransomware/ Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack’s spread. Also:

www.stratus.com/security-incident/

Three billion phishing emails are sent every day. But one change could make life much harder for scammers

www.bleepingcomputer.com/news/security/ransomware-attack-shuts-down-sierra-wireless-iot-maker/ Phishing attacks remain extremely popular with cyber criminals – but by applying DMARC, organisations can help thwart them.

Ransomware attack shuts down Sierra Wireless IoT maker

www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/#ftag=RSSbaffb68 Sierra Wireless, a world-leading IoT (Internet of Things) solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites. The ransomware attack hit Sierra Wireless’ internal network over the weekend, on March 20. The company says that the attack did not impact any customer-facing services or products. Following the attack, the company also had to shut down manufacturing plants worldwide, and it expects to resume production and operations soon.

Microsoft: 92% of Exchange servers safe from ProxyLogon attacks

www.bleepingcomputer.com/news/security/microsoft-92-percent-of-exchange-servers-safe-from-proxylogon-attacks/ Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday.

Hakkerit saa apuun rahalla näin järjestät bug bounty -ohjelman [TILAAJILLE]

www.tivi.fi/uutiset/tv/c105b7e4-9fc4-416e-9b29-306c0b2dcf4a Hakkerit päästetään yhä useammin tarkoituksella penkomaan yritysten ja organisaatioiden järjestelmiä. Niin sanotuissa bug bounty eli bugipalkkio-ohjelmissa hakkerit raportoivat löytämistään haavoittuvuuksista palkkioita vastaan. Kyseessä on uudenlainen strategia kehittää tietoturvaa. Siinä missä perinteinen tietoturva-auditointi keskittyy pistemäisesti tiettyjen kohteiden analysointiin, bugipalkkio-ohjelmassa vain hakkerien mielikuvitus on rajana. Haavoittuvuuksia voikin löytyä yllättävistä paikoista. Ohjelmasta voi tehdä joko avoimen tai suljetun. Avoimessa ohjelmassa kuka tahansa pääsee hakkeroimaan järjestelmiä, kun taas suljetussa ohjelmassa organisaatio valitsee tietyn joukon luotettuja hakkereita. Avoimen ohjelman kohteena ovat tyypillisesti kaikki julkiset järjestelmät, suljetussa hakkerit voi päästää syvemmälle järjestelmien syövereihin. Ulkoministeriön tulevassa ohjelmassa hakkerit pidetään anonyymeinä, sillä jotkut vierastavat nimensä paljastamista viranomaistaholle. Nimen pyytäminen tai tunnistautuminen saattaisi rajata hyviä hakkereita pois ohjelmasta.

You might be interested in …

Daily NCSC-FI news followup 2021-08-06

Angry Affiliate Leaks Conti Ransomware Gang Playbook threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/ A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service (RaaS) operation, according to a report. Data revealed by the post included the IP addresses for the group’s Cobalt Strike command-and-control […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.