Daily NCSC-FI news followup 2021-03-25

Supon vuosikirja 2020: Terrorismin uhka-arviossa näkyy äärioikeiston muuttunut tilannekuva

supo.fi/-/supon-vuosikirja-2020-terrorismin-uhka-arviossa-nakyy-aarioikeiston-muuttunut-tilannekuva Terrorismin uhka Suomessa on edelleen tasolla kaksi eli kohonnut. Suurin muutos on tapahtunut äärioikeistolaisen terrorismin tilannekuvassa. Koronapandemia vaikutti kybervakoilun kasvuun. Suojelupoliisi havaitsi poikkeuksellisen intensiivisiä valtiollisia kybervakoiluyrityksiä, jotka kohdistuivat Suomen ulko- ja turvallisuuspoliittisen päätöksenteon valmisteluun.

Cybersecurity: Council adopts conclusions on the EU’s cybersecurity strategy

www.consilium.europa.eu/en/press/press-releases/2021/03/22/cybersecurity-council-adopts-conclusions-on-the-eu-s-cybersecurity-strategy/ The Council today adopted conclusions on the EU’s cybersecurity strategy for the digital decade. This strategy was presented by the Commission and the high representative for foreign affairs in December 2020. It outlines the framework for EU action to protect EU citizens and businesses from cyber threats, promote secure information systems and protect a global, open, free and secure cyberspace.

Suomalaisille sähköpostipalvelimille 66 murtoa näin viranomainen kommentoi iskujen sarjaa

www.is.fi/digitoday/tietoturva/art-2000007881644.html Microsoftin Exchange-sähköpostipalvelimille tehtyjen murtojen määrästä Suomessa saatiin uutta tietoa. Traficomin alaisen Kyberturvallisuuskeskuksen tiedossa oli torstaina iltapäivällä 66 varmistettua tietomurtotapausta.

Poliisi varoittaa verkko­huijaus­ilmiöstä: Näin uhreilta on viety kymmeniä­tuhansia euroja “Huijauksissa toistuu kaava”

www.is.fi/digitoday/art-2000007881760.html Verkkorikokset eivät ole vähentyneet koronan aikana. Länsi-Uudenmaan poliisi tutkii parhaillaan useita verkkorikoksia. Niissä rikosnimikkeenä on usein törkeä petos.

New ICS Threat Activity Group: STIBNITE

www.dragos.com/blog/industry-news/new-ics-threat-activity-group-stibnite/ Dragos first disclosed four new threat activity groups targeting ICS/OT last month in the ICS Cybersecurity 2020 Year in Review report. In this blog post, we will provide more information on one of the new groups: STIBNITE. The fundamental assessment of threats tracked by Dragos is that they are explicitly attempting to gain access to ICS networks and operations or are successful in achieving access, not simply trying to gain access to an industrial organization. To learn more about ICS threat activity groups and how they’re created, we invite you to read our blog post “Uncovering ICS Threat Activity Groups.”

Threat landscape for industrial automation systems. Statistics for H2 2020

securelist.com/threat-landscape-for-industrial-automation-systems-statistics-for-h2-2020/101299/

Facebook blocks Chinese state hackers targeting Uyghur activists

www.bleepingcomputer.com/news/security/facebook-blocks-chinese-state-hackers-targeting-uyghur-activists/ Also:

www.forbes.com/sites/thomasbrewster/2021/03/24/chinese-hackers-used-facebook-to-target-uyghurs-with-powerful-iphone-and-android-spyware/?sh=3e925df97522. Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. Also:

arstechnica.com/information-technology/2021/03/facebook-shuts-down-hackers-who-infected-ios-and-android-devices/. Also:

www.tivi.fi/uutiset/tv/b272d399-6e3d-40a4-8064-615da3675017

Microsoft fixes Windows PSExec privilege elevation vulnerability

www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/ Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices.

Google Chrome will use HTTPS as default navigation protocol

www.bleepingcomputer.com/news/google/google-chrome-will-use-https-as-default-navigation-protocol/ Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser’s next stable version.

This company was hit by ransomware. Here’s what they did next, and why they didn’t pay up

www.zdnet.com/article/this-company-was-hit-with-ransomware-heres-what-they-did-next-and-why-they-didnt-pay-up/ “When it hit, we ran to our server room and data centre and started pulling plugs out.” How one company was hit by ransomware, but refused to pay up.

‘Like playing whack-a-mole’: Do cyber-crime crackdowns have any real impact?

www.zdnet.com/article/like-playing-whack-a-mole-do-cyber-crime-crackdowns-have-any-real-impact/ Disrupting underground marketplaces and arresting criminals has an impact on cybercrime – even if new malware and gangs emerge to fill the gaps.

Brazil leads in phishing attacks

www.zdnet.com/article/brazil-leads-in-phishing-attacks/#ftag=RSSbaffb68 One in five Internet users were targeted at least once in 2020, but awareness is growing in the country, according to research.

ACSC running scans to find vulnerable Microsoft Exchange servers in Australia

www.zdnet.com/article/acsc-running-scans-to-find-vulnerable-microsoft-exchange-servers-in-australia/ ’10s of organisations’ have spotted Microsoft Exchange vulnerability indicators on their systems, according to the Australian Cyber Security Centre.

Sanna Marin vedettiin bitcoin-huijauksen kasvoiksi näin vedätys toimii

www.is.fi/digitoday/tietoturva/art-2000007880709.html Pääministerin kuvia käytetään huijauksissa, joita on aiemmin nähty muiden julkisuuden henkilöiden nimissä.

Tietomurtojen aalto ravistelee Suomea: Viranomaiselle kymmeniä ilmoituksia lisää tulee

www.is.fi/digitoday/tietoturva/art-2000007879325.html Tietosuojavaltuutetun mukaan Exchange-hyökkäykset aiheuttavat todennäköisesti korkean riskin henkilöiden oikeuksille ja vapauksille.

Apple lateli jyrkät ehdot näin pitkälle se on valmis menemään varjellakseen salaisuuksia

www.tivi.fi/uutiset/tv/7ebe797d-2ee9-429d-97b4-0c8a083c3b89 Apple on yksi yhtiöistä, jotka harvoin pääsevät varsinaisesti yllättämään ketään julkistuksillaan. Nyt se käy jyrkin keinoin tietovuotoja vastaan.

Purple Fox leviää nyt vauhdikkaasti matona Windows-koneisiin

www.tivi.fi/uutiset/tv/4215cb8a-1075-40af-8529-31c2fac642e0 Purple Fox -haittaohjelman variantti käyttää nyt uutta tapaa saastuttaakseen Windows-koneita. Vuonna 2018 ensimmäisen kerran havaittua Purple Fox -haittaohjelmaa on tähän asti levitetty muun muassa kalastelusähköpostien kautta ja verkkorikollisten työkalusovellusten avulla. ZDnet kirjoittaa, että viime viikkoina haittaohjelmasta on löydetty uusi muunnos, joka on ehtinyt saastuttaa jo suuren joukon Windows-koneita. Lue:

www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/

Mikä salasanamoka: Romanialaisministeri julkaisi Facebookissa “vähän” enemmän kuin piti

www.is.fi/digitoday/tietoturva/art-2000007881128.html Romanian puolustusministerille Nicolae Ciuclle kävi vahinko hänen vieraillessaan maavoimien akatemiassa Sibiussa. Romanialaisen HotNews-uutispalvelun mukaan (romaniaksi) 54-vuotias Ciuc jakoi Facebookissa vierailustaan enemmän kuin oli tarpeellista.

Ruby off the Rails: Code library yanked over license blunder, sparks chaos for half a million projects

www.theregister.com/2021/03/25/ruby_rails_code/ On Wednesday, Bastien Nocera, the maintainer of a software library called shared-mime-info, informed Daniel Mendler, maintainer of a Ruby library called mimemagic, which incorporates Nocera’s code, that he was shipping mimemagic under an incompatible software license.

Average ransomware payouts shoot up 171% to over $300, 000

www.tripwire.com/state-of-security/featured/average-ransomware-payouts-shoot-up/ Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. Also:

unit42.paloaltonetworks.com/ransomware-threat-report-highlights/

OpenSSL fixes severe DoS, certificate validation vulnerabilities

www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/ Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products.

QNAP warns of ongoing brute-force attacks against NAS devices

www.bleepingcomputer.com/news/security/qnap-warns-of-ongoing-brute-force-attacks-against-nas-devices/ QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urges them to enhance their security as soon as possible.

Malware Analysis Report (AR21-084B) – MAR-10329499-1.v1: China Chopper Webshell

us-cert.cisa.gov/ncas/analysis-reports/ar21-084b

Webshells Observed in Post-Compromised Exchange Servers

us-cert.cisa.gov/ncas/current-activity/2021/03/25/webshells-observed-post-compromised-exchange-servers

You might be interested in …

Daily NCSC-FI news followup 2020-04-17

China-linked Electric Panda hackers seek U.S. targets, intel agency warns www.politico.com/news/2020/04/16/china-electric-panda-hackers-seek-us-targets-191220 Nearly 40 U.S. contracting facilities with access to classified information have been targeted by a hacking group with suspected ties to the Chinese government since Feb. 1, according to a bulletin disseminated to contractors by the Defense Counterintelligence and Security Agency on Wednesday. Hacking […]

Read More

Daily NCSC-FI news followup 2020-09-04

FBI: Thousands of orgs targeted by RDoS extortion campaign www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/ The FBI recommended US companies that received such ransom notes from the criminal gang behind this ongoing RDoS campaign not to pay the criminals’ ransom. Warner Music Group finds hackers compromised its online stores www.bleepingcomputer.com/news/security/warner-music-group-finds-hackers-compromised-its-online-stores/ Warner Music Group (WMG), the third-largest global music recording company, […]

Read More

Daily NCSC-FI news followup 2019-11-05

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/ A malware infection has crippled the IT operations in the remote Canadian territory of Nunavut. An alert from the provincial government on Monday says that “all government services requiring access to electronic information” are being impacted by what they describe as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.