Daily NCSC-FI news followup 2021-04-05

Supply chain attacks: what we know about the SolarWinds Sunburst’ exploit, and why it still matters

blog.checkpoint.com/2021/04/05/supply-chain-attacks-what-we-know-about-the-solarwinds-sunburst-exploit-and-why-it-still-matters/ In a press conference, more than 2 months after the incident, the U.S. deputy national security advisor said that investigators were still in the “beginning stages” of understanding the scope and scale of the attack. What makes the SolarWinds hack particularly dangerous is that it leveraged cloud-based services to orchestrate a supply-chain attack. Because access to those services was obtained via authentication systems based on already-compromised networks, the attackers were able to breach companies’ defences without raising any alarms. To prevent future attacks, organizations need to ensure that they employ the basic core security practices of endpoint protection, email security, least-privilege access and network segmentation across their infrastructure, to make it harder for adversaries to infiltrate networks and move laterally within the organization to access critical assets.

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack The unnamed company fell victim to a ransomware attack and paid millions in bitcoin in order to restore the network and retrieve the files. However, the company just left it at that, failing to analyse how cyber criminals infiltrated the network something that came back to haunt them when the same ransomware gang infected the network with the same ransomware less than two weeks later. The company ended up paying a ransom a second time.

Ubiquiti All But Confirms Breach Response Iniquity

krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/ For four days this past week, Internet-of-Things giant Ubiquiti did not respond to requests for comment on a whistleblower’s allegations the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication. The whistleblower, “Adam, ” spoke on condition of anonymity for fear of reprisals from Ubiquiti. Adam said the place where those key administrator credentials were compromised Ubiquiti’s presence on Amazon’s Web Services (AWS) cloud services was in fact the “third party” blamed for the hack.

Linux-jakelu, joka sopii kenelle tahansa tällainen on Mageia 8

www.tivi.fi/uutiset/tv/00c16e4c-745e-427f-a0fa-437995b79396 Mageia on monelle varsin uusi tuttavuus ja iloinen yllätys. Se on käyttöjärjestelmä, joka sopii niin Linux-aloittelijoille kuin tehokäyttäjillekin. Mageia on rakennettu klassisen Mandrivan raunioiden päälle. Kyseessä ei ole perustuksiltaan huojuva korttitalo, vaan oikeasti omaperäinen Linux-distro, joka yllättää sulavalla toiminnallaan ja kauniilla ulkoasullaan.

Google rajoittaa sovellusten oikeuksia Toiminnon käyttäminen vaatii jatkossa tarkkaa perustelua

www.tivi.fi/uutiset/tv/035e0cd3-8bfb-40f6-831c-eb937a34d4df Play-kaupasta ladattavat sovellukset vaativat jatkossa erittäin hyvän syyn muiden ladattujen sovellusten tarkasteluun. Tällä hetkellä kaikki “QUERY_ALL_PACKAGES”-lupaa pyytävät Android 11 -sovellukset näkevät kaikki käyttäjän asentamat sovellukset. Google kuitenkin päivitti kehittäjäehtojaan ja pitää nyt tietoa henkilökohtaisena ja arkaluonteisena rajoittaen samalla sen käyttämistä.

Hakkerit saa apuun rahalla näin järjestät bug bounty -ohjelman

www.tivi.fi/uutiset/tv/816b0d55-266f-4429-be14-095ced64e9d7 Bugipalkkio-ohjelmien suosio nousee. Onnistunut ohjelma vaatii hyvän pohjatyön. Hakkerit päästetään yhä useammin tarkoituksella penkomaan yritysten ja organisaatioiden järjestelmiä. Niin sanotuissa bug bounty eli bugipalkkio-ohjelmissa hakkerit raportoivat löytämistään haavoittuvuuksista palkkioita vastaan.

How the Work-From-Home Shift Impacts SaaS Security

thehackernews.com/2021/04/how-work-from-home-shift-impacts-saas.html The data is in. According to IBM Security’s 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. “New controls are needed to address these new realities”

15 Cybersecurity Pitfalls and Fixes for SMBs

threatpost.com/cybersecurity-pitfalls-fixes-smbs/165225/ Small- to medium-sized businesses (SMBs), those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. Security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

You might be interested in …

Daily NCSC-FI news followup 2020-08-11

Viittä nuorta miestä epäillään tietomurroista yritysten verkkopalveluihin poliisin mukaan yksittäisiä tietomurtoja paljastui useita miljoonia yle.fi/uutiset/3-11487798 Poliisin esitutkinta kesti lähes kolme vuotta. Tutkinnassa oli jopa 10 miljoonaa yksittäistä tekoa. Lue myös: www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/esitutkinta_tietomurtojen_tehtailusta_valmistui_epaillyt_nuoret_miehet_tekoaikaan_alaikaisia_92557. Sekä: www.is.fi/digitoday/tietoturva/art-2000006598167.html NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/ […]

Read More

Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be […]

Read More

Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.