Daily NCSC-FI news followup 2021-04-05

Supply chain attacks: what we know about the SolarWinds Sunburst’ exploit, and why it still matters

blog.checkpoint.com/2021/04/05/supply-chain-attacks-what-we-know-about-the-solarwinds-sunburst-exploit-and-why-it-still-matters/ In a press conference, more than 2 months after the incident, the U.S. deputy national security advisor said that investigators were still in the “beginning stages” of understanding the scope and scale of the attack. What makes the SolarWinds hack particularly dangerous is that it leveraged cloud-based services to orchestrate a supply-chain attack. Because access to those services was obtained via authentication systems based on already-compromised networks, the attackers were able to breach companies’ defences without raising any alarms. To prevent future attacks, organizations need to ensure that they employ the basic core security practices of endpoint protection, email security, least-privilege access and network segmentation across their infrastructure, to make it harder for adversaries to infiltrate networks and move laterally within the organization to access critical assets.

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack The unnamed company fell victim to a ransomware attack and paid millions in bitcoin in order to restore the network and retrieve the files. However, the company just left it at that, failing to analyse how cyber criminals infiltrated the network something that came back to haunt them when the same ransomware gang infected the network with the same ransomware less than two weeks later. The company ended up paying a ransom a second time.

Ubiquiti All But Confirms Breach Response Iniquity

krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/ For four days this past week, Internet-of-Things giant Ubiquiti did not respond to requests for comment on a whistleblower’s allegations the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication. The whistleblower, “Adam, ” spoke on condition of anonymity for fear of reprisals from Ubiquiti. Adam said the place where those key administrator credentials were compromised Ubiquiti’s presence on Amazon’s Web Services (AWS) cloud services was in fact the “third party” blamed for the hack.

Linux-jakelu, joka sopii kenelle tahansa tällainen on Mageia 8

www.tivi.fi/uutiset/tv/00c16e4c-745e-427f-a0fa-437995b79396 Mageia on monelle varsin uusi tuttavuus ja iloinen yllätys. Se on käyttöjärjestelmä, joka sopii niin Linux-aloittelijoille kuin tehokäyttäjillekin. Mageia on rakennettu klassisen Mandrivan raunioiden päälle. Kyseessä ei ole perustuksiltaan huojuva korttitalo, vaan oikeasti omaperäinen Linux-distro, joka yllättää sulavalla toiminnallaan ja kauniilla ulkoasullaan.

Google rajoittaa sovellusten oikeuksia Toiminnon käyttäminen vaatii jatkossa tarkkaa perustelua

www.tivi.fi/uutiset/tv/035e0cd3-8bfb-40f6-831c-eb937a34d4df Play-kaupasta ladattavat sovellukset vaativat jatkossa erittäin hyvän syyn muiden ladattujen sovellusten tarkasteluun. Tällä hetkellä kaikki “QUERY_ALL_PACKAGES”-lupaa pyytävät Android 11 -sovellukset näkevät kaikki käyttäjän asentamat sovellukset. Google kuitenkin päivitti kehittäjäehtojaan ja pitää nyt tietoa henkilökohtaisena ja arkaluonteisena rajoittaen samalla sen käyttämistä.

Hakkerit saa apuun rahalla näin järjestät bug bounty -ohjelman

www.tivi.fi/uutiset/tv/816b0d55-266f-4429-be14-095ced64e9d7 Bugipalkkio-ohjelmien suosio nousee. Onnistunut ohjelma vaatii hyvän pohjatyön. Hakkerit päästetään yhä useammin tarkoituksella penkomaan yritysten ja organisaatioiden järjestelmiä. Niin sanotuissa bug bounty eli bugipalkkio-ohjelmissa hakkerit raportoivat löytämistään haavoittuvuuksista palkkioita vastaan.

How the Work-From-Home Shift Impacts SaaS Security

thehackernews.com/2021/04/how-work-from-home-shift-impacts-saas.html The data is in. According to IBM Security’s 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. “New controls are needed to address these new realities”

15 Cybersecurity Pitfalls and Fixes for SMBs

threatpost.com/cybersecurity-pitfalls-fixes-smbs/165225/ Small- to medium-sized businesses (SMBs), those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. Security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

You might be interested in …

Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating […]

Read More

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil […]

Read More

Daily NCSC-FI news followup 2020-01-30

Enterprise Hardware Still Vulnerable to Memory Lane Attacks www.darkreading.com/vulnerabilities—threats/enterprise-hardware-still-vulnerable-to-memory-lane-attacks/d/d-id/1336921 Most laptops, workstations, and servers are still vulnerable to physical attacks via direct memory access, despite mitigations often being available, report says.. Report: eclypsium.com/2020/01/30/direct-memory-access-attacks/ Dozens of companies have data dumped online by ransomware ring seeking leverage arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leverage/ Maze operators “gift” Pensacola by removing data dump, but […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.