Daily NCSC-FI news followup 2021-04-05

Supply chain attacks: what we know about the SolarWinds Sunburst’ exploit, and why it still matters

blog.checkpoint.com/2021/04/05/supply-chain-attacks-what-we-know-about-the-solarwinds-sunburst-exploit-and-why-it-still-matters/ In a press conference, more than 2 months after the incident, the U.S. deputy national security advisor said that investigators were still in the “beginning stages” of understanding the scope and scale of the attack. What makes the SolarWinds hack particularly dangerous is that it leveraged cloud-based services to orchestrate a supply-chain attack. Because access to those services was obtained via authentication systems based on already-compromised networks, the attackers were able to breach companies’ defences without raising any alarms. To prevent future attacks, organizations need to ensure that they employ the basic core security practices of endpoint protection, email security, least-privilege access and network segmentation across their infrastructure, to make it harder for adversaries to infiltrate networks and move laterally within the organization to access critical assets.

Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack The unnamed company fell victim to a ransomware attack and paid millions in bitcoin in order to restore the network and retrieve the files. However, the company just left it at that, failing to analyse how cyber criminals infiltrated the network something that came back to haunt them when the same ransomware gang infected the network with the same ransomware less than two weeks later. The company ended up paying a ransom a second time.

Ubiquiti All But Confirms Breach Response Iniquity

krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/ For four days this past week, Internet-of-Things giant Ubiquiti did not respond to requests for comment on a whistleblower’s allegations the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication. The whistleblower, “Adam, ” spoke on condition of anonymity for fear of reprisals from Ubiquiti. Adam said the place where those key administrator credentials were compromised Ubiquiti’s presence on Amazon’s Web Services (AWS) cloud services was in fact the “third party” blamed for the hack.

Linux-jakelu, joka sopii kenelle tahansa tällainen on Mageia 8

www.tivi.fi/uutiset/tv/00c16e4c-745e-427f-a0fa-437995b79396 Mageia on monelle varsin uusi tuttavuus ja iloinen yllätys. Se on käyttöjärjestelmä, joka sopii niin Linux-aloittelijoille kuin tehokäyttäjillekin. Mageia on rakennettu klassisen Mandrivan raunioiden päälle. Kyseessä ei ole perustuksiltaan huojuva korttitalo, vaan oikeasti omaperäinen Linux-distro, joka yllättää sulavalla toiminnallaan ja kauniilla ulkoasullaan.

Google rajoittaa sovellusten oikeuksia Toiminnon käyttäminen vaatii jatkossa tarkkaa perustelua

www.tivi.fi/uutiset/tv/035e0cd3-8bfb-40f6-831c-eb937a34d4df Play-kaupasta ladattavat sovellukset vaativat jatkossa erittäin hyvän syyn muiden ladattujen sovellusten tarkasteluun. Tällä hetkellä kaikki “QUERY_ALL_PACKAGES”-lupaa pyytävät Android 11 -sovellukset näkevät kaikki käyttäjän asentamat sovellukset. Google kuitenkin päivitti kehittäjäehtojaan ja pitää nyt tietoa henkilökohtaisena ja arkaluonteisena rajoittaen samalla sen käyttämistä.

Hakkerit saa apuun rahalla näin järjestät bug bounty -ohjelman

www.tivi.fi/uutiset/tv/816b0d55-266f-4429-be14-095ced64e9d7 Bugipalkkio-ohjelmien suosio nousee. Onnistunut ohjelma vaatii hyvän pohjatyön. Hakkerit päästetään yhä useammin tarkoituksella penkomaan yritysten ja organisaatioiden järjestelmiä. Niin sanotuissa bug bounty eli bugipalkkio-ohjelmissa hakkerit raportoivat löytämistään haavoittuvuuksista palkkioita vastaan.

How the Work-From-Home Shift Impacts SaaS Security

thehackernews.com/2021/04/how-work-from-home-shift-impacts-saas.html The data is in. According to IBM Security’s 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. “New controls are needed to address these new realities”

15 Cybersecurity Pitfalls and Fixes for SMBs

threatpost.com/cybersecurity-pitfalls-fixes-smbs/165225/ Small- to medium-sized businesses (SMBs), those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. Security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.

You might be interested in …

Daily NCSC-FI news followup 2019-10-20

Equifax used ‘admin’ as username and password for sensitive data finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html The Pixel 4s face unlock works on sleeping, unconscious people arstechnica.com/gadgets/2019/10/the-pixel-4s-face-unlock-works-on-sleeping-unconscious-people/ NordVPN is investigating a potential certificate leak. Unconfirmed as of now. https://twitter.com/NordVPN/status/1185979592374398976 See also https://twitter.com/cryptostorm_is/status/1185976222364438528

Read More

Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa? yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja. Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona […]

Read More

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.