Daily NCSC-FI news followup 2021-04-15

White House formally blames Russian intelligence service SVR for SolarWinds hack

therecord.media/white-house-formally-blames-russian-intelligence-service-svr-for-solarwinds-hack/ In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.. The White House said that SVRs hacking unit, known as APT 29, Cozy Bear, or The Dukes, exploited the SolarWinds Orion platform and other information technology infrastructures as part of a broad-scope cyber espionage campaign.. see also

www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/. and home.treasury.gov/news/press-releases/jy0127. and

www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise. and www.nato.int/cps/en/natohq/official_texts_183168.htm. and


Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ This advisory is being released alongside the U.S. Governments formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them. . see also

us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied. and us-cert.cisa.gov/ncas/analysis-reports/ar21-105a

Second Google Chrome zero-day exploit dropped on twitter this week

www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/ A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

Huoltovarmuuskeskuksen ja tavarantoimittajan välisessä maksuliikenteessä mahdollinen rikollinen väliintulo. HVK:lle ei ole syntynyt taloudellista vahinkoa ja suuri osa maksusta on jo palautettu HVK:n tilille.

www.huoltovarmuuskeskus.fi/a/huoltovarmuuskeskuksen-ja-tavarantoimittajan-valisessa-maksuliikenteessa-mahdollinen-rikollinen-valiintulo-hvklle-ei-ole-syntynyt-taloudellista-vahinkoa-ja-suuri-osa-ma… Huoltovarmuuskeskus (HVK) on tehnyt poliisille tutkintapyynnön ja pyytänyt keskusrikospoliisin rahanpesuyksikköä selvittämään, liittyykö HVK:n ja erään sen tavarantoimittajan väliseen maksuliikenteeseen rikollinen väliintulo.. Tutkintapyyntö liittyy maksuun, jonka kokonaissumma on noin 1,3 miljoonaa euroa.

University of Hertfordshire pulls the plug on, well, everything after cyber attack

www.theregister.com/2021/04/15/university_hertfordshire_cyber_attack/ The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation.

The Biden Administration Just Accused A $1 Billion Russian Cybersecurity Company Of Recruiting Spies

www.forbes.com/sites/thomasbrewster/2021/04/15/the-biden-administration-just-accused-a-1-billion-russian-cybersecurity-company-of-recruiting-spies/ Despite being valued at $1 billion and growing to become a major force in the cybersecurity industry, Moscow-based Positive Technologies has just been accused by the U.S. government of helping and recruiting for Russian spy agencies.

Gafgyt Botnet Lifts DDoS Tricks from Mirai

threatpost.com/gafgyt-botnet-ddos-mirai/165424/ The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.

Huge upsurge in DDoS attacks during pandemic


You might be interested in …

Daily NCSC-FI news followup 2020-01-22

The Guardian: Amazonin perustajan puhelimeen lähetetty hakkerointitiedosto näyttää tulleen Saudi-Arabian kruununprinssiltä yle.fi/uutiset/3-11169416 Verkkokauppa Amazonin perustajan Jeff Bezosin puhelimen hakkerointiin käytetty tiedosto vaikuttaa tulleen Saudi-Arabian kruununprinssin Mohammed bin Salmanin henkilökohtaiselta tililtä, brittiläinen The Guardian -sanomalehti kirjoittaa. The Guardian artikkeli: www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince Glenn Greenwald Charged With Cybercrimes in Brazil www.nytimes.com/2020/01/21/world/americas/glenn-greenwald-brazil-cybercrimes.html Federal prosecutors in Brazil on Tuesday charged the […]

Read More

Daily NCSC-FI news followup 2020-06-18

Car autopilot security www.kaspersky.com/blog/protecting-adas/35961/ Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). . The main issue that autopilot manufacturers must address is guaranteeing reliability and […]

Read More

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.