Daily NCSC-FI news followup 2021-04-15

White House formally blames Russian intelligence service SVR for SolarWinds hack

therecord.media/white-house-formally-blames-russian-intelligence-service-svr-for-solarwinds-hack/ In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.. The White House said that SVRs hacking unit, known as APT 29, Cozy Bear, or The Dukes, exploited the SolarWinds Orion platform and other information technology infrastructures as part of a broad-scope cyber espionage campaign.. see also

www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/. and home.treasury.gov/news/press-releases/jy0127. and

www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise. and www.nato.int/cps/en/natohq/official_texts_183168.htm. and


Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ This advisory is being released alongside the U.S. Governments formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them. . see also

us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied. and us-cert.cisa.gov/ncas/analysis-reports/ar21-105a

Second Google Chrome zero-day exploit dropped on twitter this week

www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/ A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

Huoltovarmuuskeskuksen ja tavarantoimittajan välisessä maksuliikenteessä mahdollinen rikollinen väliintulo. HVK:lle ei ole syntynyt taloudellista vahinkoa ja suuri osa maksusta on jo palautettu HVK:n tilille.

www.huoltovarmuuskeskus.fi/a/huoltovarmuuskeskuksen-ja-tavarantoimittajan-valisessa-maksuliikenteessa-mahdollinen-rikollinen-valiintulo-hvklle-ei-ole-syntynyt-taloudellista-vahinkoa-ja-suuri-osa-ma… Huoltovarmuuskeskus (HVK) on tehnyt poliisille tutkintapyynnön ja pyytänyt keskusrikospoliisin rahanpesuyksikköä selvittämään, liittyykö HVK:n ja erään sen tavarantoimittajan väliseen maksuliikenteeseen rikollinen väliintulo.. Tutkintapyyntö liittyy maksuun, jonka kokonaissumma on noin 1,3 miljoonaa euroa.

University of Hertfordshire pulls the plug on, well, everything after cyber attack

www.theregister.com/2021/04/15/university_hertfordshire_cyber_attack/ The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation.

The Biden Administration Just Accused A $1 Billion Russian Cybersecurity Company Of Recruiting Spies

www.forbes.com/sites/thomasbrewster/2021/04/15/the-biden-administration-just-accused-a-1-billion-russian-cybersecurity-company-of-recruiting-spies/ Despite being valued at $1 billion and growing to become a major force in the cybersecurity industry, Moscow-based Positive Technologies has just been accused by the U.S. government of helping and recruiting for Russian spy agencies.

Gafgyt Botnet Lifts DDoS Tricks from Mirai

threatpost.com/gafgyt-botnet-ddos-mirai/165424/ The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.

Huge upsurge in DDoS attacks during pandemic


You might be interested in …

Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers. French CERT (ANSSI) releases Active Directory Security Assessment Checklist www.cert.ssi.gouv.fr/uploads/guide-ad.html U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III […]

Read More

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Daily NCSC-FI news followup 2020-02-02

Firefox now shows what telemetry data it’s collecting about you www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you/ Users can no go to about:telemetry and see what Mozilla is collecting about their Firefox installs. Poliisin ohje Nivalan Nuorisoseuran täydelle salille ikäihmisiä, miten pitää rahat ja omaisuus varkailta suojassa: “Jos Töllin Keijo soittaa teille, älkää antako tunnuslukua.” www.nivala-lehti.fi/uutinen/588218 Kun sosiaalisessa mediassa kuitenkin ollaan, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.