Daily NCSC-FI news followup 2021-04-23

Vakava tietomurto valtion palvelimilla rikosilmoitus tehty jo

www.tivi.fi/uutiset/tv/bc5371d1-14f5-4dac-897e-0042cbf25e03 Valtion tieto- ja viestintätekniikkakeskus Valtori tiedotti torstaina valtionhallinnon yhteisessä it-ympäristössä todetusta haavoittuvuudesta. Palvelinsovelluksessa ollut haavoittuvuus kosketti useita valtionhallinnon virastoja, joihin Valtori on ollut yhteydessä.

Amerikkalaismedia varoitti Suomen poliisia kiistanalaisen kasvojentunnistusohjelman käytöstä KRP kompuroi vastauksessaan

yle.fi/uutiset/3-11898702 Poliisi on luopunut Clearview AI -kasvojentunnistusohjelman käytöstä.

Ransomware by the numbers: Reassessing the threat’s global impact

securelist.com/ransomware-by-the-numbers-reassessing-the-threats-global-impact/101965/ In this report, we’ll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean and what they foretell about ransomware’s future.

Ransomware Gang Demands $50 Million For Apple Watch And MacBook Pro Blueprints

www.forbes.com/sites/daveywinder/2021/04/23/ransomware-gang-demands-50-million-for-apple-watch-and-macbook-pro-blueprints/ A notorious cybercrime gang behind the REvil ransomware operation claims to have stolen the schematics for new Apple Watch and MacBook Pro products, amongst other confidential documents related to major brands. also: www.bbc.com/news/technology-56846361

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

thehackernews.com/2021/04/prometei-botnet-exploiting-unpatched.html Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. also:

www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities

Cybersecurity investor Ted Schlein: I think the whole landscape needs to be completely rethought’

therecord.media/cybersecurity-investor-ted-schlein-i-think-the-whole-landscape-needs-to-be-completely-rethought/ As someone who has been in the cybersecurity business for three decades, it might come as a surprise that Ted Schlein wants to tear up a lot of it.

Moxie hacks Cellebrite

pluralistic.net/2021/04/22/ihor-kolomoisky/#petard The “lawful interception” industry is a hive of scum and villainy: these are powerful, wildly profitable companies who search out defects in widely used software, then weaponize them and sell them to the world’s most brutal dictators and death squads. Their names are curses: The NSO Group, Palantir, and, of course, Cellebrite, who have pulled publicity stunts like offering $1m bounties for exploitable Iphone defects that can be turned into cyberweapons. Now, Signal founder Moxie Marlinspike has turned the tables on Cellebrite in a delicious act of security analysis, which he wrote up in detail on Signal’s corporate blog:

signal.org/blog/cellebrite-vulnerabilities/

China could ‘control the global operating system’ of tech, warns UK spy chief

www.zdnet.com/article/china-could-control-the-global-operating-system-of-tech-warns-uk-spy-chief/ The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with ‘illiberal values’ – and to set up cyber defences accordingly.

Apple AirDrop Flaws Could Let Hackers Grab Users’ Phone Numbers and Email Addresses

hotforsecurity.bitdefender.com/blog/apple-airdrop-flaws-could-let-hackers-grab-users-phone-numbers-and-email-addresses-25712.html Researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim’s phone number and even email address. also:

www.usenix.org/system/files/sec21fall-heinrich.pdf

FluBot: Guidance for package delivery’ text message scam

www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam The FluBot’ spyware, sent via package delivery’ text messages, affects Android phones and devices. also:

www.bbc.com/news/technology-56859091

Sysrv: A new crypto-mining botnet is silently growing in the shadows

therecord.media/sysrv-a-new-crypto-mining-botnet-is-silently-growing-in-the-shadows/ Crypto-mining botnets have been a plague on the internet for the past three years, and despite the space being more than saturated, new botnets are being built and discovered on a regular basis, driven mainly by cybercriminals’ unquenched thirst for easy money. The most recent of these discoveries is a botnet named Sysrv. Active since December 2020, this botnet targets enterprise web applications, either using exploits for old vulnerabilities or a good ol’ brute-force attack.

Another BitCoin Exchange ScamThis Time “Live” on YouTube

www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube In the following sections you will find technical details on how we identified this recent live BitCoin scam. And hopefully, one takeaway from this article will be that, going forward, readers will check the authenticity of the YouTube/social-media channels they follow to ensure that the content being provided is not malicious in nature.

Kriisiviestintä kyberkriisissä -julkaisu antaa pk-yrityksille työkaluja kriisitilanteen varalle

www.epressi.com/tiedotteet/yrittajyys/kriisiviestinta-kyberkriisissa-julkaisu-antaa-pk-yrityksille-tyokaluja-kriisitilanteen-varalle.html Kaakkois-Suomen ammattikorkeakoulu Xamkin uusi julkaisu pureutuu kriisiviestinnän tehtäviin kyberturvallisuutta uhkaavissa tilanteissa. Julkaisu on tarkoitettu erityisesti pk-yritysten käyttöön. myös:

www.theseus.fi/handle/10024/494993

Varo vaaleanpunaista Whatsappia! Houkutteleva ominaisuus on ansa

www.iltalehti.fi/tietoturva/a/93fad036-30bf-4e61-a42a-53bbd8ade6d0 Huijarit yrittävät saada ihmisiä lataamaan vaaleanpunaisen Whatsappin, joka on todellisuudessa haittaohjelma.

Uusi pankkihuijaus menee täydestä erotatko tämän sivun aidosta?

www.is.fi/digitoday/tietoturva/art-2000007935417.html Väärennetyn pankin sisäänkirjautumissivun erottaminen aidosta voi nykyisin olla todella vaikeaa.

You might be interested in …

Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we […]

Read More

About the NCSC-FI daily news summary

The National Cyber Security Center of Finland provides a number of awesome services. One of those services is a news follow-up, which consists of the duty officers wading throught the masses of infosec news appearing every day and hand-picks the most important and significant ones. These are combined to an email digest, that is sent […]

Read More

Daily NCSC-FI news followup 2019-08-08

Porin kaupunki joutunut tietomurron kohteeksi www.pori.fi/uutinen/2019-08-08_porin-kaupunki-joutunut-tietomurron-kohteeksi Keskiviikkona 7. elokuuta iltapäivällä yhdellä Porin kaupungin opetusverkon työasemalla havaittiin tietomurto. Kyseisen työaseman kautta oli saatu asennettua haittaohjelma opetusverkon käyttäjähakemistopalvelimille.. Haittaohjelman tarkoituksena oli datan kerääminen, joka on saattanut vaarantaa käyttäjien kirjautumistietoja. Varotoimenpiteenä kaikkien opetusverkon käyttäjien salasanat vaihdetaan, sanoo ICT-yksikön päällikkö Heikki Haaparanta. . Reagoimme tilanteeseen nopeasti, minkä vuoksi murto […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.