Daily NCSC-FI news followup 2021-04-23

Vakava tietomurto valtion palvelimilla rikosilmoitus tehty jo

www.tivi.fi/uutiset/tv/bc5371d1-14f5-4dac-897e-0042cbf25e03 Valtion tieto- ja viestintätekniikkakeskus Valtori tiedotti torstaina valtionhallinnon yhteisessä it-ympäristössä todetusta haavoittuvuudesta. Palvelinsovelluksessa ollut haavoittuvuus kosketti useita valtionhallinnon virastoja, joihin Valtori on ollut yhteydessä.

Amerikkalaismedia varoitti Suomen poliisia kiistanalaisen kasvojentunnistusohjelman käytöstä KRP kompuroi vastauksessaan

yle.fi/uutiset/3-11898702 Poliisi on luopunut Clearview AI -kasvojentunnistusohjelman käytöstä.

Ransomware by the numbers: Reassessing the threat’s global impact

securelist.com/ransomware-by-the-numbers-reassessing-the-threats-global-impact/101965/ In this report, we’ll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean and what they foretell about ransomware’s future.

Ransomware Gang Demands $50 Million For Apple Watch And MacBook Pro Blueprints

www.forbes.com/sites/daveywinder/2021/04/23/ransomware-gang-demands-50-million-for-apple-watch-and-macbook-pro-blueprints/ A notorious cybercrime gang behind the REvil ransomware operation claims to have stolen the schematics for new Apple Watch and MacBook Pro products, amongst other confidential documents related to major brands. also: www.bbc.com/news/technology-56846361

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

thehackernews.com/2021/04/prometei-botnet-exploiting-unpatched.html Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. also:

www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities

Cybersecurity investor Ted Schlein: I think the whole landscape needs to be completely rethought’

therecord.media/cybersecurity-investor-ted-schlein-i-think-the-whole-landscape-needs-to-be-completely-rethought/ As someone who has been in the cybersecurity business for three decades, it might come as a surprise that Ted Schlein wants to tear up a lot of it.

Moxie hacks Cellebrite

pluralistic.net/2021/04/22/ihor-kolomoisky/#petard The “lawful interception” industry is a hive of scum and villainy: these are powerful, wildly profitable companies who search out defects in widely used software, then weaponize them and sell them to the world’s most brutal dictators and death squads. Their names are curses: The NSO Group, Palantir, and, of course, Cellebrite, who have pulled publicity stunts like offering $1m bounties for exploitable Iphone defects that can be turned into cyberweapons. Now, Signal founder Moxie Marlinspike has turned the tables on Cellebrite in a delicious act of security analysis, which he wrote up in detail on Signal’s corporate blog:

signal.org/blog/cellebrite-vulnerabilities/

China could ‘control the global operating system’ of tech, warns UK spy chief

www.zdnet.com/article/china-could-control-the-global-operating-system-of-tech-warns-uk-spy-chief/ The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with ‘illiberal values’ – and to set up cyber defences accordingly.

Apple AirDrop Flaws Could Let Hackers Grab Users’ Phone Numbers and Email Addresses

hotforsecurity.bitdefender.com/blog/apple-airdrop-flaws-could-let-hackers-grab-users-phone-numbers-and-email-addresses-25712.html Researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim’s phone number and even email address. also:

www.usenix.org/system/files/sec21fall-heinrich.pdf

FluBot: Guidance for package delivery’ text message scam

www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam The FluBot’ spyware, sent via package delivery’ text messages, affects Android phones and devices. also:

www.bbc.com/news/technology-56859091

Sysrv: A new crypto-mining botnet is silently growing in the shadows

therecord.media/sysrv-a-new-crypto-mining-botnet-is-silently-growing-in-the-shadows/ Crypto-mining botnets have been a plague on the internet for the past three years, and despite the space being more than saturated, new botnets are being built and discovered on a regular basis, driven mainly by cybercriminals’ unquenched thirst for easy money. The most recent of these discoveries is a botnet named Sysrv. Active since December 2020, this botnet targets enterprise web applications, either using exploits for old vulnerabilities or a good ol’ brute-force attack.

Another BitCoin Exchange ScamThis Time “Live” on YouTube

www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube In the following sections you will find technical details on how we identified this recent live BitCoin scam. And hopefully, one takeaway from this article will be that, going forward, readers will check the authenticity of the YouTube/social-media channels they follow to ensure that the content being provided is not malicious in nature.

Kriisiviestintä kyberkriisissä -julkaisu antaa pk-yrityksille työkaluja kriisitilanteen varalle

www.epressi.com/tiedotteet/yrittajyys/kriisiviestinta-kyberkriisissa-julkaisu-antaa-pk-yrityksille-tyokaluja-kriisitilanteen-varalle.html Kaakkois-Suomen ammattikorkeakoulu Xamkin uusi julkaisu pureutuu kriisiviestinnän tehtäviin kyberturvallisuutta uhkaavissa tilanteissa. Julkaisu on tarkoitettu erityisesti pk-yritysten käyttöön. myös:

www.theseus.fi/handle/10024/494993

Varo vaaleanpunaista Whatsappia! Houkutteleva ominaisuus on ansa

www.iltalehti.fi/tietoturva/a/93fad036-30bf-4e61-a42a-53bbd8ade6d0 Huijarit yrittävät saada ihmisiä lataamaan vaaleanpunaisen Whatsappin, joka on todellisuudessa haittaohjelma.

Uusi pankkihuijaus menee täydestä erotatko tämän sivun aidosta?

www.is.fi/digitoday/tietoturva/art-2000007935417.html Väärennetyn pankin sisäänkirjautumissivun erottaminen aidosta voi nykyisin olla todella vaikeaa.

You might be interested in …

Daily NCSC-FI news followup 2021-05-24

Cyber Insurance Is Not a Substitute for Cybersecurity www.crowdstrike.com/blog/why-cyber-insurance-is-not-a-substitute-for-cybersecurity/ Attacks are increasing in frequency, ransom demands are rising and the cyber insurance industry has reached a crossroad where cyber insurance cannot be used by victims of a ransomware attack as a substitute for inadequate cybersecurity solutions and practices Subscription ransomware – Zeppelin ransomware comes back […]

Read More

Daily NCSC-FI news followup 2021-07-17

Ecuador’s state-run CNT telco hit by RansomEXX ransomware www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/ CNT is Ecuador’s state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet connectivity. Starting this week, the CNT website began displaying an alert warning that they suffered an attack and that customer care and online payment are no longer accessible. The RansomEXX […]

Read More

Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.