Daily NCSC-FI news followup 2021-04-23

Vakava tietomurto valtion palvelimilla rikosilmoitus tehty jo

www.tivi.fi/uutiset/tv/bc5371d1-14f5-4dac-897e-0042cbf25e03 Valtion tieto- ja viestintätekniikkakeskus Valtori tiedotti torstaina valtionhallinnon yhteisessä it-ympäristössä todetusta haavoittuvuudesta. Palvelinsovelluksessa ollut haavoittuvuus kosketti useita valtionhallinnon virastoja, joihin Valtori on ollut yhteydessä.

Amerikkalaismedia varoitti Suomen poliisia kiistanalaisen kasvojentunnistusohjelman käytöstä KRP kompuroi vastauksessaan

yle.fi/uutiset/3-11898702 Poliisi on luopunut Clearview AI -kasvojentunnistusohjelman käytöstä.

Ransomware by the numbers: Reassessing the threat’s global impact

securelist.com/ransomware-by-the-numbers-reassessing-the-threats-global-impact/101965/ In this report, we’ll take a look at the numbers behind the ransomware threat from 2019 to 2020, what they mean and what they foretell about ransomware’s future.

Ransomware Gang Demands $50 Million For Apple Watch And MacBook Pro Blueprints

www.forbes.com/sites/daveywinder/2021/04/23/ransomware-gang-demands-50-million-for-apple-watch-and-macbook-pro-blueprints/ A notorious cybercrime gang behind the REvil ransomware operation claims to have stolen the schematics for new Apple Watch and MacBook Pro products, amongst other confidential documents related to major brands. also: www.bbc.com/news/technology-56846361

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

thehackernews.com/2021/04/prometei-botnet-exploiting-unpatched.html Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. also:

www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities

Cybersecurity investor Ted Schlein: I think the whole landscape needs to be completely rethought’

therecord.media/cybersecurity-investor-ted-schlein-i-think-the-whole-landscape-needs-to-be-completely-rethought/ As someone who has been in the cybersecurity business for three decades, it might come as a surprise that Ted Schlein wants to tear up a lot of it.

Moxie hacks Cellebrite

pluralistic.net/2021/04/22/ihor-kolomoisky/#petard The “lawful interception” industry is a hive of scum and villainy: these are powerful, wildly profitable companies who search out defects in widely used software, then weaponize them and sell them to the world’s most brutal dictators and death squads. Their names are curses: The NSO Group, Palantir, and, of course, Cellebrite, who have pulled publicity stunts like offering $1m bounties for exploitable Iphone defects that can be turned into cyberweapons. Now, Signal founder Moxie Marlinspike has turned the tables on Cellebrite in a delicious act of security analysis, which he wrote up in detail on Signal’s corporate blog:

signal.org/blog/cellebrite-vulnerabilities/

China could ‘control the global operating system’ of tech, warns UK spy chief

www.zdnet.com/article/china-could-control-the-global-operating-system-of-tech-warns-uk-spy-chief/ The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with ‘illiberal values’ – and to set up cyber defences accordingly.

Apple AirDrop Flaws Could Let Hackers Grab Users’ Phone Numbers and Email Addresses

hotforsecurity.bitdefender.com/blog/apple-airdrop-flaws-could-let-hackers-grab-users-phone-numbers-and-email-addresses-25712.html Researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim’s phone number and even email address. also:

www.usenix.org/system/files/sec21fall-heinrich.pdf

FluBot: Guidance for package delivery’ text message scam

www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam The FluBot’ spyware, sent via package delivery’ text messages, affects Android phones and devices. also:

www.bbc.com/news/technology-56859091

Sysrv: A new crypto-mining botnet is silently growing in the shadows

therecord.media/sysrv-a-new-crypto-mining-botnet-is-silently-growing-in-the-shadows/ Crypto-mining botnets have been a plague on the internet for the past three years, and despite the space being more than saturated, new botnets are being built and discovered on a regular basis, driven mainly by cybercriminals’ unquenched thirst for easy money. The most recent of these discoveries is a botnet named Sysrv. Active since December 2020, this botnet targets enterprise web applications, either using exploits for old vulnerabilities or a good ol’ brute-force attack.

Another BitCoin Exchange ScamThis Time “Live” on YouTube

www.fortinet.com/blog/threat-research/another-bitcoin-exchange-scam-this-time-live-on-youtube In the following sections you will find technical details on how we identified this recent live BitCoin scam. And hopefully, one takeaway from this article will be that, going forward, readers will check the authenticity of the YouTube/social-media channels they follow to ensure that the content being provided is not malicious in nature.

Kriisiviestintä kyberkriisissä -julkaisu antaa pk-yrityksille työkaluja kriisitilanteen varalle

www.epressi.com/tiedotteet/yrittajyys/kriisiviestinta-kyberkriisissa-julkaisu-antaa-pk-yrityksille-tyokaluja-kriisitilanteen-varalle.html Kaakkois-Suomen ammattikorkeakoulu Xamkin uusi julkaisu pureutuu kriisiviestinnän tehtäviin kyberturvallisuutta uhkaavissa tilanteissa. Julkaisu on tarkoitettu erityisesti pk-yritysten käyttöön. myös:

www.theseus.fi/handle/10024/494993

Varo vaaleanpunaista Whatsappia! Houkutteleva ominaisuus on ansa

www.iltalehti.fi/tietoturva/a/93fad036-30bf-4e61-a42a-53bbd8ade6d0 Huijarit yrittävät saada ihmisiä lataamaan vaaleanpunaisen Whatsappin, joka on todellisuudessa haittaohjelma.

Uusi pankkihuijaus menee täydestä erotatko tämän sivun aidosta?

www.is.fi/digitoday/tietoturva/art-2000007935417.html Väärennetyn pankin sisäänkirjautumissivun erottaminen aidosta voi nykyisin olla todella vaikeaa.

You might be interested in …

Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also www.is.fi/digitoday/tietoturva/art-2000006605860.html World’s largest cruise line operator discloses ransomware attack www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack […]

Read More

Daily NCSC-FI news followup 2019-11-19

Why Were the Russians So Set Against This Hacker Being Extradited? krebsonsecurity.com/2019/11/why-were-the-russians-so-set-against-this-hacker-being-extradited/ The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States.. When Israeli authorities turned down requests to send him back to Russia supposedly to face separate […]

Read More

Daily NCSC-FI news followup 2020-07-31

Tutorial of ARM Stack Overflow Exploit against SETUID Root Program www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program In part I of this blog series, Tutorial of ARM Stack Overflow Exploit Defeating ASLR with ret2plt, I presented how to exploit a classic buffer overflow vulnerability when ASLR is enabled. That target program calls the function gets() to read a line from stdin. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.