Lukiolaiskolmikko huomasi tietoturva-aukon sähköisessä yo-kirjoitusjärjestelmässä: Oli iso yllätys, että saimme toimimaan näin ison hyökkäysketjun
www.hs.fi/kotimaa/art-2000007980520.html TÄMÄN kevään ylioppilaskirjoitusten aikana maaliskuun loppupuolella Ylioppilastutkintolautakunta (YTL) sai vinkin, että sen Abitti-järjestelmässä on erittäin vakava tietoturva-aukko. Abitti on nykyisin sähköisissä ylioppilaskirjoituksissa käytettävä järjestelmä.. Alkuperäinen blogikirjoitus
www.abitti.fi/blogi/2021/05/abitista-on-korjattu-kaksi-tietoturvahaavoittuvuutta/. Abitista on korjattu kaksi vakavaa tietoturva-aukkoa. Ensimmäinen, merkitykseltään vähäisempi haavoittuvuus koskee kokelaan tikkua. […] Huomattavasti vakavampi haavoittuvuus koskee palvelintikkua.. [Palvelintikun] tietoturvahavainto koskee kolmea haavoittuvuutta Abitti-järjestelmässä, joita ketjuttamalla […] saavutetaan root-tason oikeudet koetilan palvelimella.. Bugin löytäjien raportti
Ransomware Attack on [Irish] Health Sector – UPDATE 2021-05-16
www.ncsc.gov.ie/pdfs/HSE_Conti_140521_UPDATE.pdf Recent news coverage on the situation includes
Bizarro banking Trojan expands its attacks to Europe
securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/ Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the footsteps of Tetrade, Bizarro is using affiliates or recruiting . money mules to operationalize their attacks, cashing out or simply to helping with transfers. . Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app. The group behind Bizzaro uses servers hosted on Azure and Amazon (AWS) and compromised WordPress servers to store the malware and collect telemetry.
AHK RAT LOADER USED IN UNIQUE DELIVERY CAMPAIGNS
blog.morphisec.com/ahk-rat-loader-leveraged-in-unique-delivery-campaigns The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting languagea fork of the AutoIt language that is frequently used for testing purposes.
Scammers Target Families Who Post Missing Persons on Social Media
www.ic3.gov/Media/Y2021/PSA210514 The FBI warns the public of scammers seeking to extort family members of missing persons. These actors identify missing persons through social media posts and gather information about the missing person and family to legitimize their ransom demands without ever having physical contact with the missing person.
Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices
thehackernews.com/2021/05/apples-find-my-network-can-be-abused-to.html “In the world of high-security networks, where combining lasers and scanners seems to be a noteworthy technique to bridge the air gap, the visitor’s Apple devices might also become feasible intermediaries to exfiltrate data from certain air gapped systems or Faraday caged rooms,” Bräunlein said.. Original at
www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/ Based on our telemetry, stalkerware apps have become more and more popular in the last couple of years. In 2019 we saw almost five times more Android stalkerware detections than in 2018, and in 2020 there were 48% more than in 2019. Stalkerware can track the GPS location of a victims device, conversations, images, browser history and more. It also stores and transmits all this data, which is why . we decided to forensically analyze how these apps handle the protection of the data.. Hence, we manually analyzed 86 stalkerware apps for the Android platform, provided by 86 different vendors.. Across 58 of these Android applications we discovered a total of 158 security and privacy issues that can have a serious impact on a victim; indeed, even the stalker or the apps vendor may be at some risk.
Try This One Weird Trick Russian Hackers Hate
krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/ In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed such as Russian or Ukrainian. . [Lance] James says he loves the idea of everyone adding a language from the CIS country list so much hes produced his own clickable two-line Windows batch script that adds a Russian language reference in the specific Windows registry keys that are checked by malware. The script effectively allows ones Windows PC to look like it has a Russian keyboard installed without actually downloading the . added script libraries from Microsoft.
isc.sans.edu/diary/rss/27420 – From what became known of recent successful attacks, it looks like lack of 2-factor authentication (2FA) is still the most prevalent root cause. If you still have any remote access or remote desktop connections that rely on userid/password only, switch them to 2FA now! And if you still have any webmail or the like without 2FA, make the change there as well.
iPhone calendar spam attacks on the rise
blog.malwarebytes.com/malwarebytes-news/2021/05/iphone-calendar-spam-attacks-on-the-rise/ Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as calendar spam.. […] For this particular page, tapping the Im not a robot box (or, really, anywhere else on the page) results in a prompt attempting to trick the user into subscribing to a calendar.
A botched server upgrade exposed Eufy video camera feeds to random users
therecord.media/a-botched-server-upgrade-exposed-eufy-video-camera-feeds-to-random-users/ Chinese electronics company Anker has patched a bug today that mistakenly connected users of its Eufy security cameras with video streams of random accounts from across the world.
AI security risk assessment using Counterfit
www.microsoft.com/security/blog/2021/05/03/ai-security-risk-assessment-using-counterfit/ This tool was born out of our own need to assess Microsofts AI systems for vulnerabilities with the goal of proactively securing AI services, in accordance with Microsofts responsible AI principles and Responsible AI Strategy in Engineering (RAISE) initiative. Counterfit started as a corpus of attack scripts written specifically to target individual AI models, and then morphed into a generic . automation tool to attack multiple AI systems at scale.
Ransomwares Dangerous New Trick Is Double-Encrypting Your Data
www.wired.com/story/ransomware-double-encryption/ But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.. Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a side-by-side encryption attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B. In that case, data is only encrypted once, but a victim would . need both decryption keys to unlock everything. The researchers also note that in this side-by-side scenario, attackers take steps to make the two distinct strains of ransomware look as similar as possible, so it’s more difficult for incident responders to sort out what’s going on.
Exploit released for wormable Windows HTTP vulnerability
www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/ Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.. Microsoft has patched the vulnerability during this month’s Patch Tuesday, and it impacts ONLY Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.