Daily NCSC-FI news followup 2021-05-21

Insurance company paid $40 million in ransom after march cyberattack

www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack CNA Financial paid $40 million in late March to regain control of its network after a ransomware attack. The payment is bigger than any previously disclosed payments to hackers.

Microsoft Warns of Data Stealing Malware StrRAT That Pretends to Be Ransomware

threatpost.com/email-campaign-fake-ransomware-rat/166378/ On Thursday Microsoft warned of a massive email campaign that’s pushing malware to steal confidential data from infected systems while disguising itself as a ransomware infection. See also: https://twitter.com/MsftSecIntel/status/1395138347601854465

UK Recruitment Firm Leaked Sensitive Applicant Data

www.websiteplanet.com/blog/fasttrack-breach-report/ Researchers found 21000 exposed files containing applicant data, including passports, citizen ID cards, driver’s licenses on an open AWS S3 bucked owned by FastTrack Reflex Recruitment (now Team Resourcing Ltd). Directly identifiable data contained names, email addresses, phone numbers and home addresses.

How to Tell a Job Offer from an ID Theft Trap

krebsonsecurity.com/2021/05/how-to-tell-a-job-offer-from-an-id-theft-trap/ One of the oldest scams around the fake job interview that seeks only to harvest your personal and financial data is on the rise, the FBI warns.

Android 12 will give you more control over how much data you share with apps

android-developers.googleblog.com/2021/05/android-security-and-privacy-recap.html New Android release will give users more transparency around the data being accessed by apps. Android is also investing in reducing the scope of permissions so that apps only have access to the data they need for the features they provide. Let’s look at some of these important changes we’ve made in Android 12 to protect user privacy.

Foreign cyber mercenaries breached Russian federal agencies

therecord.media/fsb-nktski-foreign-cyber-mercenaries-breached-russian-federal-agencies/ Hackers have breached and stolen information from Russian federal executive bodies, the Russian government said. To breach Russian federal agencies, Rostelecom and NKTsKI said the attackers used a broad set of entry vectors that included spear-phishing, exploiting vulnerabilities in web applications, and hacking the IT infrastructure of government contractors.

Chinese governments has warned 222 apps to remove data slurping code

therecord.media/chinese-governments-has-warned-222-apps-to-remove-data-slurping-code/ The new Personal Information Protection Law was drafted last fall and approved earlier this year in March, entering into effect on May 1, 2021. The law follows a simple principlenamely that an app or website must collect only the user information they strictly need to achieve their primary functions. Any collected data that is not used to deliver an app or website feature is considered unnecessary and opens the door for the Chinese government to impose giant GDPR-like fines of up to 50 million yuan ($7.77 million) or 5% of a company’s annual revenue.

Valvira – Psykoterapiakeskus Vastaamo laiminlöi velvollisuuksiaan

www.tivi.fi/uutiset/tv/da6a8b2f-d171-4cb9-b6cc-cce8e294b523 Valvira katsoo, että Vastaamo laiminlöi yksityisestä terveydenhuollosta annetun lain mukaisia velvollisuuksiaan. Puutteita oli erityisesti terveydenhuollon palveluista vastaavalle johtajalle säädettyjen tehtävien hoitamisessa, kuten työntekijöiden perehdyttämisessä potilasasiakirjojen laatimiseen ja käsittelyyn. Puutteita oli myös toiminnan omavalvonnassa.

You might be interested in …

Daily NCSC-FI news followup 2021-02-23

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html “”. Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late […]

Read More

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Read More

Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.