Daily NCSC-FI news followup 2021-06-22

Poistimme Android-haittaohjelmia koskevan varoituksen

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/poistimme-android-haittaohjelmia-koskevan-varoituksen Poistimme 4.6. annetun Android-haittaohjelmia koskevan varoituksen. Kesäkuun alkupuolella erittäin aktiivisena tapahtunut haittaohjelman levityskampanja on nyt rauhoittunut ja ilmoitusmäärät haittaohjelmaa levittävistä tekstiviesteistä ovat laskeneet merkittävästi.

City of Liege, Belgium hit by ransomware

therecord.media/city-of-liege-belgium-hit-by-ransomware/ Liege, the third biggest city in Belgium, has suffered today a ransomware attack that has disrupted the municipality’s IT network and online services. While officials only described the incident as a “computer attack, ” two Belgian radio and TV stations reported that the attack was the work of the Ryuk ransomware gang.

Smart thermostats cranked up remotely by Texas energy firms, as consumers swelter in heat wave

www.bitdefender.com/box/blog/iot-news/smart-thermostats-cranked-remotely-texas-energy-firms-consumers-swelter-heat-wave/ Some sweltering residents of Texas are reporting that they are unable to lower the temperature on their Wi-Fi enabled “smart” thermostats after it was mysteriously raised, and they are struggling to understand why. The reason, it transpires, is not that malicious hackers have broken into the IoT devices to cause mayhem but is instead all part of an energy conservation campaign promoted by Texas’s power grid operator struggling to stay online in the Lone Star State.

Ransomware Gang Cl0p Announces New Victim After Police Bust

www.vice.com/en/article/88n5j3/ransomware-gang-cl0p-announces-new-victim-after-police-bust The hacking group has resurfaced online on its official dark web site, suggesting the arrests may not have hit it too hard.

North Korean hackers breach South Korean submarine builder (again)

therecord.media/north-korean-hackers-breach-south-korean-submarine-builder-again/ North Korean hackers are believed to have breached South Korea’s top submarine builder for the second time in the past decade, South Korean news outlet JoongAng reported on Sunday.

Hackers are trying to attack big companies. Small suppliers are the weakest link

www.zdnet.com/article/hackers-are-trying-to-attack-big-companies-small-suppliers-are-the-weakest-link/ Defence companies are a prime target for cyber attackers, and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.

Attackers in Executive Clothing – BEC continues to separate orgs from their money

blog.talosintelligence.com/2021/06/business-email-compromise.html Business Email Compromise starts as a lot of cybercrime does, with an email. These emails can vary widely in content or in design, but they are almost always spoofed to look like they are coming from someone important. The other common thing is they will almost always ask for some type of assistance. The type of request varies widely, as we’ll demonstrate throughout this blog, but the resulting ask is always financial in nature and will require the recipient to purchase something or wire funds somewhere. So let’s walk through some examples of what we’ve seen over the past year.

How Cyber Safe is Your Drinking Water Supply?

krebsonsecurity.com/2021/06/how-cyber-safe-is-your-drinking-water-supply/ Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52, 000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems a basic first step in protecting networks from cyberattacks.

DirtyMoe malware has infected more than 100, 000 Windows systems

therecord.media/dirtymoe-malware-has-infected-more-than-100000-windows-systems/ A Windows malware botnet believed to be operated out of China has exploded this year, growing from 10, 000 infected systems in 2020 to more than 100, 000 in the first half of 2021, cyber-security firm Avast reported last week. also:


Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

thehackernews.com/2021/06/wormable-darkradiation-ransomware.html Cybersecurity researchers have disclosed a new ransomware strain called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. also:


LV Ransomware

www.secureworks.com/research/lv-ransomware CTU analysis revealed that the LV ransomware is not a distinct ransomware family; it is repurposed REvil ransomware. By modifying the binary of a prolific ransomware family, the GOLD NORTHFIELD threat actors significantly expedited their maturity within the ransomware ecosystem.

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

www.theregister.com/2021/06/22/zephyr_os_bluetooth_vulnerabilities/ Vulnerabilities in the Zephyr real-time operating system’s Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack unless upgraded to a patched version of the OS.

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

threatpost.com/nvidia-jetson-chipset-dos-data-theft/167093/ Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day

threatpost.com/lexmark-printers-code-execution-zero-day/167111/ Successful execution requires an intruder to have access to the underlying host system, Barratt said via email on Tuesday, so it’s “more of an attack vector for potential lateral movement and privilege escalation.” He noted that the bug could be used potentially by a malicious insider looking to circumvent permissions on a corporate computer, for example.

Email Bug Allows Message Snooping, Credential Theft

threatpost.com/email-bug-message-snooping-credential-theft/167125/ A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

APNIC left a dump from its Whois SQL database in a public Google Cloud bucket

www.theregister.com/2021/06/22/apnic_whois_data_exposed/ The Asia Pacific Network Information Centre (APNIC), the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months.

Googlella ongelmia: Android-puhelimissa pahoja häiriöitä

www.is.fi/digitoday/art-2000008074775.html Vika on puhelimien Google-sovelluksessa. Ongelman voi kiertää puhelimen asetuksista.

7 Powerful Cybersecurity Skills the Energy Sector Needs Most

www.darkreading.com/edge/theedge/7-powerful-cybersecurity-skills-the-energy-sector-needs-most/b/d-id/1341349 Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.

Sonatype Catches New PyPI Cryptomining Malware

blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Sonatype has identified malicious typosquatting packages infiltrating the PyPI repository that secretly pull in cryptominers on the affected machines.

Machine Learning and Cybersecurity – Hype and Reality

cset.georgetown.edu/publication/machine-learning-and-cybersecurity/ Cybersecurity operators have increasingly relied on machine learning to address a rising number of threats. But will machine learning give them a decisive advantage or just help them keep pace with attackers? This report explores the history of machine learning in cybersecurity and the potential it has for transforming cyber defense in the near future.

You might be interested in …

[NCSC-FI News] The More You Know, The More You Know You Don’t Know

This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are The goal of this report is not to detail each individual exploit, but instead […]

Read More

Daily NCSC-FI news followup 2021-01-21

Digitaalinen turvallisuus 2030 -ohjelma kehittää yhteiskunnan kyberhäiriöiden sietokykyä www.huoltovarmuuskeskus.fi/digitaalinen-turvallisuus-2030-ohjelma-kehittaa-yhteiskunnan-kyberhairioiden-sietokykya/ Huoltovarmuuskeskus käynnistää laajan ohjelmakokonaisuuden, jonka tarkoituksena on kehittää yhteiskunnan sietokykyä kyberhäiriöitä vastaan. Digitaalinen turvallisuus 2030 -ohjelman painopisteet ovat kyberhäiriöihin varautuminen, toimintakyky häiriöiden sattuessa, yhteistyö yhteiskunnan ja yritysmaailman eri toimijoiden välillä sekä tulevaisuuden ilmiöiden ennakointi. Ohjelma on osa Suomen kansallisen kyberturvallisuusstrategian toteutusta. Ransomware is now the biggest […]

Read More

[NCSC-FI News] EU haluaa suojella lapsia, ja se asettaa vaakalaudalle viestipalveluiden päästä-päähän-salauksen “tehkää mahdoton, saatte itse päättää miten”

EU:n ehdotuksessa viestipalveluiden tuottajien pitäisi pystyä skannaamaan ihmisten lähettämät viestit läpi lapsipornon ja lasten hyväksikäytön varalta. Tämä siitä huolimatta, että viestit olisi salattu päästä-päähän. Näin toimii muun muassa pikaviestiohjelma WhatsApp Monet asiantuntijat ovat yrittäneet teroittaa komissiolle sitä, että päästä-päähän-salaus ei ole purettavissa. Salauksen purkuun tarvittava erityinen avain ei ole palveluntarjoajalla vaan viestin vastaanottajalla ja lähettäjällä. […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.