Daily NCSC-FI news followup 2021-07-19

Kiina: ulkoasiainedustajan Euroopan unionin puolesta antama julkilausuma, jossa Kiinan viranomaisia kehotetaan ryhtymään toimiin Kiinan alueelta käsin toteutettuja haitallisia kybertoimia vastaan

www.consilium.europa.eu/fi/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-… EU ja sen jäsenmaat paljastavat tänään yhdessä kumppaneidensa kanssa haitallisia kybertoimia, joilla on ollut merkittävä vaikutus talouteen, turvallisuuteen, demokratiaan ja koko yhteiskuntaan. EU ja sen jäsenmaat arvioivat, että nämä haitalliset kybertoimet on toteutettu Kiinan alueelta käsin. Nämä toimet voidaan yhdistää hakkeriryhmiin, jotka tunnetaan nimillä Advanced Persistent Threat 40 ja Advanced Persistent Threat 31. Toimet on toteutettu Kiinan alueelta käsin tarkoituksena teollis- ja tekijänoikeuksien varastaminen ja vakoilu. Katso myös UK:n, USAn ja NATOn vastaavat lausunnot:. UK:

www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking. USA:

www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-r…. NATO: www.nato.int/cps/en/natohq/news_185863.htm. CISA/NSA/FBI TTPs:

us-cert.cisa.gov/ncas/current-activity/2021/07/19/us-government-releases-indictment-and-several-advisories-detailing

Selvitys: Unkari ja yhdeksän muuta maata vakoilleet kansalaisiaan israelilaisyrityksen haittaohjelmalla “tarkkailulistalla” jopa tuhansia henkilöitä

yle.fi/uutiset/3-12025927 Kansainvälisen toimittajaryhmän selvitys antaa viitteitä, että useat valtiot ovat käyttäneet terrorismintorjuntaan tarkoitettua vakoiluohjelmaa kansalaistensa tarkkailemiseen. Hakkeroinnin uhreiksi epäillään joutuneen muun muassa toimittajia ja ihmisoikeusaktivisteja. Kaikkiaan kymmenen maan hallituksia voidaan epäillä kansalaistensa vakoilemisesta. Nämä valtiot ovat EU-maa Unkari, Azerbaidzan, Bahrain, Kazakstan, Meksiko, Marokko, Ruanda, Saudi-Arabia, Intia ja Yhdistyneet Arabiemiirikunnat. Selvityksen mukaan Pegasus-ohjelmaa on levitetty Applen iPhone-laitteisiin iMessage-viesteissä olevan uuden haavoittuvuusketjun välityksellä. Tästä ei vielä ole tarkempia tietoja. HS: www.hs.fi/ulkomaat/art-2000008134250.html. Amnesty:

www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/. The Guardian:

www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus. Forbes:

www.forbes.com/sites/thomasbrewster/2021/07/19/pegasus-spyware-does-apple-have-major-imessage-security-problems/

Meet WiFiDemon iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched

blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Recently a silently patched 0-click WiFi proximity vulnerability on iOS 14 iOS 14.4 without any assigned CVE. That the publicly announced WiFi Denial of Service (DoS) bug, which is currently a 0day, is more than just a DoS and actually a RCE

Saudi Aramco data breach sees 1 TB stolen data for sale

www.bleepingcomputer.com/news/security/saudi-aramco-data-breach-sees-1-tb-stolen-data-for-sale/ A threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale. Saudi Aramco told BleepingComputer that the data breach occurred at third-party contractors, rather than direct exploitation of Aramco’s systems

Four cryptographic vulnerabilities in Telegram

ethz.ch/en/news-and-events/eth-news/news/2021/07/four-cryptographic-vulnerabilities-in-telegram.html An international research team of cryptographers completed a detailed security analysis of the popular Telegram messaging platform identifying several weaknesses in its protocol. The team informed Telegram developers of their findings 90 days prior to making them public, offering the company ample time to address the issues identified. Telegram has reacted to the results and fixed the security issues found by the researchers with software updates.

Swedish man sentenced for gold-backed cryptocurrency scam

www.zdnet.com/article/swedish-man-sentenced-for-gold-backed-cryptocurrency-scam/ Prosecutors say that investors were defrauded out of over $16 million. A Swedish man has been sentenced to 15 years behind bars for operating a cryptocurrency scam that claimed to pay investors based on the price of gold reserves.

Nokialle 5g-sopimus: yhteistyö Taiwanissa jatkuu

www.tivi.fi/uutiset/tv/8e5d2890-d3ab-40eb-9a57-5dc6893813c7 Verkkolaiteyhtiö Nokia kertoo sopineensa pitkäaikaisen yhteistyökumppaninsa Taiwan Star Telecomin kanssa jatkavansa Taiwanin 5g-verkon laajentamista.

You might be interested in …

Daily NCSC-FI news followup 2020-02-08

Dangerous Domain Corp.com Goes Up for Sale krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ As an early domain name investor, Mike OConnor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years OConnor refused to auction perhaps the most sensitive domain in […]

Read More

Daily NCSC-FI news followup 2020-06-08

German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign securityintelligence.com/posts/german-task-force-for-covid-19-medical-equipment-targeted-in-ongoing-phishing-campaign/ During the course of ongoing research on coronavirus-related cyber activity, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a COVID-19 related phishing campaign targeting a German multinational corporation (MNC), associated with a German government-private sector task force to procure personal protective […]

Read More

Daily NCSC-FI news followup 2020-02-06

Protecting users from insecure downloads in Google Chrome security.googleblog.com/2020/02/protecting-users-from-insecure_6.html Today were announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, well start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.