Daily NCSC-FI news followup 2021-08-18

Pimeään verkkoon ilmestyi kaikki Vastaamo-tiedot löytävä hakukone – “Kyseessä on joku, joka haluaa vahingoittaa”

www.is.fi/digitoday/tietoturva/art-2000008200963.html PIMEÄN internetin Tor-verkkoon on ilmestynyt hakukone, joka mahdollistaa hakujen tekemisen koko Vastaamon potilastietokannasta. Tämä tarkoittaa sitä, että ihmisiä on mahdollista hakea tietokannasta esimerkiksi nimellä, paikkakunnalla tai postinumerolla. Hakukone näyttää haun jälkeen käyttäjälle Vastaamon asiakkaan terapiatiedot. F-Securen tutkimusjohtaja Mikko Hyppösen mukaan hakukone on ollut verkossa ainakin kaksi kuukautta. Sen tekijä ei ole tiedossa, mutta F-Secure epäilee, ettei kyseessä ole alkuperäinen kiristäjä. VASTAAMO-TUTKINNAN johtajan, rikosylikomisario Marko Leposen mukaan hakukoneen julkaisija voi syyllistyä yksityiselämää loukkaavan tiedon levittämiseen tai sen törkeään tekomuotoon. myös:

yle.fi/uutiset/3-12063432

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/ T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.

New Iranian Espionage Campaign By “Siamesekitten” Lyceum

www.clearskysec.com/siamesekitten/ This report summarizes our findings regarding the latest Siamesekitten attacks and reviews the attack patterns and malware used in this campaign. PDF:

www.clearskysec.com/wp-content/uploads/2021/08/Siamesekitten.pdf

North Korean APT InkySquid Infects Victims Using Browser Exploits

www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/ Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. This post provides details on the different exploits used in the SWC, as well as the payload used, which Volexity calls BLUELIGHT. Volexity attributes the activity described in this post to a threat actor Volexity refers to as InkySquid, which broadly corresponds to activity known publicly under the monikers ScarCruft and APT37.

China Propaganda Network Targets BBC Media, UK in Large-Scale Influence Campaign

www.recordedfuture.com/china-propaganda-targets-bbc-uk/ Recorded Future’s Insikt Group has discovered a large-scale, likely state-sponsored influence operation against the British Broadcasting Company (BBC) and the United Kingdom (UK). The campaign involves hundreds of websites and social media accounts and thousands of comments across state-affiliated news sources, fake news websites, and Chinese and Western social media platforms.

Detecting Embedded Content in OOXML Documents

www.fireeye.com/blog/threat-research/2021/08/detecting-embedded-content-in-ooxml-documents.html On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documentsspecifically those in the Office Open XML (OOXML) file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique.

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

securityintelligence.com/posts/hunting-evidence-dll-side-loading-powershell-sysmon/ To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading on Windows systems. This post will talk about why IBM X-Force thinks the tool is needed, describe its functions and analyze some use cases.

This Russian Cyber Mogul Planned To Take His Company Public. Then America Accused It Of Hacking For Putin’s Spies

www.forbes.com/sites/thomasbrewster/2021/08/18/this-russian-cyber-mogul-planned-to-take-his-company-public-then-america-accused-it-of-hacking-for-putins-spies/ The tycoon whose Positive Technologies was recently hit with U.S. sanctions insists he just wants to help protect all companies from hackers. U.S. security officials don’t buy it.

Protecting Sensitive And Personal Information From Ransomware-caused Data Breach

www.cisa.gov/publication/protecting-sensitive-and-personal-information CISA has released this fact sheet to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. Fact Sheet (PDF):

www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf

Turvallisuuden työelämäprofessori varoittaa: “Ei ole olemassa viatonta dataa” Näihin kolmeen kysymykseen Suomen tulisi vastata

www.kauppalehti.fi/uutiset/turvallisuuden-tyoelamaprofessori-varoittaa-ei-ole-olemassa-viatonta-dataa-naihin-kolmeen-kysymykseen-suomen-tulisi-vastata/bb4b55e6-3d98-43b2-9242-081928c65953 Suomi on muun maailman ohella joutumassa yhä hektisemmin muuttuvan teknologian pyöritykseen, joka muuttaa turvallisuusympäristöä jatkuvasti. “Varautumisemme turvallisuusuhkiin perustuu hitaampaan maailmaan”, työelämäprofessori Valtteri Vuorisalo toteaa.

China orders annual security reviews for all critical information infrastructure operators

www.theregister.com/2021/08/18/china_critical_information_infrastructure_rules/ China’s government has introduced rules for protection of critical information infrastructure. An announcement by the Cyberspace Administration of China (CAC) said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe. The announcement therefore defines infosec regulations and and responsibilities.

Poliisi varoittaa: pankkitunnukset varastava haittaohjelma leviää sähköpostissa

www.iltalehti.fi/tietoturva/a/365c371d-03ff-4b68-993a-9d66e08dde3d Poliisi varoittaa liikkeellä olevista huijausviesteistä. Rikolliset lähestyvät suomalaisia sähköpostiviesteillä, joissa yritetään saada avaamaan liitetiedosto tai linkki. – Linkin tai liitteen avaaminen asentaa laitteeseen haittaohjelman, jolla pystytään saamaan haltuun käyttäjän pankkitunnukset, Poliisin tiedotteessa kerrotaan.

FBI warns of credential stuffing attacks against grocery and food delivery services

therecord.media/fbi-warns-of-credential-stuffing-attacks-against-grocery-and-food-delivery-services/ The FBI says that hackers are using credential stuffing attacks to hijack online accounts at grocery stores, restaurants, and food delivery services in order to drain user funds through fraudulent orders and to steal personal or financial data.

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan

thehackernews.com/2021/08/malicious-ads-target-cryptocurrency.html A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts.

You might be interested in …

Daily NCSC-FI news followup 2021-02-04

Cybersecurity firm Stormshield hacked. Data (including source code) stolen grahamcluley.com/cybersecurity-firm-stormshield-hacked-data-including-source-code-stolen/ French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information. The company, which is a major provider to the French government, says that a hacker managed to steal data after gaining access to a portal used […]

Read More

Daily NCSC-FI news followup 2019-07-06

ACSC Releases Updated Essential Eight Maturity Model www.us-cert.gov/ncas/current-activity/2019/07/05/acsc-releases-updated-essential-eight-maturity-model The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential EightACSCs list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.