Daily NCSC-FI news followup 2021-09-07

Important clarifications regarding arrest of climate activist

protonmail.com/blog/climate-activist-arrest/ We would like to provide important clarifications regarding the case of the climate activist who was recently arrested by French police on criminal charges. […] In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request.. As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect information on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. . Also


Ghostscript zero-day allows full server compromises

therecord.media/ghostscript-zero-day-allows-full-server-compromises/ Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks.

REvil ransomware’s servers mysteriously come back online

www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Today, both the Tor payment/negotiation site and REvil’s Tor ‘Happy Blog’ data leak site suddenly came back online.. It is unclear at this time whether the ransomware gang is back in operation, the servers have been turned back on by mistake, or it is due to the actions of law enforcement.

IoT Attacks Skyrocket, Doubling in 6 Months

threatpost.com/iot-attacks-doubling/169224/ According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks up from 639 million during the previous half year, which is more than twice the volume.

Ransomware attacks, all concerned how to prevent them and respond to an incident

www.ssi.gouv.fr/uploads/2021/08/anssi-guide-ransomware_attacks_all_concerned-v1.0.pdf Ransomware attacks are a current and growing trend, not only in France, but also worldwide. Because they are a serious threat, this guide translated into English aims at making our expertise and our recommendations available to a wider audience we hope that you find it useful.

UK data watchdog brings cookies to G7 meeting pop-up consent requests, not the delicious baked treats

www.theregister.com/2021/09/07/ico_cookies_g7/ The ICO said it would call on fellow G7 data protection and privacy authorities three of which used to be its fellow EU member states to work together to overhaul cookie consent pop-ups to make people’s privacy “more meaningfully protected” and help businesses offer “a better web browsing experience.”

Varo näitä viestejä näin suomalaisia huijataan nyt

www.is.fi/digitoday/tietoturva/art-2000008246431.html SUOMALAISILLE lähetetään parhaillaan ahkerasti huijausviestejä pankkien nimissä. Ainakin Nordean nimissä on nähty viime päivinä paljon sähköposteja.. Viestejä on ainakin kahta tyyppiä: yhdessä kerrotaan saapuneesta luottamuksellisesta viestistä tai asiakirjasta ja toisessa psd2-maksupalveludirektiivin vaatimista toimenpiteistä.

Ransomware gang threatens to leak data if victim contacts FBI, police

www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/ In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack.. The threat also applies to victims contacting data recovery experts to attempt decryption and conduct the negotiation process.

New Chainsaw tool helps IR teams analyze Windows event logs

www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/ Authored by James D, lead threat hunter at F-Secures Countercept division, Chainsaw is a Rust-based command-line utility that can go through event logs to highlight suspicious entries or strings that may indicate a threat.. The tool uses the Sigma rule detection logic to quickly find event logs relevant to the investigation.. Tool at


Irish Police ‘Significantly Disrupt’ Attackers’ Operations

www.bankinfosecurity.com/irish-police-significantly-disrupt-hse-attackers-ops-a-17466 Ireland’s cybercrime police, the Garda National Cyber Crime Bureau, have conducted a “significant disruption operation” targeting the IT infrastructure of a cybercrime group. As part of the operation, police seized several domains used in a May ransomware attack against Ireland’s national health services provider Health Service Executive, a spokesperson tells Information Security Media Group.

The Ideal Ransomware Victim: What Attackers Are Looking For

ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/ In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data. KELA explored what is valuable for threat actors buying accesses, especially ransomware . attackers, and built a profile of an ideal ransomware victim.. On average, the actors active in July 2021 aimed to buy access to US companies with revenue of more than 100 million USD. Almost half of them refused to buy access to companies from the healthcare and education industries.. The most common products (enabling network access) mentioned were Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco.. Ransomware attackers are ready to pay for access up to 100,000 USD, with most actors setting the boundaries at half of that price 56,250 USD.

You might be interested in …

Daily NCSC-FI news followup 2021-09-26

Miten kiinalaisten puhelinten käy Suomessa? Näin kommentoivat operaattorit www.is.fi/digitoday/mobiili/art-2000008286255.html Suomen operaattorikolmikko ottaa väitteet puhelinten tietoturvaongelmista vakavasti, mutta myynti jatkuu toistaiseksi normaalisti. Hunting the LockBit Gang’s Exfiltration Infrastructures yoroi.company/research/hunting-the-lockbit-gangs-exfiltration-infrastructures/ Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers thehackernews.com/2021/09/colombian-real-estate-agency-leak.html More than one terabyte of data containing 5.5 million files has been left exposed, leaking […]

Read More

[NCSC-FI News] Cyber Attacks from Chinese IPs on NATO Countries Surge by 116%

Last week, Check Point Research (CPR) observed an increase in cyber attacks aimed for NATO countries that were sourced from Chinese IP addresses CPR examined the trend before and after Russia’s invasion into Ukraine, learning that cyber attacks from Chinese IPs jumped by 116% on NATO countries, and 72% world-wide. CPR can not attribute the […]

Read More

[NCSC-FI News] Chinese Experts Uncover Details of Equation Group’s Bvp47 Covert Hacking Tool

Researchers from China’s Pangu Lab have disclosed details of a “top-tier” backdoor put to use by the Equation Group, an advanced persistent threat (APT) with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency (NSA). Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.