Daily NCSC-FI news followup 2021-09-28

Kansallisen turvallisuuden katsaus 2021

supo.fi/kansallisen-turvallisuuden-katsaus Kyberuhkista keskeisin on valtiollinen kybervakoilu. Suomeen kohdistuu jatkuvia kybervakoiluyrityksiä, eikä toiminnan odoteta laantuvan pitkälläkään aikavälillä.. katso myös supo.fi/kyberuhkat

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.

FinSpy: unseen findings

securelist.com/finspy-unseen-findings/104322/ FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011.. Apart from the Trojanized installers, we also observed infections involving usage of a UEFI or MBR bootkit. While the MBR infection has been known since at least 2014, details on the UEFI bootkit are publicly revealed in this article for the first time.

4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan

www.recordedfuture.com/chinese-apt-groups-target-afghan-telecommunications-firm/ Insikt Group has detected separate intrusion activity targeting a mail server of Roshan, one of Afghanistans largest telecommunications providers, linked to 4 distinct Chinese state-sponsored threat activity groups. . This includes activity we attribute to the Chinese state-sponsored groups RedFoxtrot and Calypso APT, as well as 2 additional clusters using the Winnti and PlugX backdoors that we have been unable to link to established groups at this time. . see also


Poliisi tunnisti kasvoja ohjelmalla, jonka tietoturvariskejä ei selvitetty riittävän hyvin KRP sai huomautuksen tietosuojavaltuutetulta

yle.fi/uutiset/3-12118726 Poliisin tulee nyt ilmoittaa kuvien käytöstä niille, joiden henkilöllisyys on tiedossa. KRP ei käytä enää Clearview AI – -kasvojentunnistusohjelmaa. Poliisi kertoo ottavansa huomautuksen vakavasti.

Microsoft 365 MFA outage locks users out of their accounts

www.bleepingcomputer.com/news/microsoft/microsoft-365-mfa-outage-locks-users-out-of-their-accounts/ Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts.

Twitter web client outage forces users to log out, blocks logins

www.bleepingcomputer.com/news/technology/twitter-web-client-outage-forces-users-to-log-out-blocks-logins/ Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets.

NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs

www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/ The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet today detailing factors to consider when choosing a virtual private network (VPN) and top configurations for deploying it securely. . full report


US arrests 33 BEC scammers linked to Nigerian crime syndicate

therecord.media/us-arrests-33-bec-scammers-linked-to-nigerian-crime-syndicate/ The FBI has arrested 33 individuals across Texas for a series of cybercrime-related activities, including BEC and romance scams.

Ukraine takes down call centers behind cryptocurrency investor scams

www.bleepingcomputer.com/news/security/ukraine-takes-down-call-centers-behind-cryptocurrency-investor-scams/ The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency investors worldwide.

Apple AirTag Bug Enables Good Samaritan Attack

krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/ The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owners phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page or to any other malicious website.

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack

www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/ Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a “sophisticated” cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed.

Phone screenshots accidentally leaked online by stalkerware-type company

blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/ pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones.. According to Jo Coscia, the security researcher who discovered the issue while using a trial version of pcTattleTale, the company uploads the screenshots to an unsecured AWS bucket.

New Microsoft Exchange service mitigates high-risk bugs automatically

www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-service-mitigates-high-risk-bugs-automatically/ Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates.

You might be interested in …

[NCSC-FI News] Apulaistietosuojavaltuutetulta huomautus ulkoministeriölle tietoturvaloukkausilmoitusten määräaikojen noudattamatta jättämisestä

Lainsäädännössä voidaan rajoittaa tiettyjä tietosuoja-asetuksen mukaisia oikeuksia kansallisen turvallisuuden takaamiseksi. Jotta tietoturvaloukkauksesta ilmoittamista kohteeksi joutuneille henkilöille voidaan lykätä kansallisen turvallisuuden nimissä, on rajoitusmahdollisuudesta säädettävä erikseen laissa. Apulaistietosuojavaltuutettu toteaa, ettei ulkoministeriötä koskevassa erityislainsäädännössä ole säädetty rajoituksia ilmoitusvelvollisuuteen rekisteröidylle kansallisen turvallisuuden takaamiseksi. Asia on saatettu myös ulkoministeriön ja oikeusministeriön tietoon mahdollisten lainsäädännön muutostarpeiden arvioimista varten. Source: Read […]

Read More

[NCSC-FI News] FBI warns of new reverse instant payments banking scam

FBI issued an alert earlier this month detailing a new way scammers have been successfully swindling victims in the USA. The criminals use social engineering to trick victims into thinking that they are transferring funds to themselves Bad actors initially approach the potential victims via text messages and then continue the interaction via phone. The […]

Read More

[NCSC-FI News] Kaksivaiheinen tunnistautuminen on ehdottomasti hyvä asia, mutta heikosti toteutettuna sekin voidaan kiertää

Kun puhutaan kirjautumisista laitteille, järjestelmiin ja palveluihin, on monivaiheinen tunnistautuminen ehdottomasti parempi vaihtoehto kuin pelkkä tunnus ja salasana. Silti, jos monivaiheinen tunnistautuminen on heikosti toteutettu, voidaan sekin kiertää. Varottavista esimerkeistä kertoo Wired Alkup. https://www.wired.com/story/multifactor-authentication-prompt-bombing-on-the-rise/ Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.