Kansallisen turvallisuuden katsaus 2021
supo.fi/kansallisen-turvallisuuden-katsaus Kyberuhkista keskeisin on valtiollinen kybervakoilu. Suomeen kohdistuu jatkuvia kybervakoiluyrityksiä, eikä toiminnan odoteta laantuvan pitkälläkään aikavälillä.. katso myös supo.fi/kyberuhkat
Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
FinSpy: unseen findings
securelist.com/finspy-unseen-findings/104322/ FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011.. Apart from the Trojanized installers, we also observed infections involving usage of a UEFI or MBR bootkit. While the MBR infection has been known since at least 2014, details on the UEFI bootkit are publicly revealed in this article for the first time.
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
www.recordedfuture.com/chinese-apt-groups-target-afghan-telecommunications-firm/ Insikt Group has detected separate intrusion activity targeting a mail server of Roshan, one of Afghanistans largest telecommunications providers, linked to 4 distinct Chinese state-sponsored threat activity groups. . This includes activity we attribute to the Chinese state-sponsored groups RedFoxtrot and Calypso APT, as well as 2 additional clusters using the Winnti and PlugX backdoors that we have been unable to link to established groups at this time. . see also
Poliisi tunnisti kasvoja ohjelmalla, jonka tietoturvariskejä ei selvitetty riittävän hyvin KRP sai huomautuksen tietosuojavaltuutetulta
yle.fi/uutiset/3-12118726 Poliisin tulee nyt ilmoittaa kuvien käytöstä niille, joiden henkilöllisyys on tiedossa. KRP ei käytä enää Clearview AI – -kasvojentunnistusohjelmaa. Poliisi kertoo ottavansa huomautuksen vakavasti.
Microsoft 365 MFA outage locks users out of their accounts
www.bleepingcomputer.com/news/microsoft/microsoft-365-mfa-outage-locks-users-out-of-their-accounts/ Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts.
Twitter web client outage forces users to log out, blocks logins
www.bleepingcomputer.com/news/technology/twitter-web-client-outage-forces-users-to-log-out-blocks-logins/ Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets.
NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs
www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/ The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet today detailing factors to consider when choosing a virtual private network (VPN) and top configurations for deploying it securely. . full report
US arrests 33 BEC scammers linked to Nigerian crime syndicate
therecord.media/us-arrests-33-bec-scammers-linked-to-nigerian-crime-syndicate/ The FBI has arrested 33 individuals across Texas for a series of cybercrime-related activities, including BEC and romance scams.
Ukraine takes down call centers behind cryptocurrency investor scams
www.bleepingcomputer.com/news/security/ukraine-takes-down-call-centers-behind-cryptocurrency-investor-scams/ The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency investors worldwide.
Apple AirTag Bug Enables Good Samaritan Attack
krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/ The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owners phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page or to any other malicious website.
UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack
www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/ Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a “sophisticated” cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed.
Phone screenshots accidentally leaked online by stalkerware-type company
blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/ pcTattleTale hasnt been very careful about securing the screenshots it sneakily takes from its victims phones.. According to Jo Coscia, the security researcher who discovered the issue while using a trial version of pcTattleTale, the company uploads the screenshots to an unsecured AWS bucket.
New Microsoft Exchange service mitigates high-risk bugs automatically
www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-service-mitigates-high-risk-bugs-automatically/ Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates.
