Daily NCSC-FI news followup 2021-10-04

Facebookin palveluissa poikkeuksellisia ongelmia ympäri maailman F-Securen Hyppönen: tiettävästi palveluiden ylläpitäjän tekemä virhe

yle.fi/uutiset/3-12128258 Somejätti Facebookin palveluissa on ollut illan aikana ongelmia ympäri maailman, kertovat useat kansainväliset mediat. Uutistoimisto Reutersin mukaan ongelmia on ilmennyt myös Twitterillä, Googlella ja Amazonilla. myös: www.hs.fi/talous/art-2000008309670.html. myös:

www.iltalehti.fi/digiuutiset/a/e9d571df-f2b7-48d7-87e6-5836f0425624. myös: www.is.fi/digitoday/art-2000008309646.html

Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on

isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ More readable summary of the analysis below: The BGP routes pointing traffic to Facebook’s IP address space have been withdrawn. The Internet no longer knows where to find Facebook’s IPs. One symptom is that DNS requests are failing. But this is just the result of Facebook hosting its DNS servers inside its own network. Even with working DNS (for example if you still have cached results), the IPs are currently not reachable. also:

krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/. also:

arstechnica.com/information-technology/2021/10/facebook-instagram-whatsapp-and-oculus-are-down-heres-what-we-know/

Facebookin skandaali syvenee, ilmiantaja astui esiin “valitsee ennemmin tuotot kuin ihmisten turvallisuuden”

www.tivi.fi/uutiset/tv/ed2d6dde-58e9-4120-93f1-3804a96929f1 Facebookin sisäisiä dokumentteja vuotanut ilmiantaja astui viikonloppuna julkisuuteen.

Pilvipalveluiden suosio Suomessa kasvaa kyberuhkista huolimatta

www.kauppalehti.fi/uutiset/pilvipalveluiden-suosio-suomessa-kasvaa-kyberuhkista-huolimatta/7de25d11-7d37-4f07-8755-45d4a76eeffb Yritykset siirtävät toimintojaan pilveen yhä enenevissä määrin. Vaikka tietoturva huolettaa, koetaan tarve pysyä kilpailukykyisenä sekä asiakasvaatimuksiin vastaaminen syinä siirtää toimintoja yhä enemmän pilveen.

Two ransomware operators arrested in Ukraine

therecord.media/two-members-of-a-ransomware-gang-were-arrested-in-ukraine-following-a-joint-international-law-enforcement-operation/ Two members of a ransomware gang were arrested in Ukraine following a joint international law enforcement operation. The arrests took place last week, on September 28, in Kyiv, Ukraine’s capital, and were carried out by officers of the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol.

Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack

news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/ A new ransomware operator uses stealthy techniques, but borrows heavily from other players.

Jumpataan kyberturvallisuuden perustaidot kuntoon – Tule mukaan!

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/jumpataan-kyberturvallisuuden-perustaidot-kuntoon-tule-mukaan Euroopan kyberturvallisuuskuukausi, European Cyber Security Month, kutsuu mukaan meidät kaikki, jotka käytämme nettiä ja älylaitteita. Tarjoamme on vinkkejä, joiden avulla jokainen voi parantaa tietoturvallisuuttaan ja auttaa myös läheisiä esimerkiksi suojautumaan nettihuijareilta. Eurooppalainen kyberturvallisuuden yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Tule mukaan!

#BeCyberSmart: When we learn together, we’re more secure together

www.microsoft.com/security/blog/2021/10/04/becybersmart-when-we-learn-together-were-more-secure-together/

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/ While researching a misconfiguration in the popular workflow platform, Apache Airflow, we discovered a number of unprotected instances. These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries. In the vulnerable Airflows, we see exposed credentials for popular platforms and services such as Slack, PayPal, AWS and more. All Apache Airflow users are urged to update to the latest version immediately and make sure their deployments are only accessible to authorized users.

BazarLoader and the Conti Leaks

thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/ In July, we observed an intrusion that started from a BazarLoader infection and lasted approximately three days. The threat actor’s main priority was to map the domain network, while looking for interesting data to exfiltrate. Their preferred method of operation was through GUI applications such as RDP and AnyDesk.

DHS and NIST release post-quantum cryptography guidance

therecord.media/dhs-and-nist-release-post-quantum-cryptography-guidance/ The Department of Homeland Security and the Department of Commerce’s National Institute of Standards and Technology on Monday released a guide designed to help organizations prepare for risks introduced by advancements in quantum computing.

Company That Routes Billions of Text Messages Quietly Says It Was Hacked

www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected,. but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.

Hyökkääjät yrittävät arvata salasanasi näin suojaudut

www.iltalehti.fi/tietoturva/a/f9553838-9e0b-40da-bb71-56894330dc5d Huijarit ja kyberrikolliset ovat olleet erittäin aktiivisia kuluneella vuodella. Huijausviestien lisäksi tietokoneverkkoja pommitetaan erittäin aggressiivisesti salasanojen arvaushyökkäyksillä, joita tapahtuu miljardeja kuukaudessa. Koska hyökkäysyritysten määrä on niin korkea, on kyse automatisoidusta toiminnasta. Jos salasana on helposti arvattavissa, tai monessa eri palvelussa on käytössä sama salasana, helpottuu hyökkääjän urakka melkoisesti.

Boutique “Dark” Botnet Hunting for Crumbs

isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ As I have said before, Internet of Things (IoT) devices are best compared to Mosquitos. Individually, they are annoying. But their large number makes them the most deadly animal around. Many botnets like Mirai or Mozi are going after simple exploits affecting large numbers of devices. These mosquito hunters are like birds in the sense that they live from large numbers of vulnerable devices. But aside from these more visible botnets, there are smaller, “Boutique” botnets. They go after less common vulnerabilities and pick systems that the major botnets find not lucrative enough to go after. Usually, only a few vulnerable devices are exposed. Taking the animal analogy a bit too far: These are like crustaceans on the ocean floor living off what the predators above discard.

You might be interested in …

Daily NCSC-FI news followup 2020-08-05

Defending the Oil and Gas Industry Against Cyber Threats securityintelligence.com/posts/oil-gas-security/ The oil and gas industry is one of the most powerful financial sectors in the world, critical to global and national economies. Therefore, this industry is a valuable target for adversaries seeking to exploit Industrial Control Systems (ICS) vulnerabilities. As the recent increase in attacks […]

Read More

Daily NCSC-FI news followup 2020-03-25

Updated protection for Microsoft Office 365 www.kaspersky.com/blog/office-365-protection-update/34412/ In the context of the coronavirus pandemic, there is a growing need to protect collaborative software. We updated Kaspersky Security for Microsoft Office 365 and extended the free license period to six months. US Government Sites Give Bad Security Advice krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/ Many U.S. government Web sites now carry […]

Read More

Daily NCSC-FI news followup 2020-07-20

Cybersecurity basics more important then ever in the new normal of remote work says Salesforce Chief Trust Officer www.zdnet.com/article/cybersecurity-basics-more-important-then-ever-in-the-new-normal-of-remote-work-says-salesforce-chief-trust-officer/ Jim Alkove, Chief Trust Officer at Salesforce, talks security in the new normal of remote work, cybersecurity best practices, and how security jobs can be a way to increase diversity in IT. BadPower attack corrupts fast […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.