Daily NCSC-FI news followup 2021-10-04

Facebookin palveluissa poikkeuksellisia ongelmia ympäri maailman F-Securen Hyppönen: tiettävästi palveluiden ylläpitäjän tekemä virhe

yle.fi/uutiset/3-12128258 Somejätti Facebookin palveluissa on ollut illan aikana ongelmia ympäri maailman, kertovat useat kansainväliset mediat. Uutistoimisto Reutersin mukaan ongelmia on ilmennyt myös Twitterillä, Googlella ja Amazonilla. myös: www.hs.fi/talous/art-2000008309670.html. myös:

www.iltalehti.fi/digiuutiset/a/e9d571df-f2b7-48d7-87e6-5836f0425624. myös: www.is.fi/digitoday/art-2000008309646.html

Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on

isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ More readable summary of the analysis below: The BGP routes pointing traffic to Facebook’s IP address space have been withdrawn. The Internet no longer knows where to find Facebook’s IPs. One symptom is that DNS requests are failing. But this is just the result of Facebook hosting its DNS servers inside its own network. Even with working DNS (for example if you still have cached results), the IPs are currently not reachable. also:

krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/. also:


Facebookin skandaali syvenee, ilmiantaja astui esiin “valitsee ennemmin tuotot kuin ihmisten turvallisuuden”

www.tivi.fi/uutiset/tv/ed2d6dde-58e9-4120-93f1-3804a96929f1 Facebookin sisäisiä dokumentteja vuotanut ilmiantaja astui viikonloppuna julkisuuteen.

Pilvipalveluiden suosio Suomessa kasvaa kyberuhkista huolimatta

www.kauppalehti.fi/uutiset/pilvipalveluiden-suosio-suomessa-kasvaa-kyberuhkista-huolimatta/7de25d11-7d37-4f07-8755-45d4a76eeffb Yritykset siirtävät toimintojaan pilveen yhä enenevissä määrin. Vaikka tietoturva huolettaa, koetaan tarve pysyä kilpailukykyisenä sekä asiakasvaatimuksiin vastaaminen syinä siirtää toimintoja yhä enemmän pilveen.

Two ransomware operators arrested in Ukraine

therecord.media/two-members-of-a-ransomware-gang-were-arrested-in-ukraine-following-a-joint-international-law-enforcement-operation/ Two members of a ransomware gang were arrested in Ukraine following a joint international law enforcement operation. The arrests took place last week, on September 28, in Kyiv, Ukraine’s capital, and were carried out by officers of the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol.

Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack

news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/ A new ransomware operator uses stealthy techniques, but borrows heavily from other players.

Jumpataan kyberturvallisuuden perustaidot kuntoon – Tule mukaan!

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/jumpataan-kyberturvallisuuden-perustaidot-kuntoon-tule-mukaan Euroopan kyberturvallisuuskuukausi, European Cyber Security Month, kutsuu mukaan meidät kaikki, jotka käytämme nettiä ja älylaitteita. Tarjoamme on vinkkejä, joiden avulla jokainen voi parantaa tietoturvallisuuttaan ja auttaa myös läheisiä esimerkiksi suojautumaan nettihuijareilta. Eurooppalainen kyberturvallisuuden yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Tule mukaan!

#BeCyberSmart: When we learn together, we’re more secure together


Misconfigured Airflows Leak Thousands of Credentials from Popular Services

www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/ While researching a misconfiguration in the popular workflow platform, Apache Airflow, we discovered a number of unprotected instances. These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries. In the vulnerable Airflows, we see exposed credentials for popular platforms and services such as Slack, PayPal, AWS and more. All Apache Airflow users are urged to update to the latest version immediately and make sure their deployments are only accessible to authorized users.

BazarLoader and the Conti Leaks

thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/ In July, we observed an intrusion that started from a BazarLoader infection and lasted approximately three days. The threat actor’s main priority was to map the domain network, while looking for interesting data to exfiltrate. Their preferred method of operation was through GUI applications such as RDP and AnyDesk.

DHS and NIST release post-quantum cryptography guidance

therecord.media/dhs-and-nist-release-post-quantum-cryptography-guidance/ The Department of Homeland Security and the Department of Commerce’s National Institute of Standards and Technology on Monday released a guide designed to help organizations prepare for risks introduced by advancements in quantum computing.

Company That Routes Billions of Text Messages Quietly Says It Was Hacked

www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected,. but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.

Hyökkääjät yrittävät arvata salasanasi näin suojaudut

www.iltalehti.fi/tietoturva/a/f9553838-9e0b-40da-bb71-56894330dc5d Huijarit ja kyberrikolliset ovat olleet erittäin aktiivisia kuluneella vuodella. Huijausviestien lisäksi tietokoneverkkoja pommitetaan erittäin aggressiivisesti salasanojen arvaushyökkäyksillä, joita tapahtuu miljardeja kuukaudessa. Koska hyökkäysyritysten määrä on niin korkea, on kyse automatisoidusta toiminnasta. Jos salasana on helposti arvattavissa, tai monessa eri palvelussa on käytössä sama salasana, helpottuu hyökkääjän urakka melkoisesti.

Boutique “Dark” Botnet Hunting for Crumbs

isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ As I have said before, Internet of Things (IoT) devices are best compared to Mosquitos. Individually, they are annoying. But their large number makes them the most deadly animal around. Many botnets like Mirai or Mozi are going after simple exploits affecting large numbers of devices. These mosquito hunters are like birds in the sense that they live from large numbers of vulnerable devices. But aside from these more visible botnets, there are smaller, “Boutique” botnets. They go after less common vulnerabilities and pick systems that the major botnets find not lucrative enough to go after. Usually, only a few vulnerable devices are exposed. Taking the animal analogy a bit too far: These are like crustaceans on the ocean floor living off what the predators above discard.

You might be interested in …

[NCSC-FI News] Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code “The vulnerabilities require authentication, but can be triggered by any user with read permissions, ” Uriya Yavnieli and Or […]

Read More

Daily NCSC-FI news followup 2021-06-17

Black Kingdom ransomware securelist.com/black-kingdom-ransomware/102873/ Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or […]

Read More

Daily NCSC-FI news followup 2020-07-19

WSJ: Yhdysvaltalaistutkijat jäljittivät matkapuhelinten signaaleja lähellä venäläisiä sotilaskohteita yle.fi/uutiset/3-11455540 Kaupallisesti saatavilla olevaa paikannustietoa käytetään yhä enemmän myös valtiollisessa tiedustelussa. Amerikkalainen tutkijaryhmä Mississippin yliopistosta seurasi viime vuonna matkapuhelinten signaaleja lähellä Venäjän sotilasalueita, Wall Street Journal uutisoi. Lue myös: www.wsj.com/articles/academic-project-used-marketing-data-to-monitor-russian-military-sites-11595073601 iOS 13.6: Apple Just Gave iPhone Users 29 Security Reasons To Update Now www.forbes.com/sites/kateoflahertyuk/2020/07/19/ios-136-apple-just-gave-iphone-users-29-security-reasons-to-update-now/ Apple’s iOS 13.6 […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.