Daily NCSC-FI news followup 2021-10-09

FinSpy: the ultimate spying tool

www.kaspersky.com/blog/finspy-for-windows-macos-linux/42383/ FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users. Heres what it can do and how to stay protected. At Kasperskys recent Security Analyst Summit, our experts presented a detailed report on FinSpy (aka FinFisher) spyware and its distribution methods, including some previously unknown ones. You can read more about their findings in Securelists post. In this article, meanwhile, we explore what kind of malware FinSpy is and how you can protect yourself from it.

Tips for DFIR Analysts, pt III

windowsir.blogspot.com/2021/10/tips-for-dfir-analysts-pt-iii.html Learn to think critically. Don’t take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not…you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.).

Cox Media Group confirms ransomware attack that took down broadcasts

www.bleepingcomputer.com/news/security/cox-media-group-confirms-ransomware-attack-that-took-down-broadcasts/ American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The company acknowledged the attack in data breach notification letters sent today via U.S. Mail to over 800 impacted individuals believed to have had their personal information exposed in the attack. The group first informed potentially affected individuals of the incident via email on July 30.

Hardware Bolsters Medical Device Security

www.darkreading.com/vulnerabilities-threats/hardware-bolsters-medical-device-security The medical device industry has transformed over the last decade, driven by an explosion in the Internet of Mobile Things and increased connectivity. As complexity around the technology, supply chains, and management of these devices grows, so have security concerns. Traditionally benefiting from no connectivity, or security through obscurity, today’s medical devices are complex systems with multiple layers of commodity-based hardware and software. As a result, medical devices today are more vulnerable to generic threats that target mainstream software libraries and operating systems like Windows and Linux.

Demo: A Guide to Virtual Machine App Security

www.trendmicro.com/en_us/devops/21/j/virtual-machine-security-guidelines.html It may seem like containers are the go-to method for cloud building, however 95% applications run on traditional infrastructure deployments like dedicated servers, shared hosting, and virtual machines (VMs). While Gartner has predicted that by 2022 15% of organizations will be using containers, that still leaves 85% continuing to run many applications and services as server-based deployments. Servers dont seem to be going anywhere anytime soon.. Enterprises have run legacy architectures for more than a decade while serving their growing customer base. During this time, theyve addressed capacity constraint challenges with cloud platforms.

ESET researchers have discovered a previously unknown malware family that utilizes custom and well-designed modules, targeting systems running Linux

www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ Modules used by this malware family, which we dubbed FontOnLake, are constantly under development and provide remote access to the operators, collect credentials, and serve as a proxy server. In this blogpost, we summarize the findings published in full in our white paper.

Google Confirms Powerful Password Shield Heading For 150 Million Chosen Ones

www.forbes.com/sites/daveywinder/2021/10/09/googles-powerful-password-shield-heads-for-150-million-automatically-opted-in-users/ Google has confirmed that it will be pushing forward, on an ‘automatic enrollment’ basis, with a bold security update for some 150 million users before the year-end. I am sure you are wondering if you will be among the chosen ones who get opted into using this powerful password shield and, if so, what exactly does this mean?. The confirmation from Google came by way of an official safety and security blog posting this week. The announcement by Google’s Chrome group product manager, AbdelKarim Mardini and director of Google account security and safety, Guemmy Kim, reinforces the password security switch message I wrote about back in May.

Vastaamon entiset potilaat vaativat jopa 10 000 euron korvauksia tietomurrosta konkurssipesä pitää 2 500:aa euroa ylärajana

yle.fi/uutiset/3-12134525 Psykoterapiakeskus Vastaamon konkurssipesä on ensimmäistä kertaa arvioinut asiakkaille maksettavien vahingonkorvauksien enimmäismäärää. Konkurssipesän mukaan yksityishenkilöt voisivat saada korvauksia enimmillään 2 500 euroa. Arvio selviää tiedotteesta, jonka pesänhoitaja on lähettänyt velkojille. Summa ei kuitenkaan tarkoita sitä, että vahingonkorvauksia vaativat saisivat tuon rahamäärän.

You might be interested in …

Daily NCSC-FI news followup 2020-11-16

Verkkorikolliset yrittävät nyt kiristää varastetulla datalla tuplasti Yhä useampi raportoi, ettei tietoja ole palautettu lunnaiden maksun jälkeen www.kauppalehti.fi/uutiset/verkkorikolliset-yrittavat-nyt-kiristaa-varastetulla-datalla-tuplasti-yha-useampi-raportoi-ettei-tietoja-ole-palautettu-lunnaiden-maksun-jalkeen/5d70090b-104d-4950-a751-0… Esimerkiksi Revil-kiristysohjelmaa käyttäneet hakkerit olivat lähestyneet uhreja uudelleen viikkoja sen jälkeen, kun lunnaat oli vastaanotettu. Kun uhri saa lunnaat maksettuaan salausavaimen, sitä ei voida häneltä ottaa pois. Varastettujen tietojen avulla rikolliset sen sijaan voivat palata toiseen maksuun […]

Read More

Daily NCSC-FI news followup 2020-05-03

Koronavirustartuntoja jäljittävän sovelluksen testaaminen alkaa Suomessa samalla yhteiseurooppalaisen ratkaisun löytäminen näyttää yhä vaikeammalta yle.fi/uutiset/3-11332842 Koronavirustartuntojen jäljittävän puhelinsovelluksen testaaminen käynnistyy tässä kuussa Suomessa. Vaasan keskussairaalassa toteutettavassa pilottihankkeessa selvitetään, miten hyvin puhelimien Bluetooth-teknologia selviää lähikontaktien kartoituksesta. Sosiaali- ja terveysministeriö on arvioinut, että altistumisia jäljittävä sovellus voisi olla käytettävissä kesäkuussa. Levittääkö 5G-säteily koronavirusta ja onko se uhka lasten […]

Read More

Daily NCSC-FI news followup 2020-01-23

Increased Emotet Malware Activity www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.