Daily NCSC-FI news followup 2021-10-16

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

thehackernews.com/2021/10/cisa-issues-warning-on-cyber-threats.html The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021. Lisäksi:

us-cert.cisa.gov/ncas/alerts/aa21-287a

Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013

isc.sans.edu/diary/rss/27940 Johannes published a diary on this activity last week for an Apache 2.4.49 directory traversal vulnerability where the patch was made available on September 15, 2021. Apache released a new update on October 7, 2021, indicating their advisory for “Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)”.

Check your iPhone for compromised passwords… NOW!

www.zdnet.com/article/check-your-iphone-for-compromised-passwords-now/ But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.

China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes

www.darkreading.com/vulnerabilities-threats/china-s-hackers-crack-devices-at-tianfu-cup-for-1-5m-in-prizes Competitions such as Pwn2Own gives talented hackers the opportunity to crack products from some of the world’s largest technology companies. This weekend is China’s equivalent hacking competition, the Tianfu Cup in Chengdu, China.

When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

securityintelligence.com/articles/red-team-versus-blue-team-attack/ Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.

Threat Roundup for October 8 to October 15

blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Attackers Behind Trickbot Expanding Malware Distribution Channels

thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. Lisäksi:

threatpost.com/trickbot-cybercrime-elite-affiliates/175510/

How Attackers Hack Humans

www.darkreading.com/edge-articles/how-attackers-hack-humans Inside their motivations, how they go about it — and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.

You might be interested in …

Daily NCSC-FI news followup 2019-06-29

Toiminta jälleen normaalia kyberhyökkäys lamaannutti Lahden kaupungin tietoverkon www.mtvuutiset.fi/artikkeli/toiminta-jalleen-normaalia-kyberhyokkays-lamaannutti-lahden-kaupungin-tietoverkon/7463758 Lahden kaupungin tietoverkon toiminta on palautunut pääosin normaaliksi, kertoo Lahden kaupunki. Kaupungin tietojärjestelmään tehtiin kyberhyökkäys yli kaksi viikkoa sitten.. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Tämä lamaannutti osittain kaupungin toiminnan.. Palveluissa saattaa olla hitautta, ja joitakin toimimattomia yhteyksiä vielä työstetään MongoDB Leak Exposed […]

Read More

Daily NCSC-FI news followup 2022-02-04

Savonia-ammattikorkeakouluun tehty massiivinen tietoturvahyökkäys kiristysohjelma lukinnut tietoja yle.fi/uutiset/3-12302764 Pohjois-Savossa toimivaan Savonia-ammattikorkeakouluun on tehty massiivinen tietoturvahyökkäys. Se huomattiin perjantaiaamuna, hyökkäys on tapahtunut aamuyön aikana. Ammattikorkeakoulun mukaan tiedossa ei ole, että esimerkiksi henkilötietoja tai muuta arkaluontoista tietoa olisi vaarantunut. Ammattikorkeakoulun tietokoneille on asentunut kiristysohjelma, joka on lukinnut tiedostoja. Niiden avaamiseksi vaaditaan maksua bitcoineina. Kiristysohjelma on salakirjoittanut ammattikorkeakoulun […]

Read More

Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks […]

Read More