Daily NCSC-FI news followup 2021-10-16

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

thehackernews.com/2021/10/cisa-issues-warning-on-cyber-threats.html The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021. Lisäksi:

us-cert.cisa.gov/ncas/alerts/aa21-287a

Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013

isc.sans.edu/diary/rss/27940 Johannes published a diary on this activity last week for an Apache 2.4.49 directory traversal vulnerability where the patch was made available on September 15, 2021. Apache released a new update on October 7, 2021, indicating their advisory for “Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)”.

Check your iPhone for compromised passwords… NOW!

www.zdnet.com/article/check-your-iphone-for-compromised-passwords-now/ But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.

China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes

www.darkreading.com/vulnerabilities-threats/china-s-hackers-crack-devices-at-tianfu-cup-for-1-5m-in-prizes Competitions such as Pwn2Own gives talented hackers the opportunity to crack products from some of the world’s largest technology companies. This weekend is China’s equivalent hacking competition, the Tianfu Cup in Chengdu, China.

When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

securityintelligence.com/articles/red-team-versus-blue-team-attack/ Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.

Threat Roundup for October 8 to October 15

blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Attackers Behind Trickbot Expanding Malware Distribution Channels

thehackernews.com/2021/10/attackers-behind-trickbot-expanding.html The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. Lisäksi:

threatpost.com/trickbot-cybercrime-elite-affiliates/175510/

How Attackers Hack Humans

www.darkreading.com/edge-articles/how-attackers-hack-humans Inside their motivations, how they go about it — and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.

You might be interested in …

Daily NCSC-FI news followup 2019-10-14

Laajamittainen häiriö Nesteen IT-järjestelmissä www.neste.com/fi/tiedotteet-ja-uutiset/laajamittainen-hairio-nesteen-it-jarjestelmissa Nesteen IT-järjestelmissä on havaittu laajamittainen häiriö. Häiriö vaikuttaa Nesteen Suomen ja Baltian toimintoihin laajasti prosessi-, säiliö- ja terminaalialueella, ja aiheuttaa viivästyksiä tuotejakelussa. Häiriön syytä tutkitaan parhaillaan yhteistyössä palveluntarjoajien kanssa. Connecting the dots: Exposing the arsenal and methods of the Winnti Group www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ New ESET white paper released describing updates to […]

Read More

Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla. Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty […]

Read More

Daily NCSC-FI news followup 2019-09-27

Some Voting Machines Still Have Decade-Old Vulnerabilities www.wired.com/story/voting-village-results-hacking-decade-old-bugs/ The results of the 2019 Defcon Voting Village are inand they paint an ugly picture for voting machine security.. In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers […]

Read More