Onko sinulla kiire luopua rahoistasi?
poliisi.fi/blogi/-/blogs/onko-sinulla-kiire-luopua-rahoistasi Poliisin tietoon tulleiden tietoverkkoavusteisten rikosten uhriksi on joutunut jo tuhansia suomalaisia. Vaikka luulet, ettei niin voisi käydä sinulle, pysähdy ja mieti vielä hetki. Petosrikoksissa on kyse toisen erehdyttämisestä tai erehdyksen hyväksikäyttämisestä siten, että rikoksen uhrille syntyy taloudellista vahinkoa. …pelkästään muutamaan nykypäivänä yleiseen ja kohtalaisen tunnettuun petostapaan (niin sanottuihin nigerialaiskirjeisiin, rakkaus-, sijoitus-, laina-, HelpDesk- ja toimitusjohtajapetoksiin) liittyen on kirjattu tänä vuonna noin 1 400 rikosilmoitusta ja suomalaiset ovat menettäneet petosrikollisille yli 23 miljoonaa euroa.
U.S. Government set to ban sale of hacking tools to China and Russia
therecord.media/u-s-government-set-to-ban-sale-of-hacking-tools-to-china-and-russia/ The Commerce Department introduced a new export control rule on Wednesday aimed at curbing the export or resale of hacking tools to China and Russia. The regulation had been held up for years amid concern that attempting to curb such sales would inadvertently hobble defensive cyber efforts. Lisäksi:
OWASP’s 2021 List Shuffle: A New Battle Plan and Primary Foe
thehackernews.com/2021/10/owasps-2021-list-shuffle-new-battle.html In this increasingly chaotic world, there have always been a few constants that people could reliably count on:. The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the top ten most common and dangerous vulnerabilities that attackers are actively exploiting. Lisäksi: owasp.org/Top10/
Political-themed actor using old MS Office flaw to drop multiple RATs
www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/ A novel threat actor with unclear motivesis running a crimeware campaign delivering multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882. Lisäksi:
blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html. Lisäksi:
threatpost.com/apt-commodity-rats-microsoft-bug/175601/
Zerodium wants zero-day exploits for Windows VPN clients
www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/ In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. Lisäksi:
therecord.media/zerodium-seeking-zero-days-in-expressvpn-nordvpn-and-surfshark-vpn-apps/
VPN Exposes Data for 1M Users, Leading to Researcher Questioning
threatpost.com/vpn-exposes-data-1m/175612/ Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information (PII) of more than a million users in just the latest high-profile VPN security failure.
q-logger skimmer keeps Magecart attacks going
blog.malwarebytes.com/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/ Although global e-commerce is continuing to grow rapidly, it seems as though Magecart attacks via digital skimmers have not followed the same trend. This is certainly true if we only look at recent newsworthy attacks; indeed when a victim is a large business or popular brand we typically are more likely to remember it.
Russian-speaking cybercrime evolution: What changed from 2016 to 2021
securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/ Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi.
DoS attacks against Russian firms have almost tripled in 2021
www.bleepingcomputer.com/news/security/ddos-attacks-against-russian-firms-have-almost-tripled-in-2021/ A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year. Lisäksi:
rt-solar.ru/analytics/reports/2403/
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors
www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/ Researchers with Google’s Threat Analysis Group (TAG), who first spotted the campaign in late 2019, found that multiple hack-for-hire actors recruited via job ads on Russian-speaking forums were behind these attacks.
Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique
thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.
Twitter suspends hacker who allegedly stole data of 45 million Argentinians
www.zdnet.com/article/twitter-suspends-hacker-who-stole-data-of-46-million-argentinians/ Twitter has suspended a hacker who allegedly stole all of the data from Argentina’s database holding the IDs and information of all 45 million citizens of the country.
Thanks to COVID-19, New Types of Documents are Lost in The Wild
isc.sans.edu/diary/rss/27952 ..there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information. For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files. Lisäksi:
Lasten digitaalista hyvinvointia ja turvallisuutta parannetaan yhteistyöllä – Microsoftin, Accenturen ja Pelastakaa Lasten viidesluokkalaisille suunnattu oppimisalusta otetaan käyttöön vuonna 2022
www.epressi.com/tiedotteet/avustukset-ja-vapaaehtoistyo/lasten-digitaalista-hyvinvointia-ja-turvallisuutta-parannetaan-yhteistyolla-microsoftin-accenturen-ja-pelastakaa-lasten-viidesluokkalaisille-… Monenlainen digilaitteiden käyttö voi olla lapsille hauskaa ja hyödyllistä, mutta digipalvelujen käyttöön liittyymyös haasteita ja vaikeita tilanteita. Lisäksi:
