Huijauspuhelut tulevat yhä useammin väärennetystä numerosta Näin Elisa ja Traficom kitkevät huijauksia
www.tivi.fi/uutiset/tv/31f2dc55-c825-4b0a-bee3-c17fd2899325 Liikenne- ja viestintävirasto Traficom valmistelee keinoja estää huijauspuheluissa yleistynyt soittajan numeron väärentäminen. Keinoja etsitään yhdessä Suomessa toimivien teleoperaattoreiden kanssa. Tavoite on kansainvälisten rikollisten toiminnan vaikeuttaminen ja estäminen.
New German government coalition promises not to buy exploits
therecord.media/new-german-government-coalition-promises-not-to-buy-exploits/ The three political parties set to form the new German government have agreed to stop buying zero-day vulnerabilities and limit the government’s future use of monitoring software (spyware). “The exploitation of weak points in IT systems is in a highly problematic relationship to IT security and civil rights, ” the three parties said in the section dedicated to national and internal security.
Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia
www.recordedfuture.com/chinese-state-sponsored-cyber-espionage-expansion-power-influence-southeast-asia/ This report profiles trends in Chinese state-sponsored cyber espionage activity targeting Southeast Asian countries. The activity was identified through large-scale automated network traffic analytics and expert analysis. Data sources include the Recorded Future Platform, SecurityTrails, DomainTools, PolySwarm, Farsight, Team Cymru, and common open-source tools and techniques. The research will be of most interest to individuals engaged in strategic and operational intelligence relating to the activities of Chinese military and foreign intelligence agencies in cyberspace and network defenders with a presence in Southeast Asia.
Digikompassi ja digitoimisto mistä on kyse?
impulssilvm.fi/2021/12/08/digikompassi-ja-digitoimisto-mista-on-kyse/ Digitaalinen kompassi eli digikompassi on työkalu, johon kootaan Suomen digitalisaatiotavoitteet vuoteen 2030 saakka. Digikompassin tarkoituksena on rakentaa parempaa arkea ja digitaalisen toiminnan edellytyksiä yhteiskunnan eri aloille. Digikompassin toteuttamiseen tarvitaan kokonaiskuvaa ja kykyjen kohdistamista sinne, missä saadaan aikaan merkittävimmät tulokset. Digitoimisto tuottaa tietoa, jonka avulla ministerit ja ministeriöt voivat suunnata digitalisaatiokehitystä, poistaa sujuvan digiarjen esteitä ja ratkaista havaittuja ongelmia esimerkiksi lainsäädännössä, teknologioissa ja toimijoiden välisessä
Tor’s main site blocked in Russia as censorship widens
www.bleepingcomputer.com/news/security/tor-s-main-site-blocked-in-russia-as-censorship-widens/ The Tor Project’s main website, torproject.org, is actively blocked by Russia’s largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project. Russia’s censorship of Tor’s site started on December 1, 2021, but many initially disregarded it by suggesting it was merely a side effect of experimentation with the Runet, Russia’s sovereign internet project. However, as it now seems to be the case, Russia is undergoing a coordinated action against Tor, orchestrated by Roskomnadzor, the Federal Service for Supervision of Communications, Information Technology and Mass Media.
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/ Today, Emotet research group Cryptolaemus warned that Emotet is now skipping their primary malware payload of TrickBot or Qbot and directly installing Cobalt Strike beacons on infected devices. This is a significant change in tactics as after Emotet installed its primary payload of TrickBot or Qbot, victims typically had some time to detect the infection before Cobalt Strike was deployed.
When old friends meet again: why Emotet chose Trickbot for rebirth
research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/ Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Trickbot has been involved in different ransomware campaigns such as infamous Ryuk and Conti attacks. Trickbot is constantly being updated with new capabilities, features and distribution vectors, which enables it to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns. It is known since 2016 and is continuing to live and evolve 5 years later despite even the most serious attempts to disrupt the botnet, like the one in October 2020. Recently CPR noticed that Trickbot infected machines started to drop Emotet samples, for the first time since the takedown of Emotet in January 2021. This research will analyze the Trickbot malware, describe its activity after the takedown, and explain why Emotet chose Trickbot when it came to Emotet’s rebirth. We will also dive into the technical details of Emotet infection.
What to Do When a Ransomware Group Disappears
securityintelligence.com/articles/when-ransomware-attack-disappears/ It’s your company’s worst nightmare: attackers managed to sneak ransomware onto your servers. Now, you’re locked out of every file unless you agree to pay whatever price they’re asking. As if the situation couldn’t get any worse, the attackers disappear without a trace and you can’t even pay their ransom to unlock your files. What do you do now?
Not with a Bang but a Whisper: The Shift to Stealthy C2
threatpost.com/tactics-attackers-stealthy-c2/176853/ As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat (APT) malware and the billion-dollar infosec industry is hard to keep up with, so today we’re going to take a closer look at the new tactics threat actors are using for command-and-control (C2) obfuscation.
Burnout: The next great security threat at work
blog.1password.com/state-of-access-report-burnout-breach/ Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has emerged: employee burnout.
But why that VPN? How WireGuard made it into Linux
www.theregister.com/2021/12/08/wireguard_linux/ Maybe someday maybe Zero Trust will solve many of our network security problems. But for now, if you want to make sure you don’t have an eavesdropper on your network, you need a Virtual Private Network (VPN). Why WireGuard rather than OpenVPN or IKEv2? Because it’s simpler to implement while maintaining security and delivering faster speeds. And, when it comes to VPNs, it’s all about balancing speed and security. So, if WireGuard is all that, why did it take so long to make it into the Linux kernel? After all, its creator, Jason Donenfeld, first came up with the ideas behind WireGuard in 2015.
Why Cloud Service Providers Are a Single Point of Failure
www.darkreading.com/cloud/why-cloud-service-providers-are-a-single-point-of-failure The use of cloud computing services is expanding, so it’s no surprise that the number and complexity of cyberattacks are also on the rise. Making matters worse is the fact that the global cloud market is essentially an oligopoly with a handful of providers dominating the space, creating systemic risk.
Connectivity providers eye redistribution of responsibilities with the DSA
www.euractiv.com/section/digital/news/connectivity-providers-eye-redistribution-of-responsibilities-with-the-dsa/ For 20 years, internet service providers have been tasked by relevant authorities with taking down illegal content. With the Digital Services Act (DSA), obligations are largely moving to online platforms.
Edge Computing and 5G: Will Security Concerns Outweigh Benefits?
securityintelligence.com/articles/edge-computing-5g-security-concerns-benefits/ You’re probably hearing a bunch of chatter about edge computing these days and how it, along with 5G, are the latest pieces of technology to redefine how we conduct our business. In fact, you may even be hearing people say that edge computing will replace cloud computing. Let’s separate the facts from the speculation.
SSRF vulnerability patched in Jamf Pro mobile security platform
portswigger.net/daily-swig/ssrf-vulnerability-patched-in-jamf-pro-mobile-security-platform A vulnerability in Jamf Pro, a popular mobile device management (MDM) platform for Apple devices, allowed attackers to stage server-side request forgery (SSRF) attacks on the application’s servers, security researchers at Assetnote have found.
Suomalainen tietoturvatalo myytiin Norjaan
www.tivi.fi/uutiset/tv/61302c25-a5c7-4450-9684-9fb5a5a98585 Tietoturvakeskuspalveluita (security operation center, soc) tarjoava Fiarone on myyty Oslossa päämajaansa pitävälle NetNordicille. Fiaronen mukaan kyberturvallisuus on yhä keskeisemmässä osassa yrityksissä. Yhtiö on tarjonnut palvelujaan niin yksityisen kuin julkisen sektorin asiakkaille vuodesta 2010.
December 2021 Forensic Challenge
isc.sans.edu/diary/rss/28108 Today’s diary is a forensic challenge for December 2021. This month’s challenge is based on network traffic from an Active Directory (AD) environment where a Windows client becomes infected. The prize for this contest is a Raspberry Pi.