Haittaohjelma lietsoo pelkoa ei lähde edes Windowsin uudelleenasennuksella
www.tivi.fi/uutiset/tv/521b1ca1-ab6f-4b27-8cbf-d0ec229cd3ca MoonBounce-niminen haittaohjelma on tehty toimimaan tietokoneen uefi-laiteohjelmistossa, joka vastaa tietokoneen käynnistämisestä. Haittaohjelma asentuu emolevyn flash-muistiin tietokoneen kovalevyn sijaan. Siksi käyttöjärjestelmän uudelleenasennus tai kovalevyn vaihto eivät poista haittaohjelmaa.
Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui?
yle.fi/uutiset/3-12268002?origin=rss Valtionyhtiö Cinia kiertää pohjoisnavan lännen kautta, vaikka se vaatii 1 500 kilometriä pidemmän kaapelin. Hyytävässä geopoliittisessa ilmastossa se on turvallisin reitti.
9-vuotiaat pommittavat palvelimia nurin syypäänä tuttu syntipukki, lääkkeenä hyödytöntä kiusaa
www.tivi.fi/uutiset/tv/d71e18e1-0e4b-4654-a4be-e0419032f5dc Iso-Britannian National Crime Agency (NCA) on käynnistänyt uuden hankkeen, jolla pyritään ohjaamaan nuoria hakkerinalkuja pois mieron tieltä. Syytä on, sillä NCA:n kyberrikosyksikkö NCCU:n mukaan nuorimmat pahantekijät ovat vasta yhdeksänvuotiaita.
Log4j vulnerability – update from the CSIRTs Network
www.enisa.europa.eu/news/enisa-news/log4j-vulnerability-update-from-the-csirts-network The EU CSIRTs Network has been closely following the development of the Log4Shell situation since 10 December 2021.
European Commission launches new open source software bug bounty program
portswigger.net/daily-swig/european-commission-launches-new-open-source-software-bug-bounty-program The European Commission (EC) has launched a bug bounty program for open source projects that underpin its public services.
Combatting SMS and phone fraud: UK government issues guidance
blog.malwarebytes.com/how-tos-2/2022/01/combatting-sms-and-phone-fraud-uk-government-issues-guidance/ The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages effective and trustworthy.
Cross-Country Exposure
citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/ Analysis of the MY2022 Olympics App
BitLocker encryption: Clear text key storage prompts security debate online
portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online This month, a Twitter and StackOverflow debate has been taking place over how BitLocker encryption keys are stored before users sign in with a Microsoft account. In a Twitter thread started by user @atomicthumbs, the question was why, when an installation of Microsoft Windows 11 with a local account takes place, the drive will still be encrypted with BitLocker “but it keeps the key on the drive… in clear text… until you sign in with a Microsoft account”.
Crime Shop Sells Hacked Logins to Other Crime Shops
krebsonsecurity.com/2022/01/crime-shop-sells-hacked-logins-to-other-crime-shops/ Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
nakedsecurity.sophos.com/2022/01/21/cryptocoin-broker-crypto-com-says-2fa-bypass-led-to-35m-theft/ Maltese cryptocoin broker Foris DAX MT Ltd, better known by its domain name Crypto.com, experienced a multi-million dollar “bank robbery” earlier this month.
Magecart Attacks Continue to Skim’ Software Supply Chains
securityintelligence.com/articles/magecart-software-supply-chain/ Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack.
Over 90 WordPress themes, plugins backdoored in supply chain attack
www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/ A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360, 000 active websites.
Merck wins cyber-insurance lawsuit related to NotPetya attack
therecord.media/merck-wins-cyber-insurance-lawsuit-related-to-notpetya-attack/ A New Jersey court has ruled in favor of Merck in a lawsuit the pharmaceutical company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack. […] Ace American refused to cover the losses, citing that the NotPetya attack was part of Russian hostilities against Ukraine and, as a result, was subject to the standard “Acts of War” exclusion clause that is present in most insurance contracts. Merck sued Ace American in November 2019 and argued in court that the attack was not “an official state action, ” hence the Acts of War clause should not apply.
Major Breakthrough As Quantum Computing in Silicon Hits 99% Accuracy
scitechdaily.com/major-breakthrough-as-quantum-computing-in-silicon-hits-99-accuracy/ Australian researchers have proven that near error-free quantum computing is possible, paving the way to build silicon-based quantum devices compatible with current semiconductor manufacturing technology.
Spyware Blitzes Compromise, Cannibalize ICS Networks
threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/ The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution.
CISA adds 13 exploited vulnerabilities to list, 9 with Feb. 1 remediation date
www.zdnet.com/article/cisa-adds-13-exploited-vulnerabilities-to-list-9-with-feb-1-remediation-date/ CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them have a remediation date of July 18.
Log4J: Attackers continue targeting VMware Horizon servers
www.zdnet.com/article/log4j-attackers-continue-targeting-vmware-horizon-servers/ According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.
Japan’s Supreme Court rules cryptojacking scripts are not malware
www.theregister.com/2022/01/21/japan_supreme_court_cryptojacking_not_malware/ A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware.
Haittaohjelma lietsoo pelkoa ei lähde edes Windowsin uudelleenasennuksella
www.tivi.fi/uutiset/tv/521b1ca1-ab6f-4b27-8cbf-d0ec229cd3ca MoonBounce-niminen haittaohjelma on tehty toimimaan tietokoneen uefi-laiteohjelmistossa, joka vastaa tietokoneen käynnistämisestä. Haittaohjelma asentuu emolevyn flash-muistiin tietokoneen kovalevyn sijaan. Siksi käyttöjärjestelmän uudelleenasennus tai kovalevyn vaihto eivät poista haittaohjelmaa.
Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui?
yle.fi/uutiset/3-12268002?origin=rss Valtionyhtiö Cinia kiertää pohjoisnavan lännen kautta, vaikka se vaatii 1 500 kilometriä pidemmän kaapelin. Hyytävässä geopoliittisessa ilmastossa se on turvallisin reitti.
9-vuotiaat pommittavat palvelimia nurin syypäänä tuttu syntipukki, lääkkeenä hyödytöntä kiusaa
www.tivi.fi/uutiset/tv/d71e18e1-0e4b-4654-a4be-e0419032f5dc Iso-Britannian National Crime Agency (NCA) on käynnistänyt uuden hankkeen, jolla pyritään ohjaamaan nuoria hakkerinalkuja pois mieron tieltä. Syytä on, sillä NCA:n kyberrikosyksikkö NCCU:n mukaan nuorimmat pahantekijät ovat vasta yhdeksänvuotiaita.
Log4j vulnerability – update from the CSIRTs Network
www.enisa.europa.eu/news/enisa-news/log4j-vulnerability-update-from-the-csirts-network The EU CSIRTs Network has been closely following the development of the Log4Shell situation since 10 December 2021.
European Commission launches new open source software bug bounty program
portswigger.net/daily-swig/european-commission-launches-new-open-source-software-bug-bounty-program The European Commission (EC) has launched a bug bounty program for open source projects that underpin its public services.
Combatting SMS and phone fraud: UK government issues guidance
blog.malwarebytes.com/how-tos-2/2022/01/combatting-sms-and-phone-fraud-uk-government-issues-guidance/ The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages effective and trustworthy.
Cross-Country Exposure
citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/ Analysis of the MY2022 Olympics App
BitLocker encryption: Clear text key storage prompts security debate online
portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online This month, a Twitter and StackOverflow debate has been taking place over how BitLocker encryption keys are stored before users sign in with a Microsoft account. In a Twitter thread started by user @atomicthumbs, the question was why, when an installation of Microsoft Windows 11 with a local account takes place, the drive will still be encrypted with BitLocker “but it keeps the key on the drive… in clear text… until you sign in with a Microsoft account”.
Crime Shop Sells Hacked Logins to Other Crime Shops
krebsonsecurity.com/2022/01/crime-shop-sells-hacked-logins-to-other-crime-shops/ Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
nakedsecurity.sophos.com/2022/01/21/cryptocoin-broker-crypto-com-says-2fa-bypass-led-to-35m-theft/ Maltese cryptocoin broker Foris DAX MT Ltd, better known by its domain name Crypto.com, experienced a multi-million dollar “bank robbery” earlier this month.
Magecart Attacks Continue to Skim’ Software Supply Chains
securityintelligence.com/articles/magecart-software-supply-chain/ Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack.
Over 90 WordPress themes, plugins backdoored in supply chain attack
www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/ A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360, 000 active websites.
Merck wins cyber-insurance lawsuit related to NotPetya attack
therecord.media/merck-wins-cyber-insurance-lawsuit-related-to-notpetya-attack/ A New Jersey court has ruled in favor of Merck in a lawsuit the pharmaceutical company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack. […] Ace American refused to cover the losses, citing that the NotPetya attack was part of Russian hostilities against Ukraine and, as a result, was subject to the standard “Acts of War” exclusion clause that is present in most insurance contracts. Merck sued Ace American in November 2019 and argued in court that the attack was not “an official state action, ” hence the Acts of War clause should not apply.
Major Breakthrough As Quantum Computing in Silicon Hits 99% Accuracy
scitechdaily.com/major-breakthrough-as-quantum-computing-in-silicon-hits-99-accuracy/ Australian researchers have proven that near error-free quantum computing is possible, paving the way to build silicon-based quantum devices compatible with current semiconductor manufacturing technology.
Spyware Blitzes Compromise, Cannibalize ICS Networks
threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/ The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution.
CISA adds 13 exploited vulnerabilities to list, 9 with Feb. 1 remediation date
www.zdnet.com/article/cisa-adds-13-exploited-vulnerabilities-to-list-9-with-feb-1-remediation-date/ CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them have a remediation date of July 18.
Log4J: Attackers continue targeting VMware Horizon servers
www.zdnet.com/article/log4j-attackers-continue-targeting-vmware-horizon-servers/ According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.
Japan’s Supreme Court rules cryptojacking scripts are not malware
www.theregister.com/2022/01/21/japan_supreme_court_cryptojacking_not_malware/ A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware.
