Daily NCSC-FI news followup 2022-01-21

Haittaohjelma lietsoo pelkoa ei lähde edes Windowsin uudelleenasennuksella

www.tivi.fi/uutiset/tv/521b1ca1-ab6f-4b27-8cbf-d0ec229cd3ca MoonBounce-niminen haittaohjelma on tehty toimimaan tietokoneen uefi-laiteohjelmistossa, joka vastaa tietokoneen käynnistämisestä. Haittaohjelma asentuu emolevyn flash-muistiin tietokoneen kovalevyn sijaan. Siksi käyttöjärjestelmän uudelleenasennus tai kovalevyn vaihto eivät poista haittaohjelmaa.

Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui?

yle.fi/uutiset/3-12268002?origin=rss Valtionyhtiö Cinia kiertää pohjoisnavan lännen kautta, vaikka se vaatii 1 500 kilometriä pidemmän kaapelin. Hyytävässä geopoliittisessa ilmastossa se on turvallisin reitti.

9-vuotiaat pommittavat palvelimia nurin syypäänä tuttu syntipukki, lääkkeenä hyödytöntä kiusaa

www.tivi.fi/uutiset/tv/d71e18e1-0e4b-4654-a4be-e0419032f5dc Iso-Britannian National Crime Agency (NCA) on käynnistänyt uuden hankkeen, jolla pyritään ohjaamaan nuoria hakkerinalkuja pois mieron tieltä. Syytä on, sillä NCA:n kyberrikosyksikkö NCCU:n mukaan nuorimmat pahantekijät ovat vasta yhdeksänvuotiaita.

Log4j vulnerability – update from the CSIRTs Network

www.enisa.europa.eu/news/enisa-news/log4j-vulnerability-update-from-the-csirts-network The EU CSIRTs Network has been closely following the development of the Log4Shell situation since 10 December 2021.

European Commission launches new open source software bug bounty program

portswigger.net/daily-swig/european-commission-launches-new-open-source-software-bug-bounty-program The European Commission (EC) has launched a bug bounty program for open source projects that underpin its public services.

Combatting SMS and phone fraud: UK government issues guidance

blog.malwarebytes.com/how-tos-2/2022/01/combatting-sms-and-phone-fraud-uk-government-issues-guidance/ The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages effective and trustworthy.

Cross-Country Exposure

citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/ Analysis of the MY2022 Olympics App

BitLocker encryption: Clear text key storage prompts security debate online

portswigger.net/daily-swig/bitlocker-encryption-clear-text-key-storage-prompts-security-debate-online This month, a Twitter and StackOverflow debate has been taking place over how BitLocker encryption keys are stored before users sign in with a Microsoft account. In a Twitter thread started by user @atomicthumbs, the question was why, when an installation of Microsoft Windows 11 with a local account takes place, the drive will still be encrypted with BitLocker “but it keeps the key on the drive… in clear text… until you sign in with a Microsoft account”.

Crime Shop Sells Hacked Logins to Other Crime Shops

krebsonsecurity.com/2022/01/crime-shop-sells-hacked-logins-to-other-crime-shops/ Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

nakedsecurity.sophos.com/2022/01/21/cryptocoin-broker-crypto-com-says-2fa-bypass-led-to-35m-theft/ Maltese cryptocoin broker Foris DAX MT Ltd, better known by its domain name Crypto.com, experienced a multi-million dollar “bank robbery” earlier this month.

Magecart Attacks Continue to Skim’ Software Supply Chains

securityintelligence.com/articles/magecart-software-supply-chain/ Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack.

Over 90 WordPress themes, plugins backdoored in supply chain attack

www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/ A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360, 000 active websites.

Merck wins cyber-insurance lawsuit related to NotPetya attack

therecord.media/merck-wins-cyber-insurance-lawsuit-related-to-notpetya-attack/ A New Jersey court has ruled in favor of Merck in a lawsuit the pharmaceutical company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack. […] Ace American refused to cover the losses, citing that the NotPetya attack was part of Russian hostilities against Ukraine and, as a result, was subject to the standard “Acts of War” exclusion clause that is present in most insurance contracts. Merck sued Ace American in November 2019 and argued in court that the attack was not “an official state action, ” hence the Acts of War clause should not apply.

Major Breakthrough As Quantum Computing in Silicon Hits 99% Accuracy

scitechdaily.com/major-breakthrough-as-quantum-computing-in-silicon-hits-99-accuracy/ Australian researchers have proven that near error-free quantum computing is possible, paving the way to build silicon-based quantum devices compatible with current semiconductor manufacturing technology.

Spyware Blitzes Compromise, Cannibalize ICS Networks

threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/ The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution.

CISA adds 13 exploited vulnerabilities to list, 9 with Feb. 1 remediation date

www.zdnet.com/article/cisa-adds-13-exploited-vulnerabilities-to-list-9-with-feb-1-remediation-date/ CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them have a remediation date of July 18.

Log4J: Attackers continue targeting VMware Horizon servers

www.zdnet.com/article/log4j-attackers-continue-targeting-vmware-horizon-servers/ According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.

Japan’s Supreme Court rules cryptojacking scripts are not malware

www.theregister.com/2022/01/21/japan_supreme_court_cryptojacking_not_malware/ A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware.

You might be interested in …

[NCSC-FI News] Ukraine War Prompts Europe’s New Emergency Rules for the Internet

The Digital Services Act has granted the European Commission unprecedented power over tech companies in times of war. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2020-10-21

Useat tahot tutkivat psykoterapiakeskus Vastaamon tietomurtoa ja kiristystä Kyberturvallisuuskeskus pitää tapausta poikkeuksellisena yle.fi/uutiset/3-11605223 Psykoterapiakeskus Vastaamoon on tehty tietomurto. Yritys kertoo tiedotteessaan, että ulkopuolinen henkilö on ollut heihin yhteydessä ja kertonut saaneensa asiakkaiden luottamuksellisia tietoja.. Tiedoista on myös yritetty kiristää rahaa.. katso myös www.is.fi/digitoday/tietoturva/art-2000006677282.html Kelan nimissä kalastellaan verkkopankkitunnuksia ja luottokorttitietoja yle.fi/uutiset/3-11606389 Kelan nimissä lähetetyissä huijausviesteissä väitetään, […]

Read More

[NCSC-FI News] German library service struggling to recover from ransomware attack

A popular German library service notified its users of a range of issues connected to a cyberattack targeting their service provider EKZ. Source: Read More (NCSC-FI daily news followup)

Read More