Daily NCSC-FI news followup 2020-05-12

Coronavirus cyber-attacks update: beware of the phish blog.checkpoint.com/2020/05/12/coronavirus-cyber-attacks-update-beware-of-the-phish/ While we all try to get used to the Covid-19 pandemics new normal in our work and home lives, this year has been a time of unprecedented opportunity for cyber-criminals. The global response to the pandemic, and our desire for the latest information about it, has supercharged […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Daily NCSC-FI news followup 2020-05-10

Microsoft adds protection against Reply-All email storms in Office 365 www.zdnet.com/article/microsoft-adds-protection-against-reply-all-email-storms-in-office-365/ Microsoft rolled out this week a new feature to Office 365 customers to help their IT staff detect and stop “Reply-All email storms.”. The term refers to situations when employees use the Reply-All option in mass-mailed emails, such as company-wide notifications. Sodinokibi ransomware can […]

Read More

Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has […]

Read More

Daily NCSC-FI news followup 2020-05-08

Techniques: Current Use of Virtual Machine Detection Methods www.gdatasoftware.com/blog/2020/05/36068-current-use-of-virtual-machine-detection-methods A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine. Therefore, malware authors use techniques to alter the malware’s behavior when being run in a VM. But how do they actually do it? Meant to Combat ID Theft, Unemployment Benefits Letter […]

Read More

Daily NCSC-FI news followup 2020-05-07

A Deep Dive Into the Latest Maze Ransomware TTPs www.kroll.com/en/insights/publications/cyber/latest-maze-ransomware-ttps Kroll incident response (IR) practitioners worked on multiple Maze ransomware cases during the first quarter of 2020 and have new insights on the tactics, techniques and procedures (TTPs) of these actors and why organizations should revisit their IR plans. In our work with one client, […]

Read More

Daily NCSC-FI news followup 2020-05-06

COVID-19: Cloud Threat Landscape unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/ Unit 42 researchers analyzed 1.2 million newly registered domain (NRD) names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86, 600+ domains are classified as “risky” or “malicious”, spread across various regions, as shown in Figure 1. The United States has […]

Read More

Daily NCSC-FI news followup 2020-05-05

How Many Engineers Does It Take to Digitally Secure a Solar Panel? www.nist.gov/blogs/cybersecurity-insights/how-many-engineers-does-it-take-digitally-secure-solar-panel The headline for this blog post is not a trick question or the beginning of a bad joke. I asked this question maybe a bit facetiously when I met the National Cybersecurity Center of Excellence (NCCoE) energy sector team in late 2018. […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Daily NCSC-FI news followup 2020-05-03

Koronavirustartuntoja jäljittävän sovelluksen testaaminen alkaa Suomessa samalla yhteiseurooppalaisen ratkaisun löytäminen näyttää yhä vaikeammalta yle.fi/uutiset/3-11332842 Koronavirustartuntojen jäljittävän puhelinsovelluksen testaaminen käynnistyy tässä kuussa Suomessa. Vaasan keskussairaalassa toteutettavassa pilottihankkeessa selvitetään, miten hyvin puhelimien Bluetooth-teknologia selviää lähikontaktien kartoituksesta. Sosiaali- ja terveysministeriö on arvioinut, että altistumisia jäljittävä sovellus voisi olla käytettävissä kesäkuussa. Levittääkö 5G-säteily koronavirusta ja onko se uhka lasten […]

Read More