Daily NCSC-FI news followup 2019-10-30

Major vulnerability patched in the EU’s eIDAS authentication system www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/ Vulnerability would have allowed attackers to pose as any EU citizen or business. SEC Consult researchers said they found that current versions of the eIDAS-Node package fail to validate certificates used in eIDAS operations, allowing attackers to fake the certificate of any other eIDAS citizen […]

Read More

Daily NCSC-FI news followup 2019-10-29

Industrial equipment to come under fire at the world’s largest hacking contest www.zdnet.com/article/industrial-equipment-to-come-under-fire-at-the-worlds-largest-hacking-contest/ Pwn2Own hacking contest to feature ICS SCADA targets for the first time. The next Pwn2Own contest is set to take place at the S4 ICS security conference that will be held in Miami South Beach on January 21-23, 2020. Microsoft: Russian hackers […]

Read More

Daily NCSC-FI news followup 2019-10-28

800 cyberattacks an hour in the United Kingdom www.pandasecurity.com/mediacenter/security/cyberattacks-united-kingdom-councils/ In 2019, public administrations have suffered a great deal at the hands of cybercriminals. In January, the city hall of Del Rio, Texas, suffered a ransomware attack that forced its employees to carry out their work with pen and paper. This incident was first in a […]

Read More

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign […]

Read More

Daily NCSC-FI news followup 2019-10-25

Cachet Financial Reeling from MyPayrollHR Fraud krebsonsecurity.com/2019/10/cachet-financial-reeling-from-mypayrollhr-fraud/ When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which […]

Read More

Daily NCSC-FI news followup 2019-10-24

Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI). Cyber chief: The IoT could provide a model for improved […]

Read More

Daily NCSC-FI news followup 2019-10-23

NCSC-UK Annual Review 2019 www.ncsc.gov.uk/news/annual-review-2019 Single-page version PDF: www.ncsc.gov.uk/files/NCSC_Annual%20Review_2019%20single%20pagination.pdf Virus Bulletin confernce 2019: Papers on Emotet and Ryuk www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/ Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they […]

Read More

Daily NCSC-FI news followup 2019-10-22

Googlen ja Amazonin älykaiuttimia voi käyttää vakoiluun ja tietojen urkintaan haittasovelluksien kautta. www.is.fi/digitoday/art-2000006281649.html Tutkijat esittelevät julkaisemallaan videolla yhtä mahdollista urkintakeinoa. Horoskooppisovellukseksi naamioitu haittasovellus ilmoittaa ensin, ettei horoskoopin luku onnistu ja hiljenee. Sammumisen sijaan sovellus pysyy kuitenkin käynnissä. 3 Key Questions to Help Address Enterprise IoT Security Risks securityintelligence.com/posts/3-key-questions-to-help-address-enterprise-iot-security-risks/ Armis estimated that by 2021, up to […]

Read More

Daily NCSC-FI news followup 2019-10-21

Verkon myyntisivustolla liikkuu huijariostajia näyttävät myyjälle väärennetyn kuitin tai tiliotteen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/verkon_myyntisivustolla_liikkuu_huijariostajia_nayttavat_myyjalle_vaarennetyn_kuitin_tai_tiliotteen_85170 Helsingin poliisin tietoon on tullut syksyn aikana samantyyppisiä huijaustapauksia, joissa tavarat ovat vaihtaneet omistajaa Tori.fi-verkkosivuston kautta. Tapauksissa huijarit ovat esittäneet ostotilanteessa myyjälle väärennetyn kuitin tai tiliotteen, joka on tehty pankin demosivustolla. Venäläiset kaappasivat Iranin operaation ja vakoilivat kohteita kymmenissä maissa www.hs.fi/ulkomaat/art-2000006280146.html Turvallisuuspalvelu FSB:hen yhdistetty […]

Read More