While most phishing campaigns are fairly simplistic in nature and easy to spot (they usually involve a legitimate-looking email, often with a malicious attachment or link embedded in the text), a spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to send malware as part of or as a response to an existing email thread. Because it’s part of a legitimate and on-going conversation, this particular approach can often be tricky and difficult to detect. Often, the victim may not realize that they’ve been a victim of a cyberattack until it’s too late.
In Windows 10, Microsoft added a new ransomware protection feature called Controlled Folder Access that can be used to prevent modifications to files in protected folders by unknown programs.
At the DerbyCon security conference last week, a security researcher showed how DLL injection can be used by ransomware to bypass the Controlled Folder Access ransomware protection feature.
Lawyers for supermarket chain Morrisons today urged the UK Court of Appeal to overturn an earlier judgment that made the company partly liable for a criminal data breach that saw 100,000 people’s payroll details published via Tor.
Four years ago a disgruntled Morrisons employee, Andrew Skelton, who had legitimate access to the company’s entire payroll, published its contents online using anonymising network Tor. The breach was widely regarded as one of the worst in recent years.
He posted details of salaries, bank details and National Insurance numbers on data-sharing sites in a move said to have cost Morrisons more than £2m to sort out.
The High Court ruled last year that the supermarket was “vicariously liable” for Skelton’s actions – and would therefore have to pay compensation.
This week Morrisons wants to have that judgment “overturned”
“Morrisons itself is completely innocent in respect of this data event,”
If Morrisons wins, the effect on data protection law will be massive: it will become more difficult for employers to be held responsible for malicious employees committing data breaches.
Last week the October 2018 update for Windows 10 had barely arrived before Microsoft was forced to pause its rollout, as a few users complained of missing files. Now Microsoft says it has identified and fixed the problem, which was related to a feature called “Known Folder Redirection (KFR)” and an attempt to remove extra duplicate folders that could cause lost files in three specific scenarios.
It isn’t ready to begin delivering the fixed 1809 update to most users yet (a test version is rolling out to its Slow and Release preview rings first), but a change that’s already noticeable is in its Windows Insider Feedback Hub.
New, more sophisticated IoT botnet targets a wide range of devices
2018 has been a year where the Mirai and QBot variants just keep coming. Any script kiddie now can use the Mirai source code, make a few changes, give it a new Japanese-sounding name, and then release it as a new botnet.
Britain’s military just underwent a $130.5 million (£100 million) exercise, part of which focussed on what to do if Russia attacks the West.
If Russia does, Britain will send Moscow into total darkness by launching a cyberattack on its electricity supply, Military sources told the Sunday Times.
The two-day training exercise took place on Saturday and Sunday deep in a desert in Oman.
British military forces reportedly practiced a cyberattack on Russia on Saturday to send Moscow into total darkness if Vladimir Putin’s forces attack the West.
Military sources told the Sunday Times that the only other way of hitting Russia back would be to use nuclear weapons.
But cyber weapons reportedly give Britain the best chance of deterring Russia because the West no longer has small battlefield nuclear weapon
Defence chiefs have war-gamed a massive cyber-strike to black out Moscow if Vladimir Putin launches a military attack on the West, after concluding that the only other way of hitting back would be to use nuclear weapons.
Senior security sources have told The Sunday Times they are concerned that Britain has a capability gap that has left commanders with too few weapons to meet Kremlin aggression short of firing a Trident nuclear missile.
Security
World’s largest CCTV maker leaves at least 9 million cameras open to public viewing
Xiongmai’s cloud portal opens sneaky backdoor into servers
By Shaun Nichols in San Francisco 9 Oct 2018 at 23:51
17 Reg comments SHARE ▼
people peer into camera. photo by shutterstock
Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses.
This time, it’s Chinese surveillance camera maker Xiongmai who was named and shamed by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed default credentials and unsigned firmware updates that could be delivered via the service.
“Our recommendation is to stop using Xiongmai and Xiongmai OEM devices altogether,” SEC Consult recommended.
“The company has a bad security track record including its role in Mirai and various other IoT botnets. There are vulnerabilities that have been published in 2017, which are still not fixed in the most recent firmware version.”
Enabled by default, the P2P Cloud service allows users to remotely connect to devices via either a web browser or an iOS/Android app and control the hardware without needing a local network connection.
Unfortunately, SEC Consult explained, shortcomings in both the devices themselves and the service, such as unencrypted connections and default passwords (owners are not required to change the defaults when setting up the device) mean that in many cases, accessing and compromising camera could be a cinch.
Additionally, SEC Consult notes, the Xiongmai devices do not require that firmware updates be signed
Russian media is reporting that someone has tried to torch the notorious St Petersberg “troll factory,” linked with trolling Western social media sites, sparking a police investigation.
The Internet Research Agency became famous as a “fake news” operation spreading misinformation by way of Facebook ads, and stealing Americans’ identities to set up the PayPal accounts that paid for the ads. In February, US authorities indicted 13 individuals as operating the troll factory.
Russian outlet RBC reported last year (in Russian) that the agency had reinvented itself as a media operation, Federal News Agency, claiming an audience of 36 million people.
The outcome of such thesis is a JavaScript exploit that takes advantage of the (now) well-known Rowhammer vulnerability to compromise an Android smartphone with NO software bugs in less than two minutes. Not completely satisfied we also wanted to give it a cool name: meet GLitch. GLitch is the first exploit of its kind for two main reasons: (i) it represents the first instance of a JavaScript-based Rowhammer attack on the more widespread ARM platforms (that is, your smartphone), (ii) it is the first PoC of Rowhammer bit flips triggered from the GPU (and from a website).
Now you may be asking yourself: wtf?!! how is this even possible?? how can you trigger bit flips from the GPU? and how do you do it from JS? The answer is WebGL. The WebGL API gives access to GPU acceleration
Only 1 in 20 HTTPS servers correctly implements HTTP Strict Transport Security, a widely-supported security feature that prevents visitors making unencrypted HTTP connections to a server.
The remaining 95% are therefore vulnerable to trivial connection hijacking attacks
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities.
A staggering 83 percent of home and office routers have vulnerabilities that could be exploited by attackers. Of those vulnerable, over a quarter harbor high-risk and critical vulnerabilities, according to a report released this week by American Consumer Institute on router safety (PDF).
For months, Google has been trying to stay out of the way of the growing tech backlash, but yesterday, the dam finally broke with news of a bug in the rarely used Google+ network that exposed private information for as many as 500,000 users. Google found and fixed the bug back in March, around the same time the Cambridge Analytica story was heating up in earnest. [...] The vulnerability itself seems to have been relatively small in scope. The heart of the problem was a specific developer API that could be used to see non-public information. But crucially, there’s no evidence that it actually was used to see private data, and given the thin user base,
The bigger problem for Google isn’t the crime, but the cover-up. The vulnerability was fixed in March, but Google didn’t come clean until seven months later when The Wall Street Journal got hold of some of the memos discussing the bug.
There are lots of laws about reporting breaches — primarily the GDPR but also a string of state-level bills — but by that standard, what happened to Google+ wasn’t technically a breach. Those laws are concerned with unauthorized access to user information, codifying the basic idea that if someone steals your credit card or phone number, you have a right to know about it. But Google just found that data was available to developers, not that any data was actually taken.
IBM Security’s Managed Security Services (MSS) team monitors the enterprise threat landscape on an ongoing basis, detecting and mapping new threats as they emerge.
What Is Drupal, and Why Is It a Target?
Like WordPress, Drupal is a content management system (CMS) that is used widely by people who create and maintain websites and applications for all sorts of purposes, both personal and business, private and public. Drupal is open source and, as such, is maintained by a community of users. This is also how its security and vulnerability patching is maintained.
CMSs that are used across a large number of websites are juicy targets for cybercriminals, who commonly automate their attacks in a one-size-fits-all type of operation. Those who target random websites aim to compromise as many as possible and consider the monetization options later.
The payment-card-skimming malware operation dubbed Magecart has turned up again, this time in Shopper Approved, a customer rating plugin for websites.
Shopper Approved is a toolkit used by hundreds of e-commerce sites, and it was infected with the MageCart spyware, allowing crooks to siphon off bank card data entered into webpages using the customer-rating plugin, infosec biz RiskIQ reported this week. The infection, first spotted on September 15, closely resembles the cyber-attack that emerged over the summer against Ticketmaster rather than the later and more sophisticated, and high profile, raid on British Airways passengers.
The Necurs botnet, a large and well-known spam originator, has become synonymous with cybercrime. Its spam-sending capabilities, through a botnet of a few million infected devices, are frequently dedicated to vast campaigns that deliver banking malware, cryptojacking malware, ransomware and a variety of email scams sent to millions of recipients in each run.
IBM X-Force monitors Necurs activity and recently discovered yet another face of this malspam volcano. This time, Necurs is spewing geotargeted emails designed to threaten and extort payment from those who may have been watching adult movies or possibly having an extramarital affair.
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.
In late 2016, the world witnessed the sheer disruptive power of Mirai, a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings.
Since then, two of those firms — Huawei and Dahua — have taken steps to increase the security of their IoT products out-of-the-box. But Xiongmai — despite repeated warnings from researchers about deep-seated vulnerabilities in its hardware — has continued to ignore such warnings and to ship massively insecure hardware and software for use in products that are white-labeled and sold by more than 100 third-party vendors.
On Tuesday, Austrian security firm SEC Consult released the results of extensive research into multiple, lingering and serious security holes in Xiongmai’s hardware.
“Although Xiongmai had seven months notice, they have not fixed any of the issues,” the researchers wrote in a blog post published today. “The conversation with them over the past months has shown that security is just not a priority to them at all.”
SD-WAN Harvester tool was created to automatically enumerate and
fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine
for discovering, NMAP NSE scripts for fingerprinting, and masscan to
implement some specific checks.
A previously undocumented cyber espionage group has been targeting entities in the government, military and defense sectors since at least 2017, according to a report published on Wednesday by Symantec.
Siemens informed customers this week that many of its products are affected by the recently disclosed processor vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF).
There are a total of three Foreshadow vulnerabilities affecting Intel Core and Xeon CPUs: CVE-2018-3615, which impacts Intel’s Software Guard Extensions (SGX); CVE-2018-3620, which impacts operating systems and System Management Mode (SMM); and CVE-2018-3646, which affects virtualization software and Virtual Machine Monitors (VMM).
One of the vulnerabilities patched by Microsoft with its latest Patch Tuesday updates is a Windows zero-day exploited by an advanced persistent threat (APT) group in attacks aimed at entities in the Middle East.
The flaw, tracked as CVE-2018-8453, has been described by Microsoft as a privilege escalation issue related to how the Win32k component of Windows handles objects in memory. An authenticated attacker can exploit the vulnerability to take control of an affected system.
Saudi dissident and Washington Post columnist Jamal Khashoggi went missing in Turkey last week. The outspoken critic of Saudi Arabia’s war on Yemen walked into the Saudi consulate in Istanbul at 1 pm on Tuesday, October 2, to obtain documents for his upcoming wedding. Within two hours, Turkish security officials now say, Khashoggi was dead—assassinated by a team of Saudi agents.
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts.
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.
Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records
Diachenko rebuffed Mindbody’s claim, saying that there was “some” health information in the data, based on his analysis of the data. TechCrunch also found several records including height, weight and shoe sizes.
Mindbody said that it will “comply with all applicable legal obligations” in reporting the data exposure to U.S. and European authorities, but wouldn’t say if it will inform customers of the security lapse.
The company may also face action from European authorities under GDPR
In a first, federal agents lured a Chinese government spy to Belgium, where authorities transferred him this week to the United States for prosecution on economic espionage charges, U.S. officials said Wednesday.
Washington (CNN) — “Nearly all” the weapons systems that were being developed by the US military from 2012 to 2017 are vulnerable to cyber-attack, according to a new report by the Government Accountability Office.
The watchdog’s report says the GAO “found that from 2012 to 2017, (Department of Defense) testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development.”
“The key conclusion is that the DOD needs a new weapons security paradigm,” says Edelman. “In a world where our most sophisticated fighter jets are effectively supercomputers with very hot engines, that’s a risk we have to take very seriously.” Over a trillion dollars of advanced military weapon systems is worth nothing, if all it takes to compromise them is a default admin password.
In fact, the report found that only one out of 20 cyber vulnerabilities that the DOD had been alerted to in previous risk assessments had been fixed during the time period of the new report.
If you think that Flash, the once-popular web plugin, couldn’t die fast enough, even those annoying fake Flash installers riddled with malware aren’t going anywhere any time soon. In fact, they’re getting even sneakier.
New research out of Palo Alto Networks found a recent spike of fake Flash installers not only dropping cryptocurrency mining malware on vulnerable computers — but actually installing Flash while it’s there.
Cybersecurity agencies in the United States, United Kingdom, Canada, Australia and New Zealand have released a joint report describing five of the most commonly used hacking tools.
The report was written by experts at the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC), and the US National Cybersecurity and Communications Integration Center (NCCIC).
The goal of the report, its authors said, is to provide network defenders and system administrators advice on how to detect the tools and limit their effectiveness.
Five types of tools are described, including remote access trojans (RATs), web shells, lateral movement frameworks, command and control (C&C) obfuscators, and credential stealers – all of which can be used after the targeted system has been compromised.
The RAT included in the report is JBiFrost, a variant of Adwind. The Five Eyes agencies have warned that while JBiFrost has been mostly used by low-skilled threat actors and cybercriminals, it can also be useful to state-sponsored groups.
A threat actor was observed targeting Drupal vulnerabilities patched earlier this year to install a backdoor on compromised servers, IBM reports.
The hackers target CVE-2018-7600, or Drupalgeddon2, a critical vulnerability found to impact Drupal versions 6, 7 and 8, but which was addressed in March this year. Assigned a risk score of 21/25, the vulnerability could be exploited to gain full control over a site, including access to non-public data.
Google this week revealed that Android’s kernel is becoming more resilient to code reuse attacks, courtesy of implemented support for LLVM’s Control Flow Integrity (CFI).
CFI support, Google says, was added to Android kernel versions 4.9 and 4.14 and the feature is available to all device vendors. However, Google Pixel 3, which was launched earlier this week, is the first device to take advantage of the new security mitigations.
One of the manners in which attackers achieve code execution even without injecting executable code of their own, Google reveals, is by abusing kernel bugs to overwrite a function pointer stored in memory. The method is popular with the kernel given the large number of function pointers the latter uses and the protections that make code injection difficult.
CFI, however, was designed to mitigate these attacks through additional checks applied to the kernel’s control flow. While this still allows an attacker to change a function pointer if a bug provides write access to one, it significantly restricts the valid call targets, thus making exploitation more difficult.
LLVM’s solution to CFI also requires the use of Link Time Optimization (LTO), which also requires the adoption of LLVM’s integrated assembler for inline assembly. The GNU toolchain, which Linux kernel relies on for assembling, compiling, and linking the kernel, will continue to be used for stand-alone assembly code.
An audit commissioned by Mozilla for the Firefox update system revealed no critical vulnerabilities and the flaws rated “high severity” were not easy to exploit.
Experts at Germany-based X41 spent 27 days analyzing the Firefox Application Update Service (AUS), including its update signing protocol, client code, backend and other components. The audit involved a cryptographic review, fuzzing, pentesting, and manual code analysis.
X41′s audit revealed 14 vulnerabilities, including three issues that based on their CVSS score would be rated as “high severity,” seven “medium” and four “low” flaws. In addition, experts discovered 21 issues that have been described by Mozilla as “side findings,” which are informational.
Mozilla this week announced that the distrust of older Symantec certificates, initially planned for Firefox 63, will be delayed.
Following a long series of problems regarding the wrongful issuance of certificates issued by the Certification Authority (CA) run by Symantec, one of the oldest and largest CAs, browser makers have decided to remove trust in all Symantec-issued certificates before the end of this year.
Both Google and Mozilla said they would gradually remove trust in all TLS/SSL certificates issed by Symantec. Google, which removed trust in certificates that Symantec issued before June 1, 2016, with the release of Chrome 66 in April, wants to remove trust in all Symantec certificates in Chrome 70.
The “weirdest acquisition ever” – Broadcom’s $19bn proposed takeover of CA Technologies – ran into a rather strange road-bump this week: a fake US military memo passed around American politicians on Capitol Hill.
That bogus missive – apparently signed off by the Department of Defense – asserted that the acquisition faced a probe by the US Treasury’s committee on foreign investment regarding national security concerns with the biz gobble, which was announced in July.
The majority (72 per cent) of FTSE 100 firms are vulnerable to DNS attacks, nearly two years after the major Dyn outage.
A similar three in five of the top 50 companies listed in the Fortune 500 are also ill-prepared for an attack similar to the Mirai botnet-powered assault against Dyn that left much of the web unreachable in late October 2016. A large minority (44 per cent) of the top 25 SaaS providers are also vulnerable, according to stats from a DNS Infrastructure Performance Report by security firm ThousandEyes published Wednesday.
Lehmuksen mukaan häiriön aiheuttanut palvelunestohyökkäys itse asiassa onnistuttiin torjumaan haitallista liikennettä suodattavien pesuripalveluiden avulla.
“Pesuripalvelut toimivat kuten pitikin ja estivät palvelunestoliikenteen. Samalla ne kuitenkin nitkauttivat palvelun ja estivät vahingossa myös oikeiden käyttäjien pääsyn sivustolle”, Lehmus kertoo.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
495 Comments
Tomi Engdahl says:
Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-campaign-uses-hijacked-emails-to-deliver-ursnif-by-replying-to-ongoing-threads/
While most phishing campaigns are fairly simplistic in nature and easy to spot (they usually involve a legitimate-looking email, often with a malicious attachment or link embedded in the text), a spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to send malware as part of or as a response to an existing email thread. Because it’s part of a legitimate and on-going conversation, this particular approach can often be tricky and difficult to detect. Often, the victim may not realize that they’ve been a victim of a cyberattack until it’s too late.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2018/10/10/kyberturvan-olympialaisista-hopeaa-suomeen/
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/hakkerointi-on-tulkinnanvaraista-messukeskuksen-jarjestelmatoimittaja-kiistaa-tietomurron-6744151
Tomi Engdahl says:
Windows 10 Ransomware Protection Bypassed Using DLL Injection
https://www.bleepingcomputer.com/news/security/windows-10-ransomware-protection-bypassed-using-dll-injection/
In Windows 10, Microsoft added a new ransomware protection feature called Controlled Folder Access that can be used to prevent modifications to files in protected folders by unknown programs.
At the DerbyCon security conference last week, a security researcher showed how DLL injection can be used by ransomware to bypass the Controlled Folder Access ransomware protection feature.
Tomi Engdahl says:
Don’t make us pay compensation for employee data breach, Morrisons begs UK court
Appeal beaks ponder first-of-a-kind data protection case
https://www.theregister.co.uk/2018/10/09/morrisons_data_breach_appeal/
Lawyers for supermarket chain Morrisons today urged the UK Court of Appeal to overturn an earlier judgment that made the company partly liable for a criminal data breach that saw 100,000 people’s payroll details published via Tor.
Four years ago a disgruntled Morrisons employee, Andrew Skelton, who had legitimate access to the company’s entire payroll, published its contents online using anonymising network Tor. The breach was widely regarded as one of the worst in recent years.
He posted details of salaries, bank details and National Insurance numbers on data-sharing sites in a move said to have cost Morrisons more than £2m to sort out.
The High Court ruled last year that the supermarket was “vicariously liable” for Skelton’s actions – and would therefore have to pay compensation.
This week Morrisons wants to have that judgment “overturned”
“Morrisons itself is completely innocent in respect of this data event,”
If Morrisons wins, the effect on data protection law will be massive: it will become more difficult for employers to be held responsible for malicious employees committing data breaches.
Tomi Engdahl says:
Microsoft says it fixed a Windows 10 update bug that deleted folders
And it’s tweaking the Insider feedback program as a result.
https://www.engadget.com/2018/10/09/windows-10-october-update-missing-folders/
Last week the October 2018 update for Windows 10 had barely arrived before Microsoft was forced to pause its rollout, as a few users complained of missing files. Now Microsoft says it has identified and fixed the problem, which was related to a feature called “Known Folder Redirection (KFR)” and an attempt to remove extra duplicate folders that could cause lost files in three specific scenarios.
It isn’t ready to begin delivering the fixed 1809 update to most users yet (a test version is rolling out to its Slow and Release preview rings first), but a change that’s already noticeable is in its Windows Insider Feedback Hub.
Tomi Engdahl says:
Torii botnet – Not another Mirai variant
https://blog.avast.com/new-torii-botnet-threat-research
New, more sophisticated IoT botnet targets a wide range of devices
2018 has been a year where the Mirai and QBot variants just keep coming. Any script kiddie now can use the Mirai source code, make a few changes, give it a new Japanese-sounding name, and then release it as a new botnet.
Tomi Engdahl says:
Bindweed: Digging Down to a Root of a Hidden Phishing Network
https://www.fortinet.com/blog/threat-research/bindweed–digging-down-to-a-root-of-a-hidden-phishing-network.html
Tomi Engdahl says:
Britain has reportedly practiced a cyberattack to send Moscow into total blackout
https://nordic.businessinsider.com/britain-to-send-moscow-into-total-blackout-if-putin-attacks-west-2018-10?r=US&IR=T
Britain’s military just underwent a $130.5 million (£100 million) exercise, part of which focussed on what to do if Russia attacks the West.
If Russia does, Britain will send Moscow into total darkness by launching a cyberattack on its electricity supply, Military sources told the Sunday Times.
The two-day training exercise took place on Saturday and Sunday deep in a desert in Oman.
British military forces reportedly practiced a cyberattack on Russia on Saturday to send Moscow into total darkness if Vladimir Putin’s forces attack the West.
Military sources told the Sunday Times that the only other way of hitting Russia back would be to use nuclear weapons.
But cyber weapons reportedly give Britain the best chance of deterring Russia because the West no longer has small battlefield nuclear weapon
UK war-games cyber attack on Moscow
Troops train for clashes against the Russians
https://www.thetimes.co.uk/edition/news/uk-war-games-cyber-attack-on-moscow-dgxz8ppv0?_ga=2.58052266.1684028993.1538922478-959467586.1538672718
Defence chiefs have war-gamed a massive cyber-strike to black out Moscow if Vladimir Putin launches a military attack on the West, after concluding that the only other way of hitting back would be to use nuclear weapons.
Senior security sources have told The Sunday Times they are concerned that Britain has a capability gap that has left commanders with too few weapons to meet Kremlin aggression short of firing a Trident nuclear missile.
Tomi Engdahl says:
World’s largest CCTV maker leaves at least 9 million cameras open to public viewing
Xiongmai’s cloud portal opens sneaky backdoor into servers
https://www.theregister.co.uk/2018/10/09/xiongmai_cctv_fail/
Security
World’s largest CCTV maker leaves at least 9 million cameras open to public viewing
Xiongmai’s cloud portal opens sneaky backdoor into servers
By Shaun Nichols in San Francisco 9 Oct 2018 at 23:51
17 Reg comments SHARE ▼
people peer into camera. photo by shutterstock
Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses.
This time, it’s Chinese surveillance camera maker Xiongmai who was named and shamed by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed to were exposed default credentials and unsigned firmware updates that could be delivered via the service.
“Our recommendation is to stop using Xiongmai and Xiongmai OEM devices altogether,” SEC Consult recommended.
“The company has a bad security track record including its role in Mirai and various other IoT botnets. There are vulnerabilities that have been published in 2017, which are still not fixed in the most recent firmware version.”
Enabled by default, the P2P Cloud service allows users to remotely connect to devices via either a web browser or an iOS/Android app and control the hardware without needing a local network connection.
Unfortunately, SEC Consult explained, shortcomings in both the devices themselves and the service, such as unencrypted connections and default passwords (owners are not required to change the defaults when setting up the device) mean that in many cases, accessing and compromising camera could be a cinch.
Additionally, SEC Consult notes, the Xiongmai devices do not require that firmware updates be signed
Tomi Engdahl says:
Russian ‘troll factory’ firebombed – but still fit to fiddle with our minds
Sick burn, bro: attacker only managed to torch a window-sill
https://www.theregister.co.uk/2018/10/10/russian_troll_factory_firebombed_with_minor_damage/
Russian media is reporting that someone has tried to torch the notorious St Petersberg “troll factory,” linked with trolling Western social media sites, sparking a police investigation.
The Internet Research Agency became famous as a “fake news” operation spreading misinformation by way of Facebook ads, and stealing Americans’ identities to set up the PayPal accounts that paid for the ads. In February, US authorities indicted 13 individuals as operating the troll factory.
Russian outlet RBC reported last year (in Russian) that the agency had reinvented itself as a media operation, Federal News Agency, claiming an audience of 36 million people.
Tomi Engdahl says:
GLitch Chronicles: Turning WebGL Into A Hammer
https://conference.hitb.org/hitbsecconf2018dxb/sessions/glitch-chronicles-turning-webgl-into-a-hammer/
The outcome of such thesis is a JavaScript exploit that takes advantage of the (now) well-known Rowhammer vulnerability to compromise an Android smartphone with NO software bugs in less than two minutes. Not completely satisfied we also wanted to give it a cool name: meet GLitch. GLitch is the first exploit of its kind for two main reasons: (i) it represents the first instance of a JavaScript-based Rowhammer attack on the more widespread ARM platforms (that is, your smartphone), (ii) it is the first PoC of Rowhammer bit flips triggered from the GPU (and from a website).
Now you may be asking yourself: wtf?!! how is this even possible?? how can you trigger bit flips from the GPU? and how do you do it from JS? The answer is WebGL. The WebGL API gives access to GPU acceleration
Tomi Engdahl says:
95% of HTTPS servers vulnerable to trivial MITM attacks
https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
Only 1 in 20 HTTPS servers correctly implements HTTP Strict Transport Security, a widely-supported security feature that prevents visitors making unencrypted HTTP connections to a server.
The remaining 95% are therefore vulnerable to trivial connection hijacking attacks
Tomi Engdahl says:
ThreatList: 83% of Routers Contain Vulnerable Code
https://threatpost.com/threatlist-83-of-routers-contain-vulnerable-code/137966/
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities.
A staggering 83 percent of home and office routers have vulnerabilities that could be exploited by attackers. Of those vulnerable, over a quarter harbor high-risk and critical vulnerabilities, according to a report released this week by American Consumer Institute on router safety (PDF).
http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf
Tomi Engdahl says:
The Breach That Killed Google+ Wasn’t a Breach At All
https://tech.slashdot.org/story/18/10/10/2041226/the-breach-that-killed-google-wasnt-a-breach-at-all?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
For months, Google has been trying to stay out of the way of the growing tech backlash, but yesterday, the dam finally broke with news of a bug in the rarely used Google+ network that exposed private information for as many as 500,000 users. Google found and fixed the bug back in March, around the same time the Cambridge Analytica story was heating up in earnest. [...] The vulnerability itself seems to have been relatively small in scope. The heart of the problem was a specific developer API that could be used to see non-public information. But crucially, there’s no evidence that it actually was used to see private data, and given the thin user base,
The bigger problem for Google isn’t the crime, but the cover-up. The vulnerability was fixed in March, but Google didn’t come clean until seven months later when The Wall Street Journal got hold of some of the memos discussing the bug.
There are lots of laws about reporting breaches — primarily the GDPR but also a string of state-level bills — but by that standard, what happened to Google+ wasn’t technically a breach. Those laws are concerned with unauthorized access to user information, codifying the basic idea that if someone steals your credit card or phone number, you have a right to know about it. But Google just found that data was available to developers, not that any data was actually taken.
The breach that killed Google+ wasn’t a breach at all
https://www.theverge.com/2018/10/9/17957312/google-plus-vulnerability-privacy-breach-law
Tomi Engdahl says:
Information leaks from army with smart phone apps
https://yle.fi/uutiset/3-10437111
Tomi Engdahl says:
Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
https://securityintelligence.com/threat-actors-prey-on-drupalgeddon-vulnerability-to-mass-compromise-websites-and-underlying-servers/
IBM Security’s Managed Security Services (MSS) team monitors the enterprise threat landscape on an ongoing basis, detecting and mapping new threats as they emerge.
What Is Drupal, and Why Is It a Target?
Like WordPress, Drupal is a content management system (CMS) that is used widely by people who create and maintain websites and applications for all sorts of purposes, both personal and business, private and public. Drupal is open source and, as such, is maintained by a community of users. This is also how its security and vulnerability patching is maintained.
CMSs that are used across a large number of websites are juicy targets for cybercriminals, who commonly automate their attacks in a one-size-fits-all type of operation. Those who target random websites aim to compromise as many as possible and consider the monetization options later.
Tomi Engdahl says:
Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
Customer ratings plugin treated to a malicious rewrite to swipe entered banking info
https://www.theregister.co.uk/2018/10/09/magecart_payment_card_malware/
The payment-card-skimming malware operation dubbed Magecart has turned up again, this time in Shopper Approved, a customer rating plugin for websites.
Shopper Approved is a toolkit used by hundreds of e-commerce sites, and it was infected with the MageCart spyware, allowing crooks to siphon off bank card data entered into webpages using the customer-rating plugin, infosec biz RiskIQ reported this week. The infection, first spotted on September 15, closely resembles the cyber-attack that emerged over the summer against Ticketmaster rather than the later and more sophisticated, and high profile, raid on British Airways passengers.
Tomi Engdahl says:
It’s October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old… bug
Redmond goes retro in latest Patch Tuesday bundle
https://www.theregister.co.uk/2018/10/09/october_patch_tuesday/
Tomi Engdahl says:
US may have by far the world’s biggest military budget but it’s not showing in security
GAO report finds more holes than a Swiss cheese, and very little hope for improvement
https://www.theregister.co.uk/2018/10/10/gao_weapons_security/
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/valtion-kybernyrkki-kipuaa-jattivirastossa-huipulle-6744409
Tomi Engdahl says:
WEAPON SYSTEMS
CYBERSECURITY
DOD Just Beginning
to Grapple with Scale
of Vulnerabilities
https://www.gao.gov/assets/700/694913.pdf
Tomi Engdahl says:
The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
https://securityintelligence.com/the-many-faces-of-necurs-how-the-botnet-spewed-millions-of-spam-emails-for-cyber-extortion/
The Necurs botnet, a large and well-known spam originator, has become synonymous with cybercrime. Its spam-sending capabilities, through a botnet of a few million infected devices, are frequently dedicated to vast campaigns that deliver banking malware, cryptojacking malware, ransomware and a variety of email scams sent to millions of recipients in each run.
IBM X-Force monitors Necurs activity and recently discovered yet another face of this malspam volcano. This time, Necurs is spewing geotargeted emails designed to threaten and extort payment from those who may have been watching adult movies or possibly having an extramarital affair.
Tomi Engdahl says:
Naming & Shaming Web Polluters: Xiongmai
https://krebsonsecurity.com/2018/10/naming-shaming-web-polluters-xiongmai/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.
In late 2016, the world witnessed the sheer disruptive power of Mirai, a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings.
Since then, two of those firms — Huawei and Dahua — have taken steps to increase the security of their IoT products out-of-the-box. But Xiongmai — despite repeated warnings from researchers about deep-seated vulnerabilities in its hardware — has continued to ignore such warnings and to ship massively insecure hardware and software for use in products that are white-labeled and sold by more than 100 third-party vendors.
On Tuesday, Austrian security firm SEC Consult released the results of extensive research into multiple, lingering and serious security holes in Xiongmai’s hardware.
“Although Xiongmai had seven months notice, they have not fixed any of the issues,” the researchers wrote in a blog post published today. “The conversation with them over the past months has shown that security is just not a priority to them at all.”
Tomi Engdahl says:
https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2018/10/ttn201810101032.html
Tomi Engdahl says:
SD-WAN Harvester v 0.99
https://seclists.org/fulldisclosure/2018/Oct/26
SD-WAN Harvester tool was created to automatically enumerate and
fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine
for discovering, NMAP NSE scripts for fingerprinting, and masscan to
implement some specific checks.
http://www.scada.sl/2018/10/sd-wan-harvester-v-099.html
Tomi Engdahl says:
Cyberspy Group ‘Gallmaker’ Targets Military, Government Organizations
https://www.securityweek.com/cyberspy-group-gallmaker-targets-military-government-organizations
A previously undocumented cyber espionage group has been targeting entities in the government, military and defense sectors since at least 2017, according to a report published on Wednesday by Symantec.
Tomi Engdahl says:
Many Siemens Products Affected by Foreshadow Vulnerabilities
https://www.securityweek.com/many-siemens-products-affected-foreshadow-vulnerabilities
Siemens informed customers this week that many of its products are affected by the recently disclosed processor vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF).
There are a total of three Foreshadow vulnerabilities affecting Intel Core and Xeon CPUs: CVE-2018-3615, which impacts Intel’s Software Guard Extensions (SGX); CVE-2018-3620, which impacts operating systems and System Management Mode (SMM); and CVE-2018-3646, which affects virtualization software and Virtual Machine Monitors (VMM).
Tomi Engdahl says:
Windows Zero-Day Exploited in Attacks Aimed at Middle East
https://www.securityweek.com/windows-zero-day-exploited-attacks-aimed-middle-east
One of the vulnerabilities patched by Microsoft with its latest Patch Tuesday updates is a Windows zero-day exploited by an advanced persistent threat (APT) group in attacks aimed at entities in the Middle East.
The flaw, tracked as CVE-2018-8453, has been described by Microsoft as a privilege escalation issue related to how the Win32k component of Windows handles objects in memory. An authenticated attacker can exploit the vulnerability to take control of an affected system.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2018/10/11/kyberturvallisuuden-pioneerille-palkinto/
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8547-cybersecurity-nordic-kiinasta-tulee-kybervakoilun-supervalta
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8546-nixun-joukkue-toiseksi-hakkeriolympialaisissa
Tomi Engdahl says:
HOW JAMAL KHASHOGGI’S APPLE WATCH COULD SOLVE HIS DISAPPEARANCE
https://www.wired.com/story/jamal-khashoggis-apple-watch-investigation/
Saudi dissident and Washington Post columnist Jamal Khashoggi went missing in Turkey last week. The outspoken critic of Saudi Arabia’s war on Yemen walked into the Saudi consulate in Istanbul at 1 pm on Tuesday, October 2, to obtain documents for his upcoming wedding. Within two hours, Turkish security officials now say, Khashoggi was dead—assassinated by a team of Saudi agents.
Tomi Engdahl says:
Mindbody exposed millions of customer records — because its servers weren’t password protected.
MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords
https://techcrunch.com/2018/10/11/fitmetrix-mindbody-data-exposed-password/?utm_source=tcfbpage&sr_share=facebook
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts.
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.
Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records
Diachenko rebuffed Mindbody’s claim, saying that there was “some” health information in the data, based on his analysis of the data. TechCrunch also found several records including height, weight and shoe sizes.
Mindbody said that it will “comply with all applicable legal obligations” in reporting the data exposure to U.S. and European authorities, but wouldn’t say if it will inform customers of the security lapse.
The company may also face action from European authorities under GDPR
Tomi Engdahl says:
Leaked, exposed, hacked, it’s all just an intermediary for SOLD YOUR DATA.
Tomi Engdahl says:
In a first, a Chinese spy is extradited to the U.S. after stealing technology secrets, Justice Dept. says
https://wapo.st/2IOBXAb?tid=ss_tw&utm_term=.ec0f193543e4
In a first, federal agents lured a Chinese government spy to Belgium, where authorities transferred him this week to the United States for prosecution on economic espionage charges, U.S. officials said Wednesday.
Tomi Engdahl says:
Watchdog: ‘Nearly all’ new US weapons systems vulnerable to cyber attacks
https://www-m.cnn.com/2018/10/09/politics/us-weapons-report-vulnerable-cyber-attacks/index.html
Washington (CNN) — “Nearly all” the weapons systems that were being developed by the US military from 2012 to 2017 are vulnerable to cyber-attack, according to a new report by the Government Accountability Office.
The watchdog’s report says the GAO “found that from 2012 to 2017, (Department of Defense) testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development.”
Tomi Engdahl says:
US WEAPONS SYSTEMS ARE EASY CYBERATTACK TARGETS, NEW REPORT FINDS
https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets/?mbid=social_fb
“The key conclusion is that the DOD needs a new weapons security paradigm,” says Edelman. “In a world where our most sophisticated fighter jets are effectively supercomputers with very hot engines, that’s a risk we have to take very seriously.” Over a trillion dollars of advanced military weapon systems is worth nothing, if all it takes to compromise them is a default admin password.
In fact, the report found that only one out of 20 cyber vulnerabilities that the DOD had been alerted to in previous risk assessments had been fixed during the time period of the new report.
Tomi Engdahl says:
A flood of fake installers will really update Flash for you – but also install cryptocurrency mining malware
https://techcrunch.com/2018/10/11/fake-flash-installer-cryptocurrency-malware/?utm_source=tcfbpage&sr_share=facebook
If you think that Flash, the once-popular web plugin, couldn’t die fast enough, even those annoying fake Flash installers riddled with malware aren’t going anywhere any time soon. In fact, they’re getting even sneakier.
New research out of Palo Alto Networks found a recent spike of fake Flash installers not only dropping cryptocurrency mining malware on vulnerable computers — but actually installing Flash while it’s there.
Tomi Engdahl says:
‘Five Eyes’ Agencies Release Joint Report on Hacking Tools
https://www.securityweek.com/five-eyes-agencies-release-joint-report-hacking-tools
Cybersecurity agencies in the United States, United Kingdom, Canada, Australia and New Zealand have released a joint report describing five of the most commonly used hacking tools.
The report was written by experts at the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC), and the US National Cybersecurity and Communications Integration Center (NCCIC).
The goal of the report, its authors said, is to provide network defenders and system administrators advice on how to detect the tools and limit their effectiveness.
Five types of tools are described, including remote access trojans (RATs), web shells, lateral movement frameworks, command and control (C&C) obfuscators, and credential stealers – all of which can be used after the targeted system has been compromised.
The RAT included in the report is JBiFrost, a variant of Adwind. The Five Eyes agencies have warned that while JBiFrost has been mostly used by low-skilled threat actors and cybercriminals, it can also be useful to state-sponsored groups.
Alert (AA18-284A)
Publicly Available Tools Seen in Cyber Incidents Worldwide
https://www.us-cert.gov/ncas/alerts/AA18-284A
Tomi Engdahl says:
Hackers Exploit Drupalgeddon2 to Install Backdoor
https://www.securityweek.com/hackers-exploit-drupalgeddon2-install-backdoor
A threat actor was observed targeting Drupal vulnerabilities patched earlier this year to install a backdoor on compromised servers, IBM reports.
The hackers target CVE-2018-7600, or Drupalgeddon2, a critical vulnerability found to impact Drupal versions 6, 7 and 8, but which was addressed in March this year. Assigned a risk score of 21/25, the vulnerability could be exploited to gain full control over a site, including access to non-public data.
Tomi Engdahl says:
Google Hardens Android Kernel
https://www.securityweek.com/google-hardens-android-kernel
Google this week revealed that Android’s kernel is becoming more resilient to code reuse attacks, courtesy of implemented support for LLVM’s Control Flow Integrity (CFI).
CFI support, Google says, was added to Android kernel versions 4.9 and 4.14 and the feature is available to all device vendors. However, Google Pixel 3, which was launched earlier this week, is the first device to take advantage of the new security mitigations.
One of the manners in which attackers achieve code execution even without injecting executable code of their own, Google reveals, is by abusing kernel bugs to overwrite a function pointer stored in memory. The method is popular with the kernel given the large number of function pointers the latter uses and the protections that make code injection difficult.
CFI, however, was designed to mitigate these attacks through additional checks applied to the kernel’s control flow. While this still allows an attacker to change a function pointer if a bug provides write access to one, it significantly restricts the valid call targets, thus making exploitation more difficult.
LLVM’s solution to CFI also requires the use of Link Time Optimization (LTO), which also requires the adoption of LLVM’s integrated assembler for inline assembly. The GNU toolchain, which Linux kernel relies on for assembling, compiling, and linking the kernel, will continue to be used for stand-alone assembly code.
Tomi Engdahl says:
Audit Finds No Critical Flaws in Firefox Update System
https://www.securityweek.com/audit-finds-no-critical-flaws-firefox-update-system
An audit commissioned by Mozilla for the Firefox update system revealed no critical vulnerabilities and the flaws rated “high severity” were not easy to exploit.
Experts at Germany-based X41 spent 27 days analyzing the Firefox Application Update Service (AUS), including its update signing protocol, client code, backend and other components. The audit involved a cryptographic review, fuzzing, pentesting, and manual code analysis.
X41′s audit revealed 14 vulnerabilities, including three issues that based on their CVSS score would be rated as “high severity,” seven “medium” and four “low” flaws. In addition, experts discovered 21 issues that have been described by Mozilla as “side findings,” which are informational.
Tomi Engdahl says:
Mozilla Delays Distrust of Symantec Certificates
https://www.securityweek.com/mozilla-delays-distrust-symantec-certificates
Mozilla this week announced that the distrust of older Symantec certificates, initially planned for Firefox 63, will be delayed.
Following a long series of problems regarding the wrongful issuance of certificates issued by the Certification Authority (CA) run by Symantec, one of the oldest and largest CAs, browser makers have decided to remove trust in all Symantec-issued certificates before the end of this year.
Both Google and Mozilla said they would gradually remove trust in all TLS/SSL certificates issed by Symantec. Google, which removed trust in certificates that Symantec issued before June 1, 2016, with the release of Chrome 66 in April, wants to remove trust in all Symantec certificates in Chrome 70.
Tomi Engdahl says:
Broadcom, its baffling $19bn CA biz gobble, and the fake Pentagon memo crying about national security
Senator calls for real probe into ‘Chinese-controlled’ outfit
https://www.theregister.co.uk/2018/10/12/broadcom_fake_memo/
The “weirdest acquisition ever” – Broadcom’s $19bn proposed takeover of CA Technologies – ran into a rather strange road-bump this week: a fake US military memo passed around American politicians on Capitol Hill.
That bogus missive – apparently signed off by the Department of Defense – asserted that the acquisition faced a probe by the US Treasury’s committee on foreign investment regarding national security concerns with the biz gobble, which was announced in July.
Tomi Engdahl says:
In the two years since Dyn went dark, what have we learned? Not much, it appears
DNS infrastructures still vulnerable to attacks
https://www.theregister.co.uk/2018/10/11/dns_insecurity_survey/
The majority (72 per cent) of FTSE 100 firms are vulnerable to DNS attacks, nearly two years after the major Dyn outage.
A similar three in five of the top 50 companies listed in the Fortune 500 are also ill-prepared for an attack similar to the Mirai botnet-powered assault against Dyn that left much of the web unreachable in late October 2016. A large minority (44 per cent) of the top 25 SaaS providers are also vulnerable, according to stats from a DNS Infrastructure Performance Report by security firm ThousandEyes published Wednesday.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/palvelunestohyokkaajat-iskivat-suomeen-liian-tehokas-torjunta-viimeisteli-vahingossa-tyon-6744749
Lehmuksen mukaan häiriön aiheuttanut palvelunestohyökkäys itse asiassa onnistuttiin torjumaan haitallista liikennettä suodattavien pesuripalveluiden avulla.
“Pesuripalvelut toimivat kuten pitikin ja estivät palvelunestoliikenteen. Samalla ne kuitenkin nitkauttivat palvelun ja estivät vahingossa myös oikeiden käyttäjien pääsyn sivustolle”, Lehmus kertoo.
Tomi Engdahl says:
If you haven’t already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat
MikroTik. Stupid name. Stupid bugs. Get those fixes
https://www.theregister.co.uk/2018/10/11/tenable_mikrotik_bugs/
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/suomalaiselle-kyberosaamiselle-on-kova-kysynta-evp-eversti-cederberg-palkittiin-6744610
Tomi Engdahl says:
Suomen viranomaisten keinot ovat vähissä verkkohyökkäysten edessä – ”Tämä on uusi normaali”
https://www.is.fi/digitoday/tietoturva/art-2000005859372.html
Suomalaisviranomasilta puuttuu kysy nopeaan tilannejohtamiseen ja kokonaiskuvan hahmottamiseen verkkohyökkäyksen aikana.