This posting is here to collect cyber security news in March 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
372 Comments
Tomi Engdahl says:
Cyberattack Hits Major Hospital in Spanish City of Barcelona
https://www.securityweek.com/cyberattack-hits-major-hospital-in-spanish-city-of-barcelona/
A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of non-urgent operations and patient checkups.
Tomi Engdahl says:
New ATM Malware ‘FiXS’ Emerges
https://www.securityweek.com/new-atm-malware-fixs-emerges/
Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America.
Tomi Engdahl says:
Vainoharhaa vai aiheellista varovaisuutta? Yhdysvallat pelkää Kiinan käyttävän satamanostureita vakoiluun – “Uusi Huawei”
https://www.tivi.fi/uutiset/tv/da60a10b-3637-4de8-a0c2-a63c54827ab4
“Kiinalaisnostureiden teknologia ja merkittävä asema on saanut Yhdysvaltojen viranomaiset varpailleen. Kiinan edustajat kutsuvat lausuntoja vainoharhaisiksi.”
Tomi Engdahl says:
Acer confirms breach after 160GB of data for sale on hacking forum https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/
“Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. However, the company says the results of its investigation so far do not indicate that this security incident has impacted customer data.””
Tomi Engdahl says:
Android March 2023 update fixes two critical code execution flaws https://www.bleepingcomputer.com/news/security/android-march-2023-update-fixes-two-critical-code-execution-flaws/
“Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.. “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” reads the security bulletin.. “User interaction is not needed for exploitation.” The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954, while Google has withheld all information about them to prevent helping attackers from engaging in active exploitation before users can apply the available updates.”
Tomi Engdahl says:
German 5G network ban said to loom for Huawei and ZTE https://www.theregister.com/2023/03/07/huawei_germany/
“The German federal government plans to forbid mobile operators from installing key components from Huawei and ZTE into their 5G networks, according to local reports. The ban will extend to already installed equipment, requiring companies to rip and replace components made by the two Chinese suppliers.”
Tomi Engdahl says:
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html
“Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors.. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file,” Morphisec said in a report shared with The Hacker News.”
Tomi Engdahl says:
They thought loved ones were calling for help. It was an AI scam.
https://www.washingtonpost.com/technology/2023/03/05/ai-voice-scam/
“Scammers are using artificial intelligence to sound more like family members in distress. People are falling for it and losing thousands of dollars.”
Tomi Engdahl says:
More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
https://arxiv.org/abs/2302.12173v1
An academic paper looking at the vulnerabilities of Large Language Models (LLMs) which e.g. the well-known ChatGPT is. “In this work, we show that augmenting LLMs with retrieval and API calling capabilities (so-called Application-Integrated LLMs) induces a whole new set of attack vectors.. These LLMs might process poisoned content retrieved from the Web that contains malicious prompts pre-injected and selected by adversaries. We demonstrate that an attacker can indirectly perform such PI attacks.”
Tomi Engdahl says:
PC-turvasiruissa vakava haavoittuvuus
https://etn.fi/index.php/13-news/14677-pc-turvasiruissa-vakava-haavoittuvuus
TPM eli Trusted Platform Module on moduuli, joka takaa arkaluontoisen datan säilymisen PC-koneilla. Nyt tietoturvatutkijat ovat löytäneet kaksi haavoittuvuutta TPM 2.0 -siruista. Ongelma saattaa vaikuttaa jopa miljardeihin laitteisiin.
TPM-salauspiiri vaaditaan kaikille koneille, joilla halutaan asentaa Windows 11 -käyttöjärjestelmä. Nyt TPM 2.0 -viitekirjaston määrittelystä on löytynyt kaksi vaarallista puskurin ylivuotohaavoittuvuutta. Haavoittuvuuksien hyödyntäminen on mahdollista vain todennetulla paikallisella käyttäjätilillä, mutta pieni pätkä haittaohjelmaa voisi tehdä saman asian.
Näitä kahta haavoittuvuutta jäljitetään nimillä CVE-2023-1017 ja CVE-2023-1018 tai “out-of-bounds write”- ja “out-off-bounds read” -virheinä. Ongelma havaittiin TPM 2.0:n moduulikirjastosta, joka mahdollistaa kahden “ylimääräisen tavun” kirjoittamisen (tai lukemisen) CryptParameterDecryption-rutiinissa TPM 2.0 -komennon jälkeen.
Kirjoittamalla erityisesti muotoiltuja haitallisia komentoja hyökkääjä voi hyödyntää haavoittuvuuksia kaataakseen TPM-sirun tehden sen “käyttökelvottomaksi”. Tämän jälkeen TPM:n suojatussa muistissa voidaan ajaa muuta koodia. Sirulta voidaan lukea arkaluonteisia tietoja, jotka on tallennettu sirun eristettyyn turvamuistiin.
CVE-2023-1017- ja CVE-2023-1018-haavoittuvuuksien onnistunut hyödyntäminen voi vaarantaa kryptografiset avaimet, salasanat ja muut tärkeät tiedot. Tämä voi käytännössä rikkoa TPM-pohjaisten käyttöjärjestelmien, kuten Windows 11:n suojauksen.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/14678-haittaohjelma-verkosta-200-dollarilla-kuukaudeksi
Tomi Engdahl says:
Sued by Meta, Freenom Halts Domain Registrations https://krebsonsecurity.com/2023/03/sued-by-meta-freenom-halts-domain-registrations/
“The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.”
Tomi Engdahl says:
Emotet malware attacks return after three-month break https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/
“The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. Emotet is a notorious malware distributed through email containing malicious Microsoft Word and Excel document attachments.. When users open these documents and macros are enabled, the Emotet DLL will be downloaded and loaded into memory. Once Emotet is loaded, the malware will sit quietly, waiting for instructions from a remote command and control server.”
Tomi Engdahl says:
Europe, America fear Twitter job cuts mean it can’t protect users https://www.theregister.com/2023/03/08/eu_us_regulators_concerned_twitter/
“While the reasons the EU and the US Federal Trade Commission (FTC) have been DMing with Musk differ slightly, both come down to the same basic concern: Regulators don’t seem confident that Twitter can fulfill its responsibilities to users and the law with so few people steering the ship.”
Tomi Engdahl says:
Tamperelaiselle ohjelmistotalolle asetettiin 500 000 euron uhkasakko – “haasteena ovat järjestelmän tietyt piirteet” [maksumuuri] https://www.tivi.fi/uutiset/tv/3c7d1e44-7f2f-447b-9c38-3411e5985a2d
“Mylabin mukaan mitään tietoturvaan tai potilasturvallisuuteen liittyviä havereita ei ole tapahtunut. Valvira on vaatinut korjauksia jo aiemminkin.”
Tomi Engdahl says:
Old Cyber Gang Uses New Crypter – ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Fortinetin tekninen analyysi ScrubCrypt-kryptaajan toiminnasta.
Tomi Engdahl says:
Chrome 111 Patches 40 Vulnerabilities
Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs
https://www.securityweek.com/chrome-111-patches-40-vulnerabilities/
The latest Chrome iteration is currently rolling out as versions 111.0.5563.64/.65 for Windows and as version 111.0.5563.64 for Linux and macOS.
Tomi Engdahl says:
‘Sys01 Stealer’ Malware Targeting Government Employees
https://www.securityweek.com/sys01-stealer-malware-targeting-government-employees/
The Sys01 Stealer has been observed targeting the Facebook accounts of critical government infrastructure employees.
Endpoint security firm Morphisec has shared details on an information stealer that has been observed targeting the Facebook accounts of critical government infrastructure employees.
Dubbed Sys01 Stealer, the malware is distributed via Google ads and fake Facebook accounts promoting adult content, games, and cracked software, and is executed on the victim’s machine using DLL side-loading.
Last month, Bitdefender detailed similar distribution and execution techniques being used by the ‘S1deload Stealer’, which targets Facebook and YouTube accounts for data harvesting. The final payload, however, is different, Morphisec notes.
Since November 2022, Sys01 Stealer has targeted employees in various industries, including government and manufacturing, focused on exfiltrating information such as credentials, cookies, and Facebook ad and business account data.
Victims are lured into clicking a URL from an ad or a fake Facebook account to download a ZIP archive claiming to contain a movie, a game, or an application.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
The FBI is probing a data breach of DC Health Link servers impacting thousands, including US House members and staff; some data is already up for sale online — The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account …
https://www.bleepingcomputer.com/news/security/fbi-investigates-data-breach-impacting-us-house-members-and-staff/
Tomi Engdahl says:
Alfred Ng / Politico:
Ring turned over cam footage of inside a user’s home and business after a judge’s warrant gave police access to investigate a neighbor, raising privacy concerns — Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home.
The privacy loophole in your doorbell
https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-00084979
Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home.
Tomi Engdahl says:
Dell Cameron / Wired:
The FBI acknowledges for the first time it bought US location data, director Christopher Wray says for a national security pilot project that’s no longer active — Rather than obtaining a warrant, the bureau purchased sensitive data—a controversial practice that privacy advocates say is deeply problematic.
The FBI Just Admitted It Bought US Location Data
https://www.wired.com/story/fbi-purchase-location-data-wray-senate/
Rather than obtaining a warrant, the bureau purchased sensitive data—a controversial practice that privacy advocates say is deeply problematic.
Tomi Engdahl says:
Abner Li / 9to5Google:
Google adds its VPN service to all Google One plans in 22 countries, starting at $1.99 per month, and dark web monitoring for stolen personal info to Google One — After adding Magic Eraser last month, Google One is significantly expanding the availability of its VPN and introducing dark web monitoring for stolen information.
Google One brings VPN to $1.99/month plan, adding dark web info monitoring
https://9to5google.com/2023/03/08/google-one-vpn-all-plans/
Tomi Engdahl says:
Politico:
TikTok announces Project Clover, its plan to charm European regulators, including keeping more users’ data on servers in Europe and allowing a security audit
TikTok launches ‘Project Clover’ charm offensive to fend off European bans
https://www.politico.eu/article/tiktok-pitches-data-security-plan-to-fend-off-european-bans/
Social media firm sends top executives to European capitals to present data localization plan to assuage security fears.
Tomi Engdahl says:
Experts tell us that relying on Google Chrome (or any browser) to manage your passwords is a seriously bad idea. Here’s why.
Warning: Don’t Let Google Manage Your Passwords
https://uk.pcmag.com/password-managers/145831/warning-dont-let-google-manage-your-passwords
Experts tell us that relying on Google Chrome (or any browser) to manage your passwords is a seriously bad idea. Here’s why.
Tomi Engdahl says:
Kybervakoiluyritys narahti: myi laittomasti vieraille valtioille https://www.tivi.fi/uutiset/tv/91831acf-073d-4364-b158-6c7e2d87097d
“Israelilaisen NFV Systemsin epäillään kiertäneen vientirajoituksia ja myyneen vakoiluteknologiaa. Ministeriö tutki yhtiön toimia.”
Tomi Engdahl says:
Haittamainoskampanjat piinaavat netinkäyttäjiä https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/viikkokatsaus
Useampi taho on uutisoinut aktiivisista haittamainoskampanjoista (“malvertising”). Aktiivisesta OmaVero-haittamainoskampanjasta kerrotaan myös Kyberturvallisuuskeskuksen tänään perjantaina julkaistavassa 10/2023- viikkokatsauksessa.. Tivin uutinen:
https://www.tivi.fi/uutiset/tv/235de564-67a8-4e16-88e0-ef2437e84f4a.
IS Digitodayn uutinen:
https://www.is.fi/digitoday/tietoturva/art-2000009442693.html.
Haittamainoskampanjoita on harrastettu myös maailmalla:
https://securelist.com/malvertising-through-search-engines/108996/
Tomi Engdahl says:
ECB to test banks for cyber resilience, Enria says https://www.reuters.com/technology/ecb-test-banks-cyber-resilience-enria-says-2023-03-09/
“The European Central Bank plans to test the cyber resilience of the euro zone’s top banks after a sharp rise in cyberattacks, including after Russia’s invasion of Ukraine, ECB supervisory chief Andrea Enria told a Lithuanian newspaper. “There has been a significant increase in cyberattacks,” Enria said.. “We cannot apportion this to any specific source, but it is a fact that the number of these attacks has increased since the war started.” Enria said that part of the problem is that banks are outsourcing some of their critical IT infrastructure to outside providers or other entities in their group.”
Tomi Engdahl says:
AT&T alerts 9 million customers of data breach after vendor hack https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
“AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. “Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer.”
Tomi Engdahl says:
IceFire ransomware now encrypts both Linux and Windows systems https://www.bleepingcomputer.com/news/security/icefire-ransomware-now-encrypts-both-linux-and-windows-systems/
“Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor..
SentinelLabs security researchers found that the gang has breached the networks of several media and entertainment organizations around the world in recent weeks, starting mid-February, according to a report shared in advance with BleepingComputer.”
Tomi Engdahl says:
Suspected Chinese cyber spies target unpatched SonicWall devices https://www.theregister.com/2023/03/09/suspected_chinese_cyberspies_target_uppatched/
“Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant.. The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users.” See also:
https://www.bleepingcomputer.com/news/security/sonicwall-devices-infected-by-malware-that-survives-firmware-upgrades/
Tomi Engdahl says:
Ransomware review: March 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/03/ransomware-review-march-2023
“It seems like LockBit wasnt content with having us merely crown them as one of the five most serious cyberthreats facing businesses in 2023. In February, the most widely used ransomware-as-a-service (RaaS) posted a total of 126 victims on its leak site – a record high since we started tracking the leaks in February 2022.”
Tomi Engdahl says:
https://www.securityweek.com/custom-chinese-malware-found-on-sonicwall-appliance/
Tomi Engdahl says:
Security Architecture
ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities
https://www.securityweek.com/chatgpt-integrated-into-cybersecurity-products-as-industry-tests-its-capabilities/
ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.
While there has been a lot of talk about how OpenAI’s ChatGPT could be abused for malicious purposes and how it can pose a threat, the artificial intelligence chatbot can also be very useful to the cybersecurity industry.
Launched in November 2022, ChatGPT has been described by many as revolutionary. It is built on top of OpenAI’s GPT-3 family of large language models and users interact with it through prompts.
There have been numerous articles describing how ChatGPT’s capabilities can be used for malicious purposes, including to write credible phishing emails and create malware.
However, ChatGPT can bring many benefits to defenders as well, and the cybersecurity industry has been increasingly integrating it into products and services. In addition, some members of the industry have been testing its capabilities and limitations.
In the past few months, several cybersecurity companies revealed that they have started or plan on using ChatGPT, and some researchers have found practical use cases for the chatbot.
Cloud security company Orca was among the first to announce ChatGPT integration, specifically GPT-3, into its platform. The goal is to enhance the remediation steps provided to customers for cloud security risk.
Tomi Engdahl says:
Chrome 111 Patches 40 Vulnerabilities
https://www.securityweek.com/chrome-111-patches-40-vulnerabilities/
Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs
Tomi Engdahl says:
Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks
https://www.securityweek.com/vulnerability-exposes-cisco-enterprise-routers-to-disruptive-attacks/
Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers.
Cisco this week announced patches for a high-severity denial-of-service (DoS) vulnerability in the IOS XR software for ASR 9000, ASR 9902, and ASR 9903 series enterprise routers.
Tracked as CVE-2023-20049 (CVSS score of 8.6), the vulnerability impacts the bidirectional forwarding detection (BFD) hardware offload feature for the platform and can be exploited remotely, without authentication.
On vulnerable devices with the BFD hardware offload feature enabled, malformed BFD packets are incorrectly handled, allowing an attacker to send crafted IPv4 BFD packets to the configured IPv4 address and trigger the flaw.
“A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads,” Cisco explains in an advisory.
As a workaround, the tech giant recommends disabling the BFD hardware offload feature, which can be done by removing all hw-module bfw-hw-offload enable commands and resetting the line card.
Tomi Engdahl says:
QuSecure Unveils Quantum-Resilient Communications Satellite Link
https://www.securityweek.com/qusecure-unveils-quantum-resilient-communications-satellite-link/
QuSecure announced an end-to-end quantum resilient encrypted communications link that protects data delivered by satellite.
Tomi Engdahl says:
Dozens of Exploited Vulnerabilities Missing From CISA ‘Must Patch’ List
https://www.securityweek.com/dozens-of-exploited-vulnerabilities-missing-from-cisa-must-patch-list/
An analysis found that over 40 exploited vulnerabilities, mostly leveraged by botnets, are missing from CISA’s ‘must patch’ catalog.
Dozens of security flaws that have likely been exploited in the wild are missing from the Known Exploited Vulnerabilities (KEV) catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA), according to vulnerability intelligence company VulnCheck.
VulnCheck recently conducted an analysis of the vulnerabilities added by CISA to its catalog in 2022. While the agency added more than 550 security holes last year, VulnCheck found that 42 vulnerabilities that have likely been exploited in malicious attacks and assigned CVE identifiers in 2022 were not present as of March 3.
CISA’s KEV catalog is often referred to as a ‘must patch’ list because government organizations are required to patch the flaws within specified timeframes and private companies are strongly encouraged to do so.
Of the vulnerabilities that VulnCheck believes have been exploited in attacks but have not been added to CISA’s KEV catalog, 64% are related to botnets, followed by threat actors (12%) and ransomware (10%) — the rest are unattributed.
Tomi Engdahl says:
Jenkins Server Vulnerabilities Chained for Remote Code Execution
https://www.securityweek.com/jenkins-server-vulnerabilities-chained-for-remote-code-execution/
Two vulnerabilities recently addressed in Jenkins server can be chained to achieve arbitrary code execution.
Two recently patched vulnerabilities affecting Jenkins servers can be chained to achieve remote code execution, cybersecurity firm Aqua Security warns.
Tracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin.
Rated ‘high severity’, CVE-2023-27898 exists because Jenkins “does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager”.
An attacker could provide a manipulated plugin to trigger the XSS. The plugin’s installation is not required for successful exploitation.
The flaw impacts Jenkins versions 2.270 through 2.393 and long-term support (LTS) releases 2.277.1 through 2.375.3. Jenkins version 2.394, LTS 2.375.4, and LTS 2.387.1 escape the Jenkins version a plugin depends on.
“Due to how Jenkins community update sites serve plugin metadata based on the reported Jenkins core version, it is unlikely that a reasonably up to date Jenkins instance shows the vulnerable error message in the plugin manager at all,” Jenkins explains.
A medium-severity flaw, CVE-2023-27905 impacts update-center2, a tool that generates Jenkins update sites that are hosted on updates.jenkins.io.
Tomi Engdahl says:
https://hackaday.com/2023/03/08/stranded-motorist-affects-own-rescue-using-a-drone-and-a-cell-phone/
Tomi Engdahl says:
https://www.immuniweb.com/blog/hospital-clinic-barcelona-forced-cancel-hundreds-surgeries-and-3000-patient-checkups-due-to-ransomware-attack.html
Tomi Engdahl says:
The Akuvox E11 is billed as a video door phone, but it’s actually much more than that—and this omnipotent, all-knowing device is riddled with holes that provide multiple avenues for putting sensitive data into the hands of threat actors
Go ahead and unplug this door device before reading. You’ll thank us later.
https://arstechnica.com/information-technology/2023/03/go-ahead-and-unplug-this-door-device-before-reading-youll-thank-us-later/?utm_medium=social&utm_brand=ars&utm_social-type=owned&utm_source=facebook
The Akuvox E11 door phone/intercom is riddled with security holes.
The Akuvox E11 is billed as a video door phone, but it’s actually much more than that. The network-connected device opens building doors, provides live video and microphone feeds, takes a picture and uploads it each time someone walks by, and logs each entry and exit in real time. The Censys device search engine shows that roughly 5,000 such devices are exposed to the Internet, but there are likely many more that Censys can’t see for various reasons.
It turns out that this omnipotent, all-knowing device is riddled with holes that provide multiple avenues for putting sensitive data and powerful capabilities into the hands of threat actors who take the time to analyze its inner workings. That’s precisely what researchers from security firm Claroty did. The findings are serious enough that anyone who uses one of these devices in a home or building should pause reading this article, disconnect their E11 from the Internet, and assess where to go from there.
The 13 vulnerabilities found by Claroty include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users. As bad as the vulnerabilities are, their threat is made worse by the failure of Akuvox—a China-based leading supplier of smart intercom and door entry systems—to respond to multiple messages from Claroty, the CERT coordination Center, and Cybersecurity and Infrastructure Security Agency over a span of six weeks. Claroty and CISA publicly published their findings on Thursday here and here.
Tomi Engdahl says:
”Hakeutukaa välittömästi suojaan” – hakkerit toivat Venäjän televisioon hälytyksen ydinhyökkäyksestä
Venäjän hätätilaministeriö antoi lausunnon hälytyksen aiheuttaneesta hakkeri-iskuista
https://www.is.fi/digitoday/tietoturva/art-2000009444934.html
HAKKERIT aiheuttivat eilen torstaina Venäjälle laajan ilmahälytyksen.
– Moskovan alueella julistettiin ilmahälytys radio- ja televisiokanaviin tehdyn hakkeroinnin seurauksena, Venäjän hätätilanministeriö sanoi Ria Novostin mukaan.
Lisäksi ilmahälytyksiä julkaistiin Sverdlovskin ja Tulan alueilla. Hätätilaministeriön mukaan myös nämä johtuivat hakkeri-iskusta. The Moscow Timesin mukaan hälytyksiä annettiin myös Belgorodin ja Voronezin alueilla, miehitetyllä Krimillä sekä Pietarissa.
Hätätilaministeriö sanoi hälytysten olevan valheellisia. Kohteena olivat tiettävästi yksityiset radio- ja televisiokanavat.
Viime viikolla vastaava hyökkäys sai ilmahälytyssireenit soimaan eri puolilla Venäjää.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
Tomi Engdahl says:
https://www.tomsguide.com/news/billions-of-pcs-and-other-devices-vulnerable-to-newly-discovered-tpm-20-flaws
Tomi Engdahl says:
Suositun vaatemerkin suomenkielinen verkkokauppa on huijaus – eikä se ole ainoa
Asiantuntijan mukaan väärien verkkokauppojen tunnistamiseen ei ole helppoa keinoa.
https://www.is.fi/digitoday/tietoturva/art-2000009441162.html
NORJALAISEN vaatemerkki Helly Hansenin nimissä huijataan suomalaisia internetin käyttäjiä. Huijauksesta varoittaa tietotekniikan asiantuntija Petteri Järvinen Twitterissä.
Väärän kaupan osoite on hellyhansenfi.com, kun todellinen verkkokauppa toimii osoitteessa hellyhansen.com. Siinä missä oikeassa kaupassa suomalaiset sivut tarjotaan vain englanniksi, käyttää väärä verkkokauppa ontuvaa suomea. Graafisesti sivut muistuttavat oikeita.
Tomi Engdahl says:
Googlessa vaani viheliäinen ansa OmaVeroa hakevalle: ”Ovelaa ja vaarallista”
Haitallinen mainoslinkki toimi eri tavalla puhelimessa ja tietokoneella, asiantuntija kertoo.
https://www.is.fi/digitoday/tietoturva/art-2000009442693.html
GOOGLESSA tulee jälleen olla tarkkana. Tietokirjailija Petteri Järvinen huomasi verottajan OmaVero-palvelun nimissä tehtävästä huijauksesta. Se toimii eri tavalla riippuen siitä, millä laitteella Googlea käyttää.
– VAROITUS: Google-haku ”omavero” antaa ensimmäiseksi mainoslinkin, joka mobiilissa vie valesivulle ja urkkii tunnukset. Pöytäkoneella menee Verottajan omalle sivulle. Ovelaa ja vaarallista, Järvinen twiittasi.
Jos erehtyy tunnistautumaan, tulee väärä ilmoitus veronpalautuksesta.
Myös palvelua ylläpitävä Digi- ja väestövirasto (DVV) on antanut asiasta varoituksen.
– Varoitamme Google-haussa esiintyvästä haitallisesta OmaVeron mainoslinkistä. Sponsoroitu mainos vie huijaussivustolle, joka pyytää henkilötietojasi ja jäljittelee Suomi.fi-tunnistusta. Olethan tarkkana, koska huijaus on erittäin aidon näköinen.
Tomi Engdahl says:
After Musk’s mass layoffs, one engineer’s mistake “broke the Twitter API”
Twitter’s paid-API project had “only one site reliability engineer,” report says.
https://arstechnica.com/tech-policy/2023/03/after-musks-mass-layoffs-one-engineers-mistake-broke-the-twitter-api/
Tomi Engdahl says:
https://thehackernews.com/2023/03/experts-discover-flaw-in-us-govts.html
Tomi Engdahl says:
Twitter’s latest outage was reportedly caused by a single engineer’s mistake. One employee says the platform is so brittle, ‘everything breaks’ if engineers change something.
Beatrice Nolan Mar 7, 2023, 8:42 PM
Elon Musk looking at his phone.
Twitter owner Elon Musk. John Raoux/AP Photo
A mistake by a single Twitter engineer prompted Monday’s service outage, Platformer reported.
Twitter users received an error message when they tried to view links and photos on Monday.
Twitter owner Elon Musk has cut thousands from Twitter’s headcount since acquiring the company.
A sole Twitter engineer was responsible for Twitter’s high-profile outage on Monday, Platformer reported.
A site reliability engineer tasked with shutting down free access to Twitter’s API made a “bad configuration change” that “basically broke the Twitter API,” Platformer reported a current employee as saying.
https://www.businessinsider.com/twitter-outage-monday-mistake-single-engineer-elon-musk-brittle-layoffs-2023-3
Tomi Engdahl says:
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits.
https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/