Information security now!
This week, we'll cover topics such as the even faster exploitation of vulnerabilities and our participation at the Assembly event.
Topics covered in this week’s review
- Exploitation of vulnerabilities is wide-ranging
- The grass is greener on this side of the fence: National Cyber Security Centre and National Bureau of Investigation at Assembly, 1–4 August 2024
- Come to the Digital Europe programme's application training on 27 August 2024!
Exploitation of vulnerabilities is wide-ranging
Cloudflare revealed this week in its report (External link)that a vulnerability in JetBrains TeamCity product was exploited just 22 minutes after the way of exploiting the vulnerability was released. Generally critical cross-network exploitable vulnerabilities are now expected to enter the attacker's toolbox in the coming days, but the speed of exploitation of this vulnerability is already exceptional. In this case, the patch released for the product was distributed at 2:00 p.m. local time. The security company Rapid7 published a blog and a sample code related to the exploitation of the vulnerability at 7:23 p.m. local time. At 7:45 p.m, Cloudflare already detected attempts to exploit vulnerability CVE-2024-27198 in its own monitoring.
As organisations in Finland also use globally known and popular products, they need to prioritise patches for critical vulnerabilities for even more rapid deployment. 22 minutes is an extreme example but the response time for critical updates should be at least days, not weeks. This is a relatively easy and cost-effective way to avoid data breaches. In particular, services available online should aim to be updated at least within the same week, often within the same day.
Crypto miners plague organisations
Criminals use devices hacked with vulnerabilities for various purposes. The National Cyber Security Centre has also recently received reports of cases where a criminal has hacked into a server by exploiting a vulnerability and then installed software to mine cryptocurrencies. The aim is to use the computing power of the victim to criminally mine cryptocurrencies such as Bitcoin or Monero.
Cryptocurrency mining on a hacked server can cause significant financial and operational damage to the victim. For example, mining can cause server overload, as the software used for mining consumes significant amounts of processing power and electricity, which can slow down or even crash the server. The victim may incur costs for electricity and the measures necessary to increase their computing power.
Vulnerability summaries and guidelines to support updating
It is very important to install the latest system and device updates to protect against data breaches. Most software updates contain vulnerability fixes and should be installed soon after they are released.
The National Cyber Security Centre publishes the CERT-FI-ALERT newsletter (External link) on vulnerabilities on an almost daily basis, whenever there are new significant ones to share. The National Cyber Security Centre publishes around 30-40 vulnerability bulletins on the most critical vulnerabilities every year. In such a case, the National Cyber Security Centre tries to assess the usage of the product in Finland, and it is highly recommended to always check the critical vulnerabilities that deserve a vulnerability bulletin for your organisation as soon as possible.
Organisations can also themselves order CISA’s KEV (External link) the (Known Exploited Vulnerabilities) catalogue newsletter to their own email boxes The US cyber authority CISA collects information on exploited vulnerabilities and publishes on KEV every vulnerability whose exploitation has been detected worldwide.
Also read our guides to
- protecting yourself against data breaches (External link)
- Updates help patch up the vulnerabilities of your smart devices (External link)
- Vulnerability management and software companies (External link)
- Cybersecurity guide for small businesses (PDF) (External link)
When updating, it is also recommended to check for signs of exploited vulnerabilities.
If you see signs of an exploited vulnerability or an attempt to do so, you can report it at a low threshold to the (External link) National Cyber Security Centre. You can also notify us when you find a new vulnerability. In the case of a suspected or attempted data breach at company level, we also recommend that you file a police report (External link).
The grass is greener on this side of the fence: National Cyber Security Centre and National Bureau of Investigation at Assembly, 1–4 August 2024
Traficom's National Cyber Security Centre and the National Bureau of Investigation will be represented at the Assembly gaming event at Helsinki Exhibition Centre on 1–4 August 2024. Criminals and fraudsters are also after the knowledge and skills of enthusiasts of the gaming world. We also want to remind you that there are limits to experimentation and hacking that should not be crossed.
The grass is actually greener on this side of the fence. You can come to our stand to meet representatives of the National Cyber Security Centre and the National Bureau of Investigation and ask any questions you may have about information security and hacking.
You can also take part in a gaming competition at our stand such as Neuron race. In addition, the Test Server's Young Hacker Community and the EU's Cyber Citizen project have produced games that provide an introduction to the nuts and bolts of hacking and to information security.
For example, our presentations will feature white hat hackers explaining what ethical hacking is and how to get involved. We provide security tips for young people and parents, and explain how to turn a hobby into a career in programming and gaming.
Cybercrime Exit (External link)is an EU co-founded project aimed at preventing cybercrime among young people. The target group is young people aged around 12–25 who have committed or are at risk of committing serious cybercrime. You can seek out the activity yourself or be guided there by professionals. Interest in cyber is a great thing and we need experts in the field. The project aims not only to raise awareness about recognising legal and illegal online activity, but also to encourage young people to develop their skills in legal alternatives.
Come to the Digital Europe Application Training on 27 August 2024!
Come to the Digital Europe programme's cybersecurity application and presentation training on 27 August 2024 from 8:30 a.m. to 4:00 p.m! The training will be held at Traficom's premises in Kumpula, Helsinki. The event will follow on from the training webinars held in June, and is partly identical in content. The training is co-organised by the National Coordination Centre for Cybersecurity Research, Development and Innovation (NCC-FI) and Spinverse.
The application training will introduce the Digital Europe programme's cybersecurity work programme applications, and provide concrete advice and tips on how to prepare high quality applications to the Digital Europe programme, guided by experienced experts. The training may include group or individual exercises on how to interpret application text, concept development, application writing and budgeting.
The event is free of charge and open to all. It will not be streamed or recorded. Registration is open until 16 August 2020 for as long as there are still places available.
A provisional agenda (subject to change) and registration can be found on our website (External link).
What: Training for the Digital Europe programme's cyber security applications
Where: Traficom's office, Erik Palménin aukio 1, 00560 Helsinki, Finland
When: 27 August 2024 from 8:30 a.m. to 4:00 p.m.
Recently reported scams
In this summary, we provide information about scams reported to NCSC-FI during the past week.
FOLLOW THESE INSTRUCTIONS IF YOU HAVE BEEN SCAMMED
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or got hold of your payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI. (External link)
- Instructions for victims of data leaks (External link)
Learn how to detect and protect yourself against online scams
Vulnerabilities
CVE: Several
CVSS: 9.6 (CVE-2024-6385)
What: GitLab released several critical updates
Product: GitLab
Repair: Update GitLab with the latest updates
CVE: CVE-2024-6744
CVSS: 9.8
What: Critical vulnerability in a Cellopoint product
Product: Cellopoint Secure Email Gateway
Repair: Update to the latest version
CVE: CVE-2024-20401
CVSS: 9.8
What: Critical vulnerability in the Cisco Secure Email Gateway (formerly IronPort) (External link)
Product: Cisco Secure Email Gateway
Repair: Update to the latest version
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (reporting period 12–18 July 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.