The National Cyber Security Centre Finland’s weekly review – 05/2024

Topics covered in this week’s review

• Criminals making police impersonation scam calls
• First round of the presidential election went smoothly
• Sign up for the Tietoturva 2024 information security seminar
• Media Literacy Week celebrated next week
• Vulnerabilities

Criminals making police impersonation scam calls

This week, we have been receiving reports of police impersonation scam calls. In the cases reported to us, the victims received calls from private numbers and were subsequently told that someone had applied for a bank loan in their name.

The callers – criminals impersonating police officers – claimed that they were investigating discrepancies related to the loan and used this as an excuse to attempt to pressure the victims into disclosing their personal information. The languages of the calls have varied; according to the reports submitted to us, the callers have spoken either Finnish or Russian. According to the reports, the calls have been poorly conducted and unconvincing, as a result of which the victims have not believed that they were coming from the actual police.

Answering this type of scam call is not harmful in and of itself. However, you should keep in mind that the police or banks will never call you to ask you to provide identification information or bank credentials over the phone. If you have disclosed your information or notice that you have lost money, you should immediately contact your bank and file a police report.

First round of the presidential election went smoothly

The first round of Finland’s presidential election went smoothly as far as cyber security is concerned. Cooperation between authorities for the purpose of securing the election will continue during the second round as well.

Sign up for the Tietoturva 2024 information security seminar

The Tietoturva 2024 information security seminar organised by Traficom and the National Emergency Supply Agency will be held on Wednesday 13 March 2024 at 9:00-17:00.

Sign up for the seminar to discuss how cyber security and future cyber threats are affected by the development of artificial intelligence and quantum technology. The seminar’s speakers include both Finnish and international top experts in the field, such as data scientist Shannon Gallagher from Carnegie Mellon University and Information Security Lead Samuli Sorvakko from Supercell.

Media Literacy Week celebrated next week

Media Literacy Week is a media education theme week, the aim of which is to develop the media literacy skills of people of all ages. The events organised and materials produced as part of Media Literacy Week provide professionals with inspiration for developing their own work and know-how.

Media Literacy Week will be celebrated from 5 to 11 February 2024. On Tuesday 6 February, we will also be celebrating the international Safer Internet Day (External link). 

During the week, you will be able to spot a familiar character reminding people about everyday information security skills on the NCSC-FI’s social media channels. Be sure to share the best tips with your friends as well! 

Media Literacy Week is coordinated by the National Audiovisual Institute (KAVI), and dozens of organisations participate in the organisation of the event every year. Sign up to receive comprehensive information about the events organised and materials produced as part of the week.

Vulnerabilities

CVE: CVE-2024-21893 and CVE-2024-21888
CVSS: 8.2 and 8.8
What: Exploited critical vulnerabilities in Ivanti products
Product: Ivanti Connect Secure
Fix: Ivanti has released a patch addressing the vulnerabilities (External link)
Further information (in Finnish): Exploited critical vulnerabilities in Ivanti products (External link)

CVE: CVE-2023-6246
CVSS: 7.8
What: Significant vulnerability in the GNU glibc library
Product: glibc library
Fix: Update glibc to version 2.39
Further information (in Finnish): Significant vulnerability in the GNU glibc library  (External link)