Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Information security now!

In this week’s review, we share observations related to breaches of organisations’ M365 accounts and phishing messages. We also remind readers of the importance of children’s information security skills as schools start. In addition, we highlight the current situation regarding data breaches caused by a Citrix vulnerability, and present a new malware review that provides weekly information on current malware.

TLP:CLEAR

Numerous M365 account breaches detected again

The NCSC-FI has become aware of multiple Microsoft M365 account breaches in organisations across different sectors. These breaches are attempted using constantly evolving methods and varying themes. Often, credentials are targeted through phishing messages. In such messages, the sender may share a file with the victim via, for example, SharePoint, Dropbox or DocuSign.

Compromised accounts are used, for instance, for invoice fraud and for sending thousands of new phishing messages. The attacker may also reply to or delete emails in the compromised mailbox. There is also the risk of sensitive and critical information falling into the wrong hands.

Keep control – strengthen everyday information security habits as schools start

In early August, comprehensive schools began a new academic year. As school starts, many children and young people spend more time online with schoolwork, hobbies and social media. At the same time, the risk of encountering scams, bullying or phishing increases. It is important for adults to take an interest in children’s information security and provide support for safe internet use.

Basic practices that can be learned together in everyday life include keeping devices updated, using strong and unique passwords, enabling multi-factor authentication and thinking carefully before sharing information. Remind your child never to share passwords with friends, and that personal information should be shared online with caution. Encourage them to speak up immediately if anything online confuses or frightens them, whether it is a message, a picture or contact from a stranger.

Adults should monitor what a child does with their devices and what software they use. It is also wise to be aware of the content a child consumes or can access on their mobile device. Update devices together with the child and check that up-to-date antivirus protection is in place. If necessary, set security and usage restrictions on, for example, phone applications or internet connections.

Information security skills grow by learning together. It is also important to remember that children have a right to privacy, and parents do not have an automatic right to read messages or track the phone without a justified reason. The best way to ensure a child’s safety and trust is to agree on the rules for phone use and online communication together from the start.

valokuva lapsesta, joka kirjoittaa vihkoon tietokoneen ääressä, pastellinsävyiset kuulokkeet päässä. kuvassa teksti: "Tietoturvataidot karttuvat yhdessä opettelemalla.  Kasvaminen digimaailmaan  edellyttää toimivaa yhteistyötä lapsen ja aikuisten välillä. Kysy, kuuntele ja ole läsnä – mutta muista lapsen oikeus yksityisyyteen."

Weekly malware review begins – a new information package every week

The cyber threat landscape is constantly evolving, and various types of malware form a significant part of the digital risk faced by businesses and individuals. However, information is the best defence – which is why we are launching a new weekly series focusing on one piece of malware at a time.

In each weekly review, we will provide a concise and clear information package on one well-known or topical type of malware. For each case, we will present, among other things, how the malware operates, how it spreads, its key characteristics, and ways to defend against and mitigate it. The aim is to offer easy-to-digest, practical information that helps to identify and prevent threats in good time.

The series is aimed particularly at professionals interested in information security, IT managers in organisations, and anyone wishing to increase their understanding of how different types of malware work and what impact they have.

The first review will be published next week. We invite you to follow the series and strengthen your information security skills one week at a time.

Summer Citrix vulnerability continues to cause breaches worldwide

Citrix released security updates in the summer for two serious vulnerabilities in its NetScaler ADC and NetScaler Gateway products. The vulnerabilities allow, among other things, bypassing access controls and unauthorised access to system memory. Any vulnerable system should be updated immediately, and systems that may have been exposed to the vulnerability should be examined for signs of compromise.

These vulnerabilities continue to be exploited, so organisations should check the status of their Citrix solution without delay.

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

WHAT TO DO IF YOU GET SCAMMED

Learn how to detect and protect yourself against online scams

Vulnerabilities

This week, we published a vulnerability advisory on an SSLVPN vulnerability in SonicWall Gen 7 firewalls. We also updated our earlier vulnerability advisory concerning NetScaler ADC and NetScaler Gateway products.

ABOUT THE WEEKLY REVIEW

This is the weekly review of the National Cyber Security Centre Finland (reporting period 2–8 August 2025). The purpose of the weekly review is to share information about current cyber phenomena. The review is intended for everyone from cyber security professionals to ordinary people.