Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds

techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/
Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity and also includes identity interoperability.

New exim4 RCE vulnerability impacts nearly half of the internet’s email servers

www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
Exim vulnerability lets attackers run commands as root on remote email servers.. According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim — although different reports would put the number of Exim installations at ten times that number, at 5.4 million.. “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes),” researchers said.

Your AWS S3 Bucket Safety Checklist

blog.paloaltonetworks.com/2019/06/cloud-your-aws-s3-bucket-safety-checklist/
With each new open S3 bucket, a public cloud storage resource available in Amazon Web Services Simple Storage Service, come millions more customer and employee records that have been left open to the world, and potentially breached

Apple deprecates SHA-1 certificates in iOS 13 and macOS Catalina

www.zdnet.com/article/apple-deprecates-sha-1-certificates-in-ios-13-and-macos-catalina/
Apple joins Google, Firefox, and Microsoft in banning SHA-1-signed TLS certs.. More than two years after Google, Firefox, and Microsoft have taken steps to deprecate TLS/SSL certificates signed with the SHA-1 algorithm, Apple has finally announced a similar measure this week.

Poliisi: Varoituksen sana huijareista

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/varoituksen_sana_huijareista_81104?language=fi
Poliisin tietoon on tullut taas joitankin ns. “toimitusjohtajahuijauksia”. Ideana näissä on, että yrityksen johtajan nimissä läheteään yrityksen maksuliikennettä käsitteleville henkilöille sähköpostia, jossa pyydetään suorittamaan tilisiirto. Yleensä siirto suuntautuu ulkomaille.

Scattered Canary Evolves From One-Man Operation to BEC Giant

www.bleepingcomputer.com/news/security/scattered-canary-evolves-from-one-man-operation-to-bec-giant/
A Nigerian cybercriminal group dubbed Scattered Canary has evolved from a one-man operation running Craigslist and romance scams to a large scale criminal business operating multiple types of frauds concomitantly and coordinating at least 35 threat actors.. Since 2008, when the group founder named “Alpha” ran basic scams, Scattered Canary has evolved into an organization with credential phishing operations leading to business email compromise (BEC) scams and credit card fraud, as detailed by the Agari Cyber Intelligence Division (ACID).

Vietnam Rises as Cyberthreat

www.darkreading.com/attacks-breaches/vietnam-rises-as-cyberthreat-/d/d-id/1334890
The country’s rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity. Vietnam has rarely been associated with cybercrime activity in the same way other Asian nations, such as China, North Korea, and Iran, have in recent years. But that could change soon.. According to a new report from Intsights, cybercrime and cyber espionage activity in Vietnam is growing. At least one previously known advanced persistent threat (APT) group APT32/OceanLotus appears to be working in support of the government’s strategic interests.

Huge scope of Australia’s new national security laws reveals itself

www.zdnet.com/article/huge-scope-of-australias-new-national-security-laws-reveals-itself/
“I’m still staggered by the power of this warrant. It allows the AFP to ‘add, copy, delete or alter’ material in the ABC’s computers,” tweeted John Lyons, executive editor of news and head of investigative journalism at the Australian Broadcasting Corporation (ABC).. The AFP said the warrant was “in relation to allegations of publishing classified material”, namely the reported “hundreds of pages” of classified documents which led to the ABC’s report from mid-2017 titled The Afghan Files.

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

www.bleepingcomputer.com/news/security/cisco-fixes-high-severity-flaws-in-industrial-enterprise-tools/
Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).. Cisco IND is a solution designed to provide full visibility and control of industrial automation networks as detailed on its spec sheet, while Cisco Unified Presence is an enterprise platform for exchanging presence and instant messaging info in and across organizations.

Only 5.5% of all vulnerabilities are ever exploited in the wild

www.zdnet.com/article/only-5-5-of-all-vulnerabilities-are-ever-exploited-in-the-wild/#ftag=RSSbaffb68
Most vulnerabilities that are exploited in the wild have a CVSS severity score of 9 or 10.. The research — considered the most extensive of its type to date — found that only 4,183 security flaws from the total of 76,000 vulnerabilities discovered between 2009 and 2018 had been exploited in the wild.

Baltimores bill for ransomware: Over $18 million, so far

arstechnica.com/information-technology/2019/06/baltimores-bill-for-ransomware-over-18-million-so-far/
Mayor says Baltimore is “open for business,” but city has lost millions from slowed payments.. City’s director of finance has estimated will cost Baltimore $10 million – not including $8 million lost because of deferred or lost revenue while the city was unable to process payments.

Two-thirds of iOS apps disable ATS (App Transport Security), an iOS security feature

www.zdnet.com/article/two-thirds-of-ios-apps-disable-ats-an-ios-security-feature/
Three and a half years after its launch, ATS is still not widely adopted.. Cyber-security firm Wandera said it scanned over 30,000 iOS applications and found that 67.7% of the apps were disabling a default iOS security feature called ATS (App Transport Security) on purpose.

Europols top hacking ring takedowns

www.zdnet.com/pictures/europols-most-wanted-top-hacking-ring-takedowns-in-pictures/
European law enforcement has smashed everything from Dark Web marketplaces to ATM skimmer rings.

US State Department proposes new $20.8 million cybersecurity bureau

www.cyberscoop.com/state-department-proposes-new-20-8-million-cybersecurity-bureau/
The State Departments new plan, obtained by CyberScoop, would create the Bureau of Cyberspace Security and Emerging Technologies (CSET) to lead U.S. government diplomatic efforts to secure cyberspace and its technologies, reduce the likelihood of cyber conflict, and prevail in strategic cyber competition.. The new bureau, with a proposed staff of 80 and projected budget of $20.8 million, would be led by a Senate-confirmed coordinator and ambassador-at-large with the equivalent status of an assistant secretary of State, who would report to the Undersecretary of State for Arms Control and International Security.

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware

www.bleepingcomputer.com/news/security/fake-cryptocurrency-trading-site-pushes-crypto-stealing-malware/
Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers.. Cryptohopper is a trading platform where users can build models that will be used for automated trading of cryptocurrency on various markets.

CERT CANADA: Active Spam Campaigns Leveraging EMOTET Malware

cyber.gc.ca/en/alerts/active-spam-campaigns-leveraging-emotet-malware
The Cyber Centre is aware of an ongoing email phishing campaign affecting Canadians and Canadian Industry that is leveraging the EMOTET malware. EMOTET is an advanced botnet that has infected hundreds of thousands of systems worldwide. Once a system is infected by EMOTET, additional malware may be implanted on the system, or data may be exfiltrated.

DNS Rebinding Attacks Could Hit Billions of IoT Devices

www.infosecurity-magazine.com/news/dns-rebinding-iot-threat-1-1/
DNS rebinding attacks are a real threat that could hit the billions of internet of things (IoT) devices in peoples homes, according to Craig Young, principal security researcher at Tripwire.. This is partly because IoT often uses HTTP, which is vulnerable to DNS rebinding. In the future, the consequences could be significant: Rebinding also opens new doors for botnets, according to Young.

UK’s NCSC: “We Can Build Safe 5G Networks Irrespective of Supplier”

www.infosecurity-magazine.com/news/infosec19-we-can-build-safe-5g-1/
Governments and industry need to focus on fixes, not fear, and work out how to build safer 5G networks rather than obsessing about national security concerns leveled at suppliers, according to the National Cyber Security Centre (NCSC).

Huawei has signed a contract to develop Russian 5G networks for mobile provider MTS over the next two years.

www.theregister.co.uk/2019/06/06/russia_signs_huawei_deal/
The deal was signed on the sidelines of a Kremlin meeting between Russian and Chinese leaders Vladimir Putin and Xi Jinping.. Details of the 5G deal have not been released but, given the backdrop, it is a boost to Huawei and its symbolism is clear. MTS is the largest Russian mobile provider with over 30 per cent market share. It is either number one or two in Armenia, Belarus and Ukraine. It also has sizeable fixed-line internet and cloud services businesses.

Germany: Backdoor found in four smartphone models; 20,000 users infected

www.zdnet.com/article/germany-backdoor-found-in-four-smartphone-models-20000-users-infected/#ftag=RSSbaffb68
German cyber-security agency warns against buying or using four low-end smartphone models.. The German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik – — BSI) has issued security alerts today warning about dangerous backdoor malware found embedded in the firmware of at least four smartphone models sold in the country.. Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus (malware present in the firmware, but inactive). All four are low-end Android smartphones.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.