Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds

Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity and also includes identity interoperability.

New exim4 RCE vulnerability impacts nearly half of the internet’s email servers

Exim vulnerability lets attackers run commands as root on remote email servers.. According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim — although different reports would put the number of Exim installations at ten times that number, at 5.4 million.. “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes),” researchers said.

Your AWS S3 Bucket Safety Checklist

With each new open S3 bucket, a public cloud storage resource available in Amazon Web Services Simple Storage Service, come millions more customer and employee records that have been left open to the world, and potentially breached

Apple deprecates SHA-1 certificates in iOS 13 and macOS Catalina

Apple joins Google, Firefox, and Microsoft in banning SHA-1-signed TLS certs.. More than two years after Google, Firefox, and Microsoft have taken steps to deprecate TLS/SSL certificates signed with the SHA-1 algorithm, Apple has finally announced a similar measure this week.

Poliisi: Varoituksen sana huijareista

Poliisin tietoon on tullut taas joitankin ns. “toimitusjohtajahuijauksia”. Ideana näissä on, että yrityksen johtajan nimissä läheteään yrityksen maksuliikennettä käsitteleville henkilöille sähköpostia, jossa pyydetään suorittamaan tilisiirto. Yleensä siirto suuntautuu ulkomaille.

Scattered Canary Evolves From One-Man Operation to BEC Giant

A Nigerian cybercriminal group dubbed Scattered Canary has evolved from a one-man operation running Craigslist and romance scams to a large scale criminal business operating multiple types of frauds concomitantly and coordinating at least 35 threat actors.. Since 2008, when the group founder named “Alpha” ran basic scams, Scattered Canary has evolved into an organization with credential phishing operations leading to business email compromise (BEC) scams and credit card fraud, as detailed by the Agari Cyber Intelligence Division (ACID).

Vietnam Rises as Cyberthreat

The country’s rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity. Vietnam has rarely been associated with cybercrime activity in the same way other Asian nations, such as China, North Korea, and Iran, have in recent years. But that could change soon.. According to a new report from Intsights, cybercrime and cyber espionage activity in Vietnam is growing. At least one previously known advanced persistent threat (APT) group APT32/OceanLotus appears to be working in support of the government’s strategic interests.

Huge scope of Australia’s new national security laws reveals itself

“I’m still staggered by the power of this warrant. It allows the AFP to ‘add, copy, delete or alter’ material in the ABC’s computers,” tweeted John Lyons, executive editor of news and head of investigative journalism at the Australian Broadcasting Corporation (ABC).. The AFP said the warrant was “in relation to allegations of publishing classified material”, namely the reported “hundreds of pages” of classified documents which led to the ABC’s report from mid-2017 titled The Afghan Files.

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).. Cisco IND is a solution designed to provide full visibility and control of industrial automation networks as detailed on its spec sheet, while Cisco Unified Presence is an enterprise platform for exchanging presence and instant messaging info in and across organizations.

Only 5.5% of all vulnerabilities are ever exploited in the wild

Most vulnerabilities that are exploited in the wild have a CVSS severity score of 9 or 10.. The research — considered the most extensive of its type to date — found that only 4,183 security flaws from the total of 76,000 vulnerabilities discovered between 2009 and 2018 had been exploited in the wild.

Baltimores bill for ransomware: Over $18 million, so far

Mayor says Baltimore is “open for business,” but city has lost millions from slowed payments.. City’s director of finance has estimated will cost Baltimore $10 million – not including $8 million lost because of deferred or lost revenue while the city was unable to process payments.

Two-thirds of iOS apps disable ATS (App Transport Security), an iOS security feature

Three and a half years after its launch, ATS is still not widely adopted.. Cyber-security firm Wandera said it scanned over 30,000 iOS applications and found that 67.7% of the apps were disabling a default iOS security feature called ATS (App Transport Security) on purpose.

Europols top hacking ring takedowns

European law enforcement has smashed everything from Dark Web marketplaces to ATM skimmer rings.

US State Department proposes new $20.8 million cybersecurity bureau

The State Departments new plan, obtained by CyberScoop, would create the Bureau of Cyberspace Security and Emerging Technologies (CSET) to lead U.S. government diplomatic efforts to secure cyberspace and its technologies, reduce the likelihood of cyber conflict, and prevail in strategic cyber competition.. The new bureau, with a proposed staff of 80 and projected budget of $20.8 million, would be led by a Senate-confirmed coordinator and ambassador-at-large with the equivalent status of an assistant secretary of State, who would report to the Undersecretary of State for Arms Control and International Security.

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware

Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers.. Cryptohopper is a trading platform where users can build models that will be used for automated trading of cryptocurrency on various markets.

CERT CANADA: Active Spam Campaigns Leveraging EMOTET Malware

The Cyber Centre is aware of an ongoing email phishing campaign affecting Canadians and Canadian Industry that is leveraging the EMOTET malware. EMOTET is an advanced botnet that has infected hundreds of thousands of systems worldwide. Once a system is infected by EMOTET, additional malware may be implanted on the system, or data may be exfiltrated.

DNS Rebinding Attacks Could Hit Billions of IoT Devices

DNS rebinding attacks are a real threat that could hit the billions of internet of things (IoT) devices in peoples homes, according to Craig Young, principal security researcher at Tripwire.. This is partly because IoT often uses HTTP, which is vulnerable to DNS rebinding. In the future, the consequences could be significant: Rebinding also opens new doors for botnets, according to Young.

UK’s NCSC: “We Can Build Safe 5G Networks Irrespective of Supplier”

Governments and industry need to focus on fixes, not fear, and work out how to build safer 5G networks rather than obsessing about national security concerns leveled at suppliers, according to the National Cyber Security Centre (NCSC).

Huawei has signed a contract to develop Russian 5G networks for mobile provider MTS over the next two years.

The deal was signed on the sidelines of a Kremlin meeting between Russian and Chinese leaders Vladimir Putin and Xi Jinping.. Details of the 5G deal have not been released but, given the backdrop, it is a boost to Huawei and its symbolism is clear. MTS is the largest Russian mobile provider with over 30 per cent market share. It is either number one or two in Armenia, Belarus and Ukraine. It also has sizeable fixed-line internet and cloud services businesses.

Germany: Backdoor found in four smartphone models; 20,000 users infected

German cyber-security agency warns against buying or using four low-end smartphone models.. The German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik – — BSI) has issued security alerts today warning about dangerous backdoor malware found embedded in the firmware of at least four smartphone models sold in the country.. Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus (malware present in the firmware, but inactive). All four are low-end Android smartphones.

You might be interested in …

Daily NCSC-FI news followup 2019-10-20

Equifax used ‘admin’ as username and password for sensitive data finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html The Pixel 4s face unlock works on sleeping, unconscious people arstechnica.com/gadgets/2019/10/the-pixel-4s-face-unlock-works-on-sleeping-unconscious-people/ NordVPN is investigating a potential certificate leak. Unconfirmed as of now. https://twitter.com/NordVPN/status/1185979592374398976 See also https://twitter.com/cryptostorm_is/status/1185976222364438528

Read More

Daily NCSC-FI news followup 2019-09-20

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite www.wired.com/story/air-force-defcon-satellite-hacking/ When the Air Force showed up at the Defcon hacker conference in Las Vegas last month, it didnt come empty-handed. It brought along an F-15 fighter-jet data systemone that security researchers thoroughly dismantled, finding serious vulnerabilities along the way. The USAF was […]

Read More

Daily NCSC-FI news followup 2021-01-18

Suomen elintarvikehuolto harjoittelee poikkeustilannetta varten www.is.fi/digitoday/art-2000007747319.html Suomen elintarvikehuollon toimijat harjoittelevat tällä viikolla poikkeustilanteita varten. Huoltovarmuuskeskuksen digipoolin järjestämässä kolmipäiväisessä harjoituksessa valmistaudutaan toimintaan kyberhäiriötilanteessa. Huomenna alkavassa harjoituksessa on mukana elintarviketeollisuuden, kaupan ja jakelun, öljynjakelun, logistiikan ja liikenteen sekä vesihuollon toimijoita. Paino on huoltoketjun osien yhteistoiminnassa ja elintarvikehuollon toiminnassa poikkeustilanteessa. Kyseessä on osa laajempaa Tieto20-harjoituskokonaisuutta, joka alkoi helmikuussa […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.