Daily NCSC-FI news followup 2019-06-08

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover

threatpost.com/amcrest-critical-security-issues/145507/
Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade ($50) Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the six security flaws in the IPM-721S camera back in 2017, and the disclosure process began. A spokesperson for Texas-based Amcrest said firmware updates that address the flaw have been available for months users were alerted were alerted to the need to install a mandatory firmware update when logging into the their camera, according to Amcrest.

For two hours, a large chunk of European mobile traffic was rerouted through China

www.zdnet.com/article/for-two-hours-a-large-chunk-of-european-mobile-traffic-was-rerouted-through-china/
For more than two hours on Thursday, June 6, a large chunk of European mobile traffic was rerouted through the infrastructure of China Telecom, China’s third-largest telco and internet service provider (ISP). The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP.

Oletko aiheuttanut tietämättäsi tietoturvariskin? Kyberiskut ovat arkipäivää

www.tivi.fi/uutiset/tv/e5ce2c9b-558a-418e-ae99-2fc0e115342d
Tahattomasti riskejä aiheuttavat työntekijät ovat nousseet yritysten suurimpien turvauhkien joukkoon. Asian vakavuutta korostaa se, että kyberiskut yleistyvät muutenkin. Kyberhyökkäysten määrä kasvaa yrityksissä vääjäämätöntä tahtiaan, vaikka organisaatiot jättävät kertomatta suuresta osasta iskuja, it-alan tietoturvajärjestö ISACA:n maanantaina julkistamasta kyselystä ilmenee.

The Catch-22 That Broke the Internet

www.wired.com/story/google-cloud-outage-catch-22/
FIVE DAYS AGO, the internet had a conniption. In broad patches around the globe, YouTube sputtered. Shopify stores shut down. Snapchat blinked out. And millions of people couldnt access their Gmail accounts. The disruptions all stemmed from Google Cloud, which suffered a prolonged outagewhich also prevented Google engineers from pushing a fix. And so, for an entire afternoon and into the night, the internet was stuck in a crippling ouroboros: Google coul

Dark Web Becomes a Haven for Targeted Hits

www.darkreading.com/vulnerabilities—threats/dark-web-becomes-a-haven-for-targeted-hits/d/d-id/1334914
Malicious services offered on the Dark Web are more like precision arms than blunt instruments, and they’re taking aim at the biggest of businesses. New research, conducted by Dr. Mike McGuire of the University of Surrey, shows four in 10 Dark Web vendors are selling targeted hacking services aimed at FTSE 100 and Fortune 500 businesses. Among the information and services McGuire found on the Dark Web, access to corporate networks is sold openly, with 60% of v

In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious PLATINUM APT group, used an elaborate, previously unseen steganographic technique to conceal communica

securelist.com/platinum-is-back/91135/

Diebold Nixdorf warns customers of RCE bug in older ATMs

www.zdnet.com/article/diebold-nixdorf-warns-customers-of-rce-bug-in-older-atms/
Diebold Nixdorf, one of the world’s largest ATM vendors, will notify customers starting next week about ways to secure older Opteva-branded ATMs against a remote code execution (RCE) vulnerability that was publicly disclosed this week. Details about this vulnerability have been published on Medium on Monday, June 4, by a group of Vietnamese security researchers named NightSt0rm.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.