Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability

www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

Russian Hacks on U.S. Voting System Wider Than Previously Known

www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral system before Donald Trumps election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

THE HIGHLY DANGEROUS ‘TRITON’ HACKERS HAVE PROBED THE US GRID

www.wired.com/story/triton-hackers-scan-us-power-grid/ Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these hackers, known as Xenotimeor sometimes as the Triton ac

Microsoft Management Console Bugs Allow Windows Takeover

threatpost.com/microsoft-management-console-bugs/145791/ A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.

GoldBrute: the botnet searching for RDP connections

www.pandasecurity.com/mediacenter/malware/goldbrute-botnet-rdp/ This new threat is GoldBrute, a botnet that is currently scanning the Internet, actively searching for Windows machines with the Remote Desktop Protocol (RDP) connection enabled. The researchers have discovered that the malware has compiled a list of 1.5 million unique systems with RDP enabled.

Threat Actors Use Older Cobalt Strike Versions to Blend In

www.bleepingcomputer.com/news/security/threat-actors-use-older-cobalt-strike-versions-to-blend-in/ Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.

You might be interested in …

Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to […]

Read More

Daily NCSC-FI news followup 2020-11-17

Nordean tietomurrosta kahdelle vankeutta yhden syytteet hylättiin Pohjanmaan käräjäoikeudessa yle.fi/uutiset/3-11652084?origin=rss Rikokset ajoittuivat kesään 2019. Käräjäoikeus määräsi tiistaina tuomitut maksamaan pankille yhteensä yli 276 000 euroa vahingonkorvauksia. Delhin poliisi pidätti 17 ihmistä “Microsoftin palvelukeskuksesta” www.tivi.fi/uutiset/tv/79cbdf6d-9551-46b5-b6ff-06a378686a75 Poliisin antamien tietojen mukaan huijariporukka oli ehtinyt petkuttaa ihmisiä jo runsaan vuoden ajan. Uhrien määräksi kerrotaan 2268 ja saaliiksi runsaat 0, […]

Read More

Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP! thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa 48K Windows Hosts Vulnerable […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.