Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US organizations over the past few weeks, just as military tensions between the two countries rise to a breaking pointthough it’s not yet clear whether those hacker intrusions are aimed at intelligence gathering, laying the groundwork for a more disruptive cyberattack, or both.

Desjardins, Canada’s largest credit union, announces security breach

www.zdnet.com/article/desjardins-canadas-largest-credit-union-announces-security-breach/ Data for 2.9 million bank members was taken from the bank’s system by a now-fired employee.

Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool

www.theregister.co.uk/2019/06/20/dell_supportassist_security_hole/ Dell’s troubleshooting software SupportAssist, bundled with the US tech titan’s home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.. See also:


Verkkorikolliset vaanivat lomasijaisia kannattaa panostaa ennaltaehkäisyyn

www.tivi.fi/uutiset/tv/0d6ce3a6-5640-47cb-97bb-cd4c52733f3f Yritys on haavoittuvimmillaan huijauksille kesäaikaan, sillä lomasijaiset eivät välttämättä ole perillä kaikista laskutukseen liittyvistä käytännöistä. Yleisin huijaustyypeistä on niin sanottu Office 365-huijaus.

Uusi pirullinen hyökkäys saa ihmiset klikkaamaan ja antamaan tietonsa Hyvin tehokas juoni

www.is.fi/digitoday/tietoturva/art-2000006149749.html?ref=rss Huijarit ovat houkutelleet klikkailemaan linkkejä Googlen kalenteri-ilmoituksilla.

Firefox 67.0.4 Released Mozilla Patches Second 0-Day Flaw This Week

thehackernews.com/2019/06/firefox-0day-vulnerability.html Okay, folks, it’s time to update your Firefox web browser once againyes, for the second time this week.. See also:


Lahden kaupunki on toipumassa kyberhyökkäyksestä jälkiä korjataan vielä juhannuksen jälkeen

yle.fi/uutiset/3-10837940 Lahden kaupunki on päässyt toipumisvaiheeseen viime viikkoisen kyberhyökkäyksen jälkeen, kerrotaan kaupungin tietohallinnosta. Työtä sähköisten palveluiden palauttamisessa riittää ainakin juhannuksen jälkeiselle viikolle.

Kiinan vakoojat esiintyvät kykyjenetsijöinä ja konsultteina LinkedInissä: suomalaistutkijan julkaisu kertoo, kuinka kohde koukutetaan luovuttamaan luottamuksellista tietoa

www.hs.fi/ulkomaat/art-2000006150040.html Tutkija Mika Aaltola kertoo Ulkopoliittisen instituutin tuoreessa julkaisussa, kuinka Kiinan vakoojat lähestyvät kohteitaan verkostoitumispalvelu LinkedInissä.

How to Remove the Chromium Virus

www.pandasecurity.com/mediacenter/malware/chromium-virus/ The Chromium virus is a malicious web browser that is created using the Chromium code. It is able to overwrite the Chrome browser and replace the original shortcuts with fake ones. It can change the search engine default on your browser so that youre directed to fake sponsored search results, and it can also control your apps, themes and extensions.

Backdoor Built into Android Firmware

www.schneier.com/blog/archives/2019/06/backdoor_built_.html In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday.

New Bird Miner malware targets Mac pirates

www.zdnet.com/article/new-bird-miner-cryptocurrency-miner-targets-mac-pirates/ The malware emulates Linux in its quest for cryptocurrency. A new variant of cryptocurrency mining malware called Bird Miner designed for Apple Mac is targeting users of pirated software.

Steam Phishing Campaign Steals Credentials, Hijacks Accounts

www.bleepingcomputer.com/news/security/steam-phishing-campaign-steals-credentials-hijacks-accounts/ A new phishing campaign is doing the rounds on the Steam game distribution platform, attempting to trick people into handing over their credentials via a roulette-style game promising free keys. The fraudsters funnel the Steam users to the phishing websites with the help of a redirector domain which is hidden behind a URL shortened using t.co, Twitter’s link-shortening service. The phishing sites are promoted on the Steam platform using already hijacked accounts which deliver the shortened URLs to their friend list using the Steam chat.

New LooCipher Ransomware Spreads Its Evil Through Spam

www.bleepingcomputer.com/news/security/new-loocipher-ransomware-spreads-its-evil-through-spam/ A new ransomware called LooCipher has been discovered that is actively being used in the wild to infect users. While it is not known exactly how this ransomware is being distributed, based on some of the files that were found, we believe it is through a spam campaign.

BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks

www.bleepingcomputer.com/news/security/bluekeep-warnings-pay-off-boost-patching-in-enterprise-networks/ The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue.

Microsoft Warns of Campaign Dropping Flawedammyy RAT in Memory

www.bleepingcomputer.com/news/security/microsoft-warns-of-campaign-dropping-flawedammyy-rat-in-memory/ Microsoft issued a warning about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments. The Microsoft Security Intelligence Twitter account explained in a thread that a currently active campaign “employs a complex infection chain to download and run the notorious FlawedAmmyy RAT directly in memory.”. Attacks will start after the victims open the attached .xls file that “automatically runs a macro function that runs msiexec.exe, which in turn downloads an MSI archive. The MSI archive contains a digitally signed executable that is extracted and run, and that decrypts and runs another executable in memory.”

Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-spreads-wide-via-hacked-msps-sites-and-spam/ With the GandCrab Ransomware operation shutting down, affiliates are looking to fill the hole left behind with other ransomware. Such is the case with the Sodinokibi Ransomware, whose affiliates are using a wide range of tactics to distribute the ransomware and earn a commission.

This botnet exploits Android Debug Bridge to mine cryptocurrency on your device

www.zdnet.com/article/this-botnet-spreads-through-ssh-to-mine-for-cryptocurrency/ A new botnet is making the rounds by abusing Android Debug Bridge (ADB) and SSH to enslave new Android devices to its network.

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

www.zdnet.com/article/openssh-gets-protection-against-attacks-like-spectre-meltdown-rowhammer-and-rambleed/ The OpenSSH project is getting protection against side-channel attacks that are known to leak data from a computer’s memory, and allow malicious threat actors to steal sensitive information.

Free proxy service found running on top of 2,600+ hacked WordPress sites

www.zdnet.com/article/free-proxy-service-found-running-on-top-of-2600-hacked-wordpress-sites/ A website offering both free and commercial proxy servers is actually running on top of a giant botnet of hacked WordPress sites, security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have revealed. In a report published today, Netlab researchers accused the Free-Socks.in proxy service of masquerading as a front for a criminal operation. Researchers said that users who would use any of the proxy servers provided by the Free-Socks.in website would actually have their traffic funneled through a network of hacked WordPress sites spread all over the world.

Microsoft Outlook for Android Open to XSS Attacks

threatpost.com/microsoft-outlook-android-xss/145924/ A spoofing bug (CVE-2019-1105) can open the door to an email attack chain. Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting (XSS) attacks. The software giant said that CVE-2019-1105, rated important, is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses specifically crafted email messages.

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code

blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-8635-double-free-vulnerability-in-apple-macos-lets-attackers-escalate-system-privileges-and-execute-arbitrary-code/ We discovered a double free vulnerability (assigned as CVE-2019-8635) in macOS. The vulnerability is caused by a memory corruption flaw in the AMD component. If successfully exploited, an attacker can implement privilege escalation and execute malicious code on the system with root privileges. We disclosed our findings to Apple, which has since released a patch. See also:


Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

thehackernews.com/2019/06/vlc-media-player-hacking.html If you use VLC media player on your computer and haven’t updated it recently, don’t you even dare to play any untrusted, randomly downloaded video file on it.

You might be interested in …

Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites […]

Read More

Daily NCSC-FI news followup 2020-04-15

Pelaavatko lapset työkoneellasi? Se voi olla vakava tietoturvariski, varoittaa F-Securen Mikko Hyppönen yle.fi/uutiset/3-11293842 Tietomurron mahdollisuus kasvaa, mikäli työntekoon käytetään omia laitteita ilman kunnon suojausta. Alert (AA20-106A) – Guidance on the North Korean Cyber Threat www.us-cert.gov/ncas/alerts/aa20-106a The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory […]

Read More

Daily NCSC-FI news followup 2021-01-01

Inbox Attacks: The Miserable Year (2020) That Was threatpost.com/miserable-spam-year-2020/162566/ Purging your inbox has become a year-end tradition for many. A short hiatus for the holidays often provides a quiet moment to flush the previous year’s mountain of spam. And, from the looks of our 2020 inbox, years of herculean efforts to harden email defenses have […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.