Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään

www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/

Zoom reverses course to kill off Mac local web server

www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more.

New FinSpy iOS and Android implants revealed ITW

securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012.

Agent Smith: The New Virus to Hit Mobile Devices

blog.checkpoint.com/2019/07/10/agent-smith-android-malware-mobile-phone-hack-virus-google/ Check Point Researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware. Disguised as a Google related application, the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the users interaction.

New Miori Variant Uses Unique Protocol to Communicate with C&C

blog.trendmicro.com/trendlabs-security-intelligence/new-miori-variant-uses-unique-protocol-to-communicate-with-cc/ We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. It has recently reappeared bearing a notable difference in the way it communicates with its command-and-control (C&C) server.

Windows zeroday CVE20191132 exploited in targeted attacks

www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/ ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows

Hackers breached Greece’s top-level domain registrar

www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/#ftag=RSSbaffb68 Sea Turtle group returns with new attacks; continues DNS hijacking spree.. State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el.

Poliisi varoittaa satoja tuhansia euroja vieneistä petoksista: Huijarit esiintyvät hyvin vakuuttavasti

www.is.fi/digitoday/tietoturva/art-2000006169324.html?ref=rss Toimitusjohtajahuijausten sähköpostit ovat usein erittäin aidon tuntuisia. Yleensä ne ovat myös kiireelliseksi merkittyjä.

Logitechin usb-vastaanottimissa on haavoittuvuuksia, joita ei näillä näkymin kaikkia korjata. Asiasta kertoo Heise.

www.is.fi/digitoday/tietoturva/art-2000006168851.html?ref=rss Tutkija Marcus Mengsin mukaan aukot mahdollistavat näppäinpainallusten salakuuntelun esimerkiksi salasanojen varastamiseksi. Pahempikin on mahdollista: Langaton hyökkääjä pystyy myös lähettämään haavoittuvalla palikalla varustettuun tietokoneeseen mitä tahansa komentoja esimerkiksi sen saastuttamiseksi haittaohjelmalla.. also:

www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/

Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview

www.bleepingcomputer.com/news/microsoft/microsoft-azure-ad-fido2-passwordless-sign-in-in-public-preview/

New eCh0raix Ransomware Brute-Forces QNAP NAS Devices

www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/

Financial Impact of Cybercrime Exceeded $45B in 2018

www.darkreading.com/risk/financial-impact-of-cybercrime-exceeded-$45b-in-2018/d/d-id/1335199

You might be interested in …

Daily NCSC-FI news followup 2020-11-25

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa threatpost.com/light-based-attacks-digital-home/161583/ They broadened their research to show how light can be used to manipulate a wider range of digital assistantsincluding Amazon Echo 3 but also sensing systems found in medical devices, autonomous vehicles, industrial systems and even space systems. Live Patching Windows API Calls Using PowerShell isc.sans.edu/diary/rss/26826 […]

Read More

Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on […]

Read More

Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.