Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään


Zoom reverses course to kill off Mac local web server

www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more.

New FinSpy iOS and Android implants revealed ITW

securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012.

Agent Smith: The New Virus to Hit Mobile Devices

blog.checkpoint.com/2019/07/10/agent-smith-android-malware-mobile-phone-hack-virus-google/ Check Point Researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware. Disguised as a Google related application, the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the users interaction.

New Miori Variant Uses Unique Protocol to Communicate with C&C

blog.trendmicro.com/trendlabs-security-intelligence/new-miori-variant-uses-unique-protocol-to-communicate-with-cc/ We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. It has recently reappeared bearing a notable difference in the way it communicates with its command-and-control (C&C) server.

Windows zeroday CVE20191132 exploited in targeted attacks

www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/ ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows

Hackers breached Greece’s top-level domain registrar

www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/#ftag=RSSbaffb68 Sea Turtle group returns with new attacks; continues DNS hijacking spree.. State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el.

Poliisi varoittaa satoja tuhansia euroja vieneistä petoksista: Huijarit esiintyvät hyvin vakuuttavasti

www.is.fi/digitoday/tietoturva/art-2000006169324.html?ref=rss Toimitusjohtajahuijausten sähköpostit ovat usein erittäin aidon tuntuisia. Yleensä ne ovat myös kiireelliseksi merkittyjä.

Logitechin usb-vastaanottimissa on haavoittuvuuksia, joita ei näillä näkymin kaikkia korjata. Asiasta kertoo Heise.

www.is.fi/digitoday/tietoturva/art-2000006168851.html?ref=rss Tutkija Marcus Mengsin mukaan aukot mahdollistavat näppäinpainallusten salakuuntelun esimerkiksi salasanojen varastamiseksi. Pahempikin on mahdollista: Langaton hyökkääjä pystyy myös lähettämään haavoittuvalla palikalla varustettuun tietokoneeseen mitä tahansa komentoja esimerkiksi sen saastuttamiseksi haittaohjelmalla.. also:


Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview


New eCh0raix Ransomware Brute-Forces QNAP NAS Devices


Financial Impact of Cybercrime Exceeded $45B in 2018


You might be interested in …

Daily NCSC-FI news followup 2019-10-15

Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/ A vulnerability in the Linux sudo command has been discovered that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. Building China’s Comac C919 airplane involved a lot […]

Read More

Daily NCSC-FI news followup 2019-11-12

BlueKeep freakout had little to no impact on patching, say experts www.theregister.co.uk/2019/11/11/bluekeep_didnt_boost_patching/ According to SANS, those reports did not do much to get people motivated. The security institute says that the rate of BlueKeep-vulnerable boxes it tracks on Shodan has been on a pretty steady downward slope since May, and the media’s rush to sound […]

Read More

Daily NCSC-FI news followup 2020-06-14

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/ For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.