Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään

www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/

Zoom reverses course to kill off Mac local web server

www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more.

New FinSpy iOS and Android implants revealed ITW

securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012.

Agent Smith: The New Virus to Hit Mobile Devices

blog.checkpoint.com/2019/07/10/agent-smith-android-malware-mobile-phone-hack-virus-google/ Check Point Researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware. Disguised as a Google related application, the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the users interaction.

New Miori Variant Uses Unique Protocol to Communicate with C&C

blog.trendmicro.com/trendlabs-security-intelligence/new-miori-variant-uses-unique-protocol-to-communicate-with-cc/ We first detailed a new Mirai variant called Miori in a report late last year after finding the malware spreading via a ThinkPHP Remote Code Execution (RCE) vulnerability. It has recently reappeared bearing a notable difference in the way it communicates with its command-and-control (C&C) server.

Windows zeroday CVE20191132 exploited in targeted attacks

www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/ ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows

Hackers breached Greece’s top-level domain registrar

www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/#ftag=RSSbaffb68 Sea Turtle group returns with new attacks; continues DNS hijacking spree.. State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el.

Poliisi varoittaa satoja tuhansia euroja vieneistä petoksista: Huijarit esiintyvät hyvin vakuuttavasti

www.is.fi/digitoday/tietoturva/art-2000006169324.html?ref=rss Toimitusjohtajahuijausten sähköpostit ovat usein erittäin aidon tuntuisia. Yleensä ne ovat myös kiireelliseksi merkittyjä.

Logitechin usb-vastaanottimissa on haavoittuvuuksia, joita ei näillä näkymin kaikkia korjata. Asiasta kertoo Heise.

www.is.fi/digitoday/tietoturva/art-2000006168851.html?ref=rss Tutkija Marcus Mengsin mukaan aukot mahdollistavat näppäinpainallusten salakuuntelun esimerkiksi salasanojen varastamiseksi. Pahempikin on mahdollista: Langaton hyökkääjä pystyy myös lähettämään haavoittuvalla palikalla varustettuun tietokoneeseen mitä tahansa komentoja esimerkiksi sen saastuttamiseksi haittaohjelmalla.. also:

www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/

Microsoft Azure AD FIDO2 Passwordless Sign-In in Public Preview

www.bleepingcomputer.com/news/microsoft/microsoft-azure-ad-fido2-passwordless-sign-in-in-public-preview/

New eCh0raix Ransomware Brute-Forces QNAP NAS Devices

www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/

Financial Impact of Cybercrime Exceeded $45B in 2018

www.darkreading.com/risk/financial-impact-of-cybercrime-exceeded-$45b-in-2018/d/d-id/1335199

You might be interested in …

Daily NCSC-FI news followup 2020-01-05

Austria: Cyberangriff auf Außenministerium orf.at/stories/3149769/ Die IT-Systeme des Außenministeriums sind derzeit offenbar Ziel eines schwerwiegenden Cyberangriffs. Der Angriff lief auch am Sonntag weiter, so Außenamtssprecher Peter Guschelbauer. Vonseiten des Ministeriums vermutet man einen Angriff eines staatlichen Akteurs.. Also www.bbc.com/news/world-europe-50997773 US announces AI software export restrictions www.theverge.com/2020/1/5/21050508/us-export-ban-ai-software-china-geospatial-analysis The ban, which comes into force on Monday, is […]

Read More

Daily NCSC-FI news followup 2020-09-08

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/ Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also: isc.sans.edu/diary/rss/26544 Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/ Adobe patched 11 bugs overall in its Experience Manager; five of those are rated […]

Read More

Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.