Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One

arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of commands on the banks servers.. The hacker was arrested on Monday and is being detained pending a bail hearing scheduled for Thursday. Shes charged with a single count of computer fraud and faces a maximum penalty of five years in prison and a $250,000 fine

Kiristäjät vaativat lunnaita Kokemäen kaupungilta haittaohjelma pisti kaupungin verkon polvilleen

yle.fi/uutiset/3-10899982 Kiristyshaittaohjelma on päässyt käsiksi Kokemäen kaupungin sisäiseen verkkoon. Kaupungin työntekijät havaitsivat hyökkäyksen maanantaina. . Kaupunki on tehnyt mahdollisesta tietosuojaloukkauksesta ilmoituksen tietosuojavaltuutetun toimistolle. Myös rikosilmoitus poliisille on tehty. Lisäksi asian tutkinnassa on mukana muun muassa Liikenne- ja viestintäviraston Kyberturvallisuuskeskus.

Microsoft preps to purge its cloud access security broker of shonky crypto protocols TLS 1.0, 1.1

www.theregister.co.uk/2019/07/29/tls_microsoft_cloud_security/ Transport Level Security (TLS) 1.0 and 1.1 is to be axed for users of Microsoft Cloud App Security (MCAS) from 8 September as the company shores up security with a requirement for TLS 1.2+.

iOS 12.4 fixes *critical* vulnerabilities in iMessage that can be exploited without any user interaction

www.kaspersky.com/blog/ios-critical-vulnerabilities-124/27778/ The six critical vulnerabilities in iOS were found by Natalie Silvanovich and Samuel Groß, members of Googles bug hunting team called Project Zero. . What is known so far is that these bugs allow an attacker to run malicious code on victims iPhone or iPad with no user interaction needed. The only thing the attacker needs to do for this exploit to work is to send a malicious message to a victims phone.. See also www.bbc.com/news/technology-49165946

Apple’s AWDL Protocol Plagued By Flaws That Enable Tracking and MitM Attacks

www.zdnet.com/google-amp/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/ Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks.

U.S. Issues Hacking Security Alert for Small Planes

www.securityweek.com/us-issues-hacking-security-alert-small-planes The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.. See also www.us-cert.gov/ics/alerts/ics-alert-19-211-01 – ICS Alert (ICS-ALERT-19-211-01), CAN Bus Network Implementation in Avionics

95% of Pen Test Problems Can Be Easily Resolved

www.infosecurity-magazine.com/news/95-test-problems/ In the case of brute forcing accounts, this can be resolved with the use of multi-factor authentication or with account lockout policies, while ‘kerberoasting’ can be managed with strong passwords, both in terms of length and complexity.. Meanwhile, excessive file system permissions can be mitigated with tools to detect file permissions abuse, enabling installer detection for all users and limiting the privileges of user accounts and groups.

Hackers target Telegram accounts through voicemail backdoor

nakedsecurity.sophos.com/2019/07/30/hackers-target-telegram-accounts-through-voicemail-backdoor/ The Brazilian Governments Justice Minister Sergio Moro announced on 5 June 2019 that his smartphone had been hacked, four days before the politically compromising contents of his Telegram chats with a senior prosecutor started turning up as source material for articles in the media.. Telegram is vulnerable to account takeover/reset attacks of the sort that have troubled other services whereby attackers pretend to be a person and get a new SIM with the targets phone number – or voice mail, whose PIN can usually be bruteforced.

LAPD Breach Exposes Thousands of Officers

www.infosecurity-magazine.com/news/lapd-breach-exposes-thousands-of/ The suspected hacker claims they have their hands on the data of 2500 LAPD officers, trainees and recruits, and around 17,500 police officer applicants.

US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses

www.bleepingcomputer.com/news/security/us-govt-ngos-ask-cyber-community-to-boost-ransomware-defenses/ A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) urges government partners and the cyber community to reinforce their ransomware defenses.

New TrickBot Version Focuses on Microsoft’s Windows Defender

www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ A new version of the TrickBot banking Trojan continues its evolution of targeting security software in order to prevent its detection and removal. In this new version, TrickBot has set its sights on Windows Defender, which for many people is the only antivirus installed on a Windows 10 machine.

Announcing the Sixth Annual Flare-On Challenge

www.fireeye.com/blog/threat-research/2019/07/announcing-the-sixth-annual-flare-on-challenge.html The FireEye Labs Advanced Reverse Engineering (FLARE) team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Sept. 27, 2019.. Suom. huom. la 17.8. klo 0300 – la 28.9. 0300

You might be interested in …

Daily NCSC-FI news followup 2021-04-06

Spy Operations Target Vietnam with Sophisticated RAT threatpost.com/spy-operations-vietnam-rat/165243/ An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Daily NCSC-FI news followup 2021-03-21

Puolustusministeri Kaikkonen: Digitaalinen itsenäisyys on puolustamisen arvoinen www.erillisverkot.fi/puolustusministeri-kaikkonen-digitaalinen-itsenaisyys-on-puolustamisen-arvoinen/ Digitaalisen itsenäisyyden turvaaminen on osa modernia maanpuolustusta. Kyberpuolustus ja kyberhyökkäysten torjuminen kuuluu olennaisesti siihen, linjasi puolustusministeri Antti Kaikkonen Erve Foorumi 2021 -tervehdyksessään. Samsung Investigation Part 2: Exploiting Trusted Applications (TAs) www.riscure.com/blog/samsung-investigation-part2 In this second blog post, we will continue to explore TEEGRIS by reverse engineering TAs in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.