Daily NCSC-FI news followup 2019-08-13

Attackers could use this coding bug to turn BIG-IP load balancers against organizations

blog.f-secure.com/command-injection-in-f5-irules/ During a routine security assessment, F-Secure Senior Security Consultant Christoffer Jerkeby discovered that an obscure coding bug could allow attackers to exploit F5 Networks popular BIG-IP load balancer. Further research found that, following a successful exploit, an adversary could turn the compromised device back against the organization or even individuals using the affected services.

Saefko: A new multi-layered RAT

www.zscaler.com/blogs/research/saefko-new-multi-layered-rat Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities.. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading module.

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

threatpost.com/def-con-2019-hacking-google-home/147170/ The Tencent Blade Team of researchers demonstrated several ways they have developed to hack and run remote code on Google Home smart speakers. The hacks center around what is known as a Magellan vulnerability, which can be used to exploit the massively popular SQLite database engine.


www.wired.com/story/mycar-remote-start-vulnerabilities/ In a talk at the DefCon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.

SEC Investigating Data Leak at First American Financial Corp.

krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003

ASD releases warning of BlueKeep vulnerability

www.zdnet.com/article/asd-releases-warning-of-bluekeep-vulnerability/#ftag=RSSbaffb68 The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) released a warning late Monday urging Australian businesses using older Windows systems to install a patch to avoid potential exploitation of BlueKeep vulnerability, known as CVE-2019-0708.

Steam Security Vulnerability Fixed, Researchers Don’t Agree

www.bleepingcomputer.com/news/security/steam-security-vulnerability-fixed-researchers-dont-agree/ Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored.

4G Router Vulnerabilities Let Attackers Take Full Control

www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/ Pen Test Partners researcher ‘G Richter’ shared the flaws found in 4G devices during this year’s DEF CON hacking conference, saying that “a lot of existing 4G modems and routers are pretty insecure.”

New GoBrut Version in the Wild

blog.yoroi.company/research/new-gobrut-version-in-the-wild/ Back in March we spotted and monitored a new emerging threat which we dubbed as GoBrut botnet.In our previous blog post, we analyzed a Windows version of this bot, arguing about the usage of the GoLang programming language, a modern language able to reach extremely high level of code portability, potentially enabling the attackers to write code once and compile it for every OSes. . Thats exactly what happened. We discovered a new version of the bot compiled for Linux hosts.

HS:n tiedot: Kaikki teollisuus­mineraaliyhtiö Omyan tehtaat pysäytettiin ympäri maailmaa kyber­hyökkäyksen vuoksi

www.hs.fi/teknologia/art-2000006203364.html KANSAINVÄLINEN teollisuus­mineraaliyhtiö Omya joutui HS:n tietojen mukaan viikonloppuna keskeyttämään toiminnan kaikilla tehtaillaan kyberhyökkäyksen vuoksi.

Protecting water utility against nation state cyber adversary

medium.com/sensorfu/protecting-water-utility-against-nation-state-cyber-adversary-8732702b6e5f Locked Shields is a unique international cyber defence exercise offering the most complex technical live-fire challenge in the world. In 2019, a water treatment facility was part of targeted critical infrastructure. This article describes how SensorFu Beacon, a continuous network leak detection solution, was successfully used by a defending blue team to continuously maintain isolation of water utilities SCADA/ICS network while facing skilled and motivate

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed BlueKeep vulnerability (CVE-2019-0708), these two vulnerabilities are also wormable, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

blog.trendmicro.com/trendlabs-security-intelligence/back-to-back-campaigns-neko-mirai-and-bashlite-malware-variants-use-various-exploits-to-target-several-routers-devices/ Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week.

You might be interested in …

Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Discord […]

Read More

Daily NCSC-FI news followup 2021-02-27

Amazon Dismisses Claims Alexa Skills Can Bypass Security Vetting Process threatpost.com/amazon-dismisses-claims-alexa-skills-can-bypass-security-vetting/164316/ Our analysis shows that while Amazon restricts access to user data for skills and has put forth a number of rules, there is still room for malicious actors to exploit or circumvent some of these rules, said researchers this week. This can enable an […]

Read More

Daily NCSC-FI news followup 2019-08-30

Phishers are Angling for Your Cloud Providers krebsonsecurity.com/2019/08/phishers-are-angling-for-your-cloud-providers/ Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the clients brand and their customers. Heres a look at a recent CRM-based phishing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.