Daily NCSC-FI news followup 2019-08-13

Attackers could use this coding bug to turn BIG-IP load balancers against organizations

blog.f-secure.com/command-injection-in-f5-irules/ During a routine security assessment, F-Secure Senior Security Consultant Christoffer Jerkeby discovered that an obscure coding bug could allow attackers to exploit F5 Networks popular BIG-IP load balancer. Further research found that, following a successful exploit, an adversary could turn the compromised device back against the organization or even individuals using the affected services.

Saefko: A new multi-layered RAT

www.zscaler.com/blogs/research/saefko-new-multi-layered-rat Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities.. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading module.

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

threatpost.com/def-con-2019-hacking-google-home/147170/ The Tencent Blade Team of researchers demonstrated several ways they have developed to hack and run remote code on Google Home smart speakers. The hacks center around what is known as a Magellan vulnerability, which can be used to exploit the massively popular SQLite database engine.


www.wired.com/story/mycar-remote-start-vulnerabilities/ In a talk at the DefCon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.

SEC Investigating Data Leak at First American Financial Corp.

krebsonsecurity.com/2019/08/sec-investigating-data-leak-at-first-american-financial-corp/ The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003

ASD releases warning of BlueKeep vulnerability

www.zdnet.com/article/asd-releases-warning-of-bluekeep-vulnerability/#ftag=RSSbaffb68 The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) released a warning late Monday urging Australian businesses using older Windows systems to install a patch to avoid potential exploitation of BlueKeep vulnerability, known as CVE-2019-0708.

Steam Security Vulnerability Fixed, Researchers Don’t Agree

www.bleepingcomputer.com/news/security/steam-security-vulnerability-fixed-researchers-dont-agree/ Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored.

4G Router Vulnerabilities Let Attackers Take Full Control

www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/ Pen Test Partners researcher ‘G Richter’ shared the flaws found in 4G devices during this year’s DEF CON hacking conference, saying that “a lot of existing 4G modems and routers are pretty insecure.”

New GoBrut Version in the Wild

blog.yoroi.company/research/new-gobrut-version-in-the-wild/ Back in March we spotted and monitored a new emerging threat which we dubbed as GoBrut botnet.In our previous blog post, we analyzed a Windows version of this bot, arguing about the usage of the GoLang programming language, a modern language able to reach extremely high level of code portability, potentially enabling the attackers to write code once and compile it for every OSes. . Thats exactly what happened. We discovered a new version of the bot compiled for Linux hosts.

HS:n tiedot: Kaikki teollisuus­mineraaliyhtiö Omyan tehtaat pysäytettiin ympäri maailmaa kyber­hyökkäyksen vuoksi

www.hs.fi/teknologia/art-2000006203364.html KANSAINVÄLINEN teollisuus­mineraaliyhtiö Omya joutui HS:n tietojen mukaan viikonloppuna keskeyttämään toiminnan kaikilla tehtaillaan kyberhyökkäyksen vuoksi.

Protecting water utility against nation state cyber adversary

medium.com/sensorfu/protecting-water-utility-against-nation-state-cyber-adversary-8732702b6e5f Locked Shields is a unique international cyber defence exercise offering the most complex technical live-fire challenge in the world. In 2019, a water treatment facility was part of targeted critical infrastructure. This article describes how SensorFu Beacon, a continuous network leak detection solution, was successfully used by a defending blue team to continuously maintain isolation of water utilities SCADA/ICS network while facing skilled and motivate

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed BlueKeep vulnerability (CVE-2019-0708), these two vulnerabilities are also wormable, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices

blog.trendmicro.com/trendlabs-security-intelligence/back-to-back-campaigns-neko-mirai-and-bashlite-malware-variants-use-various-exploits-to-target-several-routers-devices/ Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week.

You might be interested in …

Daily NCSC-FI news followup 2020-12-03

Widespread android applications still exposed to vulnerability on google play core library blog.checkpoint.com/2020/12/03/widespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library/ A new vulnerability for the Google Play Core Library was published late August, given the CVE-2020-8913, which allows Local-Code-Execution (LCE) within the scope of any application that has the vulnerable version of the Google Play Core Library. Code execution is an attackers […]

Read More

Daily NCSC-FI news followup 2020-09-24

#InstaHack: how researchers were able to take over the Instagram App using a malicious image blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/ Instagram is one of the most popular social media platforms globally, with over 100+ million photos uploaded every day, and nearly 1 billion monthly active users. Individuals and companies share photos and messages about their lives and products to […]

Read More

Daily NCSC-FI news followup 2021-02-02

Liikkeellä erittäin uskottavia huijaussivuja älä mene verkkopankkiin Google-haun kautta www.finanssiala.fi/uutismajakka/Sivut/Liikkeella-uskottavia-huijaussivuja-ala-mene-verkkopankkiin-Google-haun-kautta.aspx Huijarit pyrkivät tällä hetkellä erittäin aktiivisesti verkkopankkeihin tuttujen sähköpostilinkkien avulla. Lisäksi pankit ovat havainneet uuden huijauskampanjan, jossa rikolliset ovat tavalla tai toisella saaneet ujutettua huijaussivustojaan Googlen hakutuloksiin. Pankeista neuvotaan, että ainakaan toistaiseksi ei kannata mennä verkkopankkiin hakemalla pankkinsa nimeä Googlesta, vaan kirjoittamalla osoite selaimen osoitekenttään. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.