Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

Microsoft warns of new BlueKeeplike flaws

www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to BlueKeep, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws tracked as CVE20191181, CVE20191182, CVE20191222 and CVE20191226 can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS.

Analysis: New Remcos RAT Arrives Via Phishing Email

blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Remcos RAT emerged in 2016 being peddled as a service in hacking forums advertised, sold, and offered cracked on various sites and forums. The RAT appears to still be actively pushed by cybercriminals. In 2017, we reported spotting Remcos being delivered via a malicious PowerPoint slideshow, embedded with an exploit for CVE-2017-0199. Recently, the RAT has made its way to phishing emails.

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

cofense.com/remote-access-trojan-uses-sendgrid-slip-proofpoint/ The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Heres how it works:

Mineraalijätti Omyan tehtaista moni yhä pysähdyksissä verkko­hyökkäyksen vuoksi: häiriöt voivat heijastua muuhun teollisuuteen

www.hs.fi/teknologia/art-2000006205730.html TEOLLISUUSMINERAALEJA louhivaan ja valmistavaan kansainväliseen Omya-konserniin kohdistuneen verkkohyökkäyksen jälkiä ei ole saatu vieläkään korjattua. Tehtaista reilu puolet on saatu nyt takaisin toimintaan.

You might be interested in …

Daily NCSC-FI news followup 2020-04-08

COVID-19 Exploited by Malicious Cyber Actors www.us-cert.gov/ncas/alerts/aa20-099a This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.. This is a joint alert from the United […]

Read More

Daily NCSC-FI news followup 2019-11-20

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems www.wired.com/story/iran-apt33-industrial-control-systems/ The recent shift away from IT networks raises the possibility that Irans APT33 is exploring physically disruptive cyberattacks on critical infrastructure. Ransomware Gangs Adopt APT Tactics in Targeted Attacks www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/ Ransomware operators are moving away from mass volume attacks and partnering with specialists who […]

Read More

Daily NCSC-FI news followup 2020-04-30

Osataanko teillä torpata tietoturvauhkia? Kyberharjoittelusta hyötyvät kaikki www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/osataanko-teilla-torpata-tietoturvauhkia-kyberharjoittelusta-hyotyvat-kaikki Nyt tehdään mielikuvitusreissu tavalliseen toimistotyöpäivään Kyberilän vesihuollossa, jossa sähköpostejaan läpikäyvä Pirjo saa varsin houkuttelevan tarjouksen. Hän on yksi tuhansista ammattilaisista, joiden työpanos on olennainen, kun varmistamme yhteiskuntamme sujuvaa toimintaa muun muassa tietoturvallisilla työtavoilla. . Tilanteita ja toimintatapoja kannattaa jokaisen harjoitella etukäteen. Me voimme auttaa. Kyberturvallisuuskeskus kartoittaa suojaamattomia […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.