Daily NCSC-FI news followup 2019-08-15

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.

Microsoft warns of new BlueKeeplike flaws

www.welivesecurity.com/2019/08/15/microsoft-warning-wormable-flaws/ Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to BlueKeep, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws tracked as CVE20191181, CVE20191182, CVE20191222 and CVE20191226 can be exploited by attackers sending a specially-crafted remote desktop protocol (RDP) message to RDS.

Analysis: New Remcos RAT Arrives Via Phishing Email

blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/ Remcos RAT emerged in 2016 being peddled as a service in hacking forums advertised, sold, and offered cracked on various sites and forums. The RAT appears to still be actively pushed by cybercriminals. In 2017, we reported spotting Remcos being delivered via a malicious PowerPoint slideshow, embedded with an exploit for CVE-2017-0199. Recently, the RAT has made its way to phishing emails.

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

cofense.com/remote-access-trojan-uses-sendgrid-slip-proofpoint/ The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Heres how it works:

Mineraalijätti Omyan tehtaista moni yhä pysähdyksissä verkko­hyökkäyksen vuoksi: häiriöt voivat heijastua muuhun teollisuuteen

www.hs.fi/teknologia/art-2000006205730.html TEOLLISUUSMINERAALEJA louhivaan ja valmistavaan kansainväliseen Omya-konserniin kohdistuneen verkkohyökkäyksen jälkiä ei ole saatu vieläkään korjattua. Tehtaista reilu puolet on saatu nyt takaisin toimintaan.

You might be interested in …

Daily NCSC-FI news followup 2019-06-29

Toiminta jälleen normaalia kyberhyökkäys lamaannutti Lahden kaupungin tietoverkon www.mtvuutiset.fi/artikkeli/toiminta-jalleen-normaalia-kyberhyokkays-lamaannutti-lahden-kaupungin-tietoverkon/7463758 Lahden kaupungin tietoverkon toiminta on palautunut pääosin normaaliksi, kertoo Lahden kaupunki. Kaupungin tietojärjestelmään tehtiin kyberhyökkäys yli kaksi viikkoa sitten.. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Tämä lamaannutti osittain kaupungin toiminnan.. Palveluissa saattaa olla hitautta, ja joitakin toimimattomia yhteyksiä vielä työstetään MongoDB Leak Exposed […]

Read More

Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly […]

Read More

Daily NCSC-FI news followup 2020-08-24

Bring Your Own Device – the new normal www.ncsc.gov.uk/blog-post/bring-your-own-device-the-new-normal Bring Your Own Device (BYOD) may not be a new topic but it has renewed significance in light of the wholesale changes to working practices instigated by the COVID-19 pandemic. In response to the pandemic, some organisations have already adapted for the future, by taking the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.