Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic

www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/

Ammottava aukko päästi viemään salasanat, kasvot ja sormenjäljet suomalaiskäyttäjä kiistää vaaran

www.is.fi/digitoday/tietoturva/art-2000006206472.html Kulkulupien myöntämisessä käytetystä BioStar 2 -ohjelmistosta paljastui hälyttävä tietoturvaongelma.. Web-pohjainen älylukko BioStar 2 on voinut sallia hakkereille erittäin arkaluonteisen tiedon varastamisen, väittää ongelman havainnut vpnMentor.. VpnMentor pystyi etäältä pääsemään käsiksi esimerkiksi yli miljoonaan sormenjälkitietoon ja kaikkiaan 27,8 miljoonaan tallenteeseen. Tietoa saatiin 23 gigatavun edestä ja siinä oli mukana muun muassa sormenjälkiä, kasvokuvia, salaamattomia salasanoja, tietoja työntekijöiden kulkuoikeuksista ja työntekijöiden henkilökohtaisia tietoja.

Over the course of three days (12 – 15 August 2019) we monitored the public submissions of three popular online sandbox services. These services allow anyone to upload a file and then generate a report about what happens when the file is opened; they then give an indication as to whether the file is malicious or benign.

blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ The services chosen all have public feeds and do not require payment in order to download or view the public submissions.. By far the most numerous benign documents were invoices and purchase orders. We collected just over 200 in three days; this was expected as these are some of the most popular document types being emailed between businesses.

Microsoft Warns of Phishing Attacks Using Custom 404 Pages

www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/ Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials.. To do this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form.. This allows the phishers to have an infinite amount of phishing landing pages URLs generated with the help of a single registered domain.

European Central Bank Shuts Down ‘BIRD Portal’ After Getting Hacked

thehackernews.com/2019/08/european-central-bank-hack.html The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers.

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

threatpost.com/energy-phish-microsoft-security-google-drive/147397/ The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.

Analysis of a Spearphishing Maldoc


You might be interested in …

Daily NCSC-FI news followup 2020-10-03

Kyberturvallisuuden superkuukausi on täällä taas! www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuden-superkuukausi-taalla-taas Lokakuussa kyberturvallisuus saa siivet, kun Euroopan kyberturvallisuuskuukausi, European Cyber Security Month taas alkaa. Eurooppalainen kyberin yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Kampanja on tarkoitettu meille kaikille. Laitetaan yhdessä kyberturvallisuuden perustaidot kuntoon! CERT-SE Challenge 2020 – Will you accept our challenge? cert.se/2020/09/cert-se-challenge-2020 CERT-SE kicks the cybersecurity month off with […]

Read More

Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026) blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January […]

Read More

Daily NCSC-FI news followup 2019-10-09

Exploring a Recent Magnitude Exploit Kit Sample www.fortinet.com/blog/threat-research/magnitude-exploit-kit-sample-analysis.html As Internet Explorer’s share of the browser pie continues to shrink, exploit kits frameworks hosted by malicious actors to target browser vulnerabilities, particularly for IE are much less active than before. However, some of them now target geographic regions where IE owns a more sizable part of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.