Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic

www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/

Ammottava aukko päästi viemään salasanat, kasvot ja sormenjäljet suomalaiskäyttäjä kiistää vaaran

www.is.fi/digitoday/tietoturva/art-2000006206472.html Kulkulupien myöntämisessä käytetystä BioStar 2 -ohjelmistosta paljastui hälyttävä tietoturvaongelma.. Web-pohjainen älylukko BioStar 2 on voinut sallia hakkereille erittäin arkaluonteisen tiedon varastamisen, väittää ongelman havainnut vpnMentor.. VpnMentor pystyi etäältä pääsemään käsiksi esimerkiksi yli miljoonaan sormenjälkitietoon ja kaikkiaan 27,8 miljoonaan tallenteeseen. Tietoa saatiin 23 gigatavun edestä ja siinä oli mukana muun muassa sormenjälkiä, kasvokuvia, salaamattomia salasanoja, tietoja työntekijöiden kulkuoikeuksista ja työntekijöiden henkilökohtaisia tietoja.

Over the course of three days (12 – 15 August 2019) we monitored the public submissions of three popular online sandbox services. These services allow anyone to upload a file and then generate a report about what happens when the file is opened; they then give an indication as to whether the file is malicious or benign.

blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/ The services chosen all have public feeds and do not require payment in order to download or view the public submissions.. By far the most numerous benign documents were invoices and purchase orders. We collected just over 200 in three days; this was expected as these are some of the most popular document types being emailed between businesses.

Microsoft Warns of Phishing Attacks Using Custom 404 Pages

www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/ Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials.. To do this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form.. This allows the phishers to have an infinite amount of phishing landing pages URLs generated with the help of a single registered domain.

European Central Bank Shuts Down ‘BIRD Portal’ After Getting Hacked

thehackernews.com/2019/08/european-central-bank-hack.html The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers.

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

threatpost.com/energy-phish-microsoft-security-google-drive/147397/ The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.

Analysis of a Spearphishing Maldoc

isc.sans.edu/diary/rss/25242

You might be interested in …

Daily NCSC-FI news followup 2020-06-12

Slovak police found wiretapping devices connected to the Govnet government network securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html Slovak police seized wiretapping devices connected to Govnet government network and arrested four individuals, including the head of a government agency. Power company Enel Group suffers Snake Ransomware attack www.bleepingcomputer.com/news/security/power-company-enel-group-suffers-snake-ransomware-attack/ European energy company giant Enel Group suffered a ransomware attack a few days […]

Read More

Daily NCSC-FI news followup 2020-05-29

Highly-targeted attacks on industrial sector hide payload in images www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/ Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. Victims in multiple countries (Japan, the U.K., Germany, Italy) were identified. Some of them supply equipment and software solutions to industrial enterprises. […]

Read More

Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.