Daily NCSC-FI news followup 2019-08-20

Guccifer Rising? Months-Long Phishing Campaign on ProtonMail Targets Dozens of Russia-Focused Journalists and NGOs

www.bellingcat.com/news/uk-and-europe/2019/08/10/guccifer-rising-months-long-phishing-campaign-on-protonmail-targets-dozens-of-russia-focused-journalists-and-ngos/ A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the earliest reported attack dating back to April 24 2019, and some evidence suggesting the campaign was in the works since as early as March 2018.. see also

threatconnect.com/blog/building-out-protonmail-spoofed-infrastructure/

Information operations directed at Hong Kong

blog.twitter.com/en_us/topics/company/2019/information_operations_directed_at_Hong_Kong.html We are disclosing a significant state-backed information operation focused on the situation in Hong Kong, specifically the protest movement and their calls for political change.

Apple iOS Patch Blunder Opens Updated iPhones to Jailbreaks

threatpost.com/apple-ios-patch-blunder-iphones-jailbreaks/147519/ Apple accidentally re-introduced a vulnerability in its latest operating system, iOS 12.4, that had been previously fixed in iOS 12.3.. Apples most recent operating system update, iOS 12.4, accidentally unpatched a fix that had been issued in a previous update leaving devices vulnerable to code execution and privilege-escalation attacks. The flaw also allows phones to be jailbroken and a public jailbreak has just been released to take advantage of it on phones running the latest version of iOS.

Backdoor code found in 11 Ruby libraries

www.zdnet.com/article/backdoor-code-found-in-11-ruby-libraries/ RubyGems staff have removed 18 malicious Ruby library versions that have been downloaded 3,584 times since July 8.

Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

thehackernews.com/2019/08/webmin-vulnerability-hacking.html Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructurethat surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year.

Gmail Is Down, Displays “Something Went Wrong” Errors

www.bleepingcomputer.com/news/google/gmail-is-down-displays-something-went-wrong-errors/ Google’s free Gmail email service is currently experiencing a worldwide outage which prevents users from logging in, displaying “Something went wrong” errors when they’re trying to sign in to their accounts.

Scammer Tricks City Into $1 Million Wire Transfer

www.bleepingcomputer.com/news/security/scammer-tricks-city-into-1-million-wire-transfer/ A scammer was able to successfully fooled the City of Saskatoon into transferring them a little over $1 million. They may not enjoy the wealth, though.. The city fell victim to classic business email compromise (BEC) fraud, also knows as email account compromise (EAC) – a phenomenon that last year caused over $1.2 billion in losses in the U.S. alone.

Unpatchable security flaw found in popular SoC boards

www.zdnet.com/article/unpatchable-security-flaw-found-in-popular-soc-boards/ Xilinx Zynq UltraScale+ SoCs are normally used in automotive, aviation, consumer electronics, industrial, and military components.

Vulnerabilities in Google Nest Cam IQ can be used to hijack the camera, leak data

www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/ The indoor security device was subject to bugs which threatened user privacy.

Adwind Spyware-as-a-Service Attacks Utility Grid Operators

threatpost.com/adwind-spyware-as-a-service-attacks-utility-grid-operators/147525/ A phishing campaign targeting utility grid operators uses a PDF attachment to deliver spyware.

Severe Flaws in Kubernetes Expose All Servers to DoS Attacks

www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/ Two high severity vulnerabilities impacting all versions of the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial-of-service (DoS) state.

Taidokas pankkihuijaus tavoittelee S-Pankin asiakkaita uudenlainen syötti voi vakuuttaa monet

www.tivi.fi/uutiset/tv/ca00396d-4864-4b17-bbd1-738ce605cd4a Suomenkielinen huijaussähköposti väittää, että S-Pankin asiakkaan pitäisi tehtävä järjestelmäpäivitys ja päivittää yhteystiedot ajantasalle, koska verkkopankin käyttäjiä koskeva PSD2-direktiivin astui voimaan 13.01.2019.

How malformed packets caused CenturyLinks 37-hour, nationwide outage

arstechnica.com/information-technology/2019/08/centurylinks-37-hour-outage-blocked-911-service-for-17-million-people/ CenturyLink’s nationwide, 37-hour outage in December 2018 disrupted 911 service for millions of Americans and prevented completion of at least 886 calls to 911, a new Federal Communications Commission report said.

Post-GandCrab, Cybercriminals Scouring the Dark Web for the Next Top Ransomware

threatpost.com/post-gandcrab-cybercriminals-scouring-the-dark-web-for-the-next-top-ransomware/147476/ A detailed look at underground forums shows that cybercriminals arent sure where to look on the heels of the GandCrab ransomware group shutting its doors and low-level actors are taking advantage of that by developing their own strains.

Exposed Sphinx Servers Are No Challenge for Hackers

www.bleepingcomputer.com/news/security/exposed-sphinx-servers-are-no-challenge-for-hackers/ Attackers can take advantage of Sphinx web servers exposed on the internet to access, alter, or remove data in the database, warns CERT-Bund, Germany’s computer emergency response team.

Guildma malware is now accessing Facebook and YouTube to keep up-to-date

isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/ A new variant of the information stealer Guildma (aka Astaroth) we analyzed last week is accessing Facebook and YouTube to get a fresh list of its C2 servers. The C2 list is encrypted and hosted in two Facebook and three YouTube profiles maintained and constantly updated by the cybercriminals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.