Daily NCSC-FI news followup 2019-08-22

TechCrunch: T-Mobile hit by hours-long nationwide outage


Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi”

yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin.

Fonectalla laaja tietovuoto: Tavallisella käyttäjä­tunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arka­luontoisiin henkilö­tietoihin

www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on voinut nähdä useiden satojen rekistereiden täyden sisällön. Mukana on arkaluonteisia henkilötietoja.

Firstofitskind spyware sneaks into Google Play

www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play twice

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/ Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The Gamaredon Group: A TTP Profile Analysis

www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks.

npm Pulls Malicious Package that Stole Login Passwords

www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/ A malicious package (bb-builder) was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on.

AMEO ‘concerned’ about nation-state attacks on power grids

www.zdnet.com/article/ameo-concerned-about-nation-state-attacks-on-power-grids/ Distributed energy resources such a rooftop solar will create ‘a fairly wicked supply chain issue’. How will the sector address organisation culture issues as IT and operational technology are merged?

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/ NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.

You might be interested in …

Daily NCSC-FI news followup 2020-07-31

Tutorial of ARM Stack Overflow Exploit against SETUID Root Program www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program In part I of this blog series, Tutorial of ARM Stack Overflow Exploit Defeating ASLR with ret2plt, I presented how to exploit a classic buffer overflow vulnerability when ASLR is enabled. That target program calls the function gets() to read a line from stdin. […]

Read More

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Daily NCSC-FI news followup 2020-03-19

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/ The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected. Hackers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.