Daily NCSC-FI news followup 2019-08-22

TechCrunch: T-Mobile hit by hours-long nationwide outage

techcrunch.com/2019/08/21/t-mobile-outage/

Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi”

yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin.

Fonectalla laaja tietovuoto: Tavallisella käyttäjä­tunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arka­luontoisiin henkilö­tietoihin

www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on voinut nähdä useiden satojen rekistereiden täyden sisällön. Mukana on arkaluonteisia henkilötietoja.

Firstofitskind spyware sneaks into Google Play

www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play twice

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/ Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The Gamaredon Group: A TTP Profile Analysis

www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks.

npm Pulls Malicious Package that Stole Login Passwords

www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/ A malicious package (bb-builder) was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on.

AMEO ‘concerned’ about nation-state attacks on power grids

www.zdnet.com/article/ameo-concerned-about-nation-state-attacks-on-power-grids/ Distributed energy resources such a rooftop solar will create ‘a fairly wicked supply chain issue’. How will the sector address organisation culture issues as IT and operational technology are merged?

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/ NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.

You might be interested in …

Daily NCSC-FI news followup 2019-06-24

How to remove Ryuk Ransomware (Uninstall guide) csirt.cy/how-to-remove-ryuk-ransomware-uninstall-guide/ Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time.. According to the […]

Read More

Daily NCSC-FI news followup 2020-03-07

New AMD Side Channel Attacks Discovered, Impacts Zen Architecture www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture A new paper released by the Graz University of Technology details two new “Take A Way” attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from […]

Read More

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.