Daily NCSC-FI news followup 2019-08-22

TechCrunch: T-Mobile hit by hours-long nationwide outage

techcrunch.com/2019/08/21/t-mobile-outage/

Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi”

yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin.

Fonectalla laaja tietovuoto: Tavallisella käyttäjä­tunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arka­luontoisiin henkilö­tietoihin

www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on voinut nähdä useiden satojen rekistereiden täyden sisällön. Mukana on arkaluonteisia henkilötietoja.

Firstofitskind spyware sneaks into Google Play

www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play twice

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/ Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The Gamaredon Group: A TTP Profile Analysis

www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks.

npm Pulls Malicious Package that Stole Login Passwords

www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/ A malicious package (bb-builder) was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on.

AMEO ‘concerned’ about nation-state attacks on power grids

www.zdnet.com/article/ameo-concerned-about-nation-state-attacks-on-power-grids/ Distributed energy resources such a rooftop solar will create ‘a fairly wicked supply chain issue’. How will the sector address organisation culture issues as IT and operational technology are merged?

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks

www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/ NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.