Daily NCSC-FI news followup 2019-08-22
TechCrunch: T-Mobile hit by hours-long nationwide outage
techcrunch.com/2019/08/21/t-mobile-outage/
Viranomaissivustot toimivat taas, iltapäivän palvelunestohyökkäys ohi “Palvelunestohyökkääjä löytänyt aivan uudenlaisen tavan päästä läpi”
yle.fi/uutiset/3-10934147 Palvelunestohyökkäys kohdistui muun muassa poliisin ja hätäkeskuksen verkkopalveluihin.
Fonectalla laaja tietovuoto: Tavallisella käyttäjätunnuksella on päässyt käsiksi ainakin 150 000 ihmisen arkaluontoisiin henkilötietoihin
www.hs.fi/kotimaa/art-2000006212884.html Yrityksille ja järjestöille tarkoitetussa asiakasrekisteripalvelussa yksi tavallisen käyttäjätunnuksen omistaja on voinut nähdä useiden satojen rekistereiden täyden sisällön. Mukana on arkaluonteisia henkilötietoja.
Firstofitskind spyware sneaks into Google Play
www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play twice
Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities
blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/ Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.
The Gamaredon Group: A TTP Profile Analysis
www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks.
npm Pulls Malicious Package that Stole Login Passwords
www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/ A malicious package (bb-builder) was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on.
AMEO ‘concerned’ about nation-state attacks on power grids
www.zdnet.com/article/ameo-concerned-about-nation-state-attacks-on-power-grids/ Distributed energy resources such a rooftop solar will create ‘a fairly wicked supply chain issue’. How will the sector address organisation culture issues as IT and operational technology are merged?
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/ NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident.
