Daily NCSC-FI news followup 2019-08-23

Fortinet SSL VPN vulnerability from May 2019 being exploited in wild

opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it’s a bad vulnerability.. Also: https://twitter.com/GossiTheDog/status/1164536461665996800. Original security advisory (2019-05-24)


Cisco Warns of Public Exploit Code for Critical Switch Flaws

www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/ Cisco updated the security advisories for three vulnerabilities patched in early August warning customers that its Product Security Incident Response Team (PSIRT) team is aware of public exploit code being available.

Unpatched Squid Servers Exposed to DoS, Code Execution Attacks

www.bleepingcomputer.com/news/security/unpatched-squid-servers-exposed-to-dos-code-execution-attacks/ Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw.

Finding Neutrino

blog.ptsecurity.com/2019/08/finding-neutrino.html Step by step, we have uncovered the whole chain of events and ultimately discovered a large malware campaign ongoing since 2013. Here we will give the details and the whole story, from start to finish.

Emotet Botnet Is Back, Servers Active Across the World

www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/ Emotet is now one of the top threats, its infrastructure being used to distribute Trickbot, another banking trojan, and then spread the Ryuk ransomware. This combination is dubbed ‘triple threat’ and has affected public administrations in the U.S.

Microsoft launches bug bounty for new Chromium Edge browser, with $30,000 top reward

www.zdnet.com/article/microsoft-launches-bug-bounty-for-new-chromium-edge-browser-with-30000-top-reward/ Researchers will need to find a sandbox escape for Microsoft Edge Windows Defender Application Guard to get the top reward.

Steam Patches Vulnerabilities in Beta Version Update

www.bleepingcomputer.com/news/security/steam-patches-lpe-vulnerabilities-in-beta-version-update/ Almost 48 hours after security researcher Vasily Kravets (PsiDragon) released his proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation, Valve released a beta update that allegedly fixes the bugs.

Valve says turning away researcher reporting Steam vulnerability was a mistake

arstechnica.com/information-technology/2019/08/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake/ In an attempt to quell a controversy that has raised the ire of white-hat hackers, the maker of the Steam online game platform said on Thursday it made a mistake when it turned away a researcher who recently reported two separate vulnerabilities.

Facebook Adds Instagram to Data Abuse Bug Bounty Program

www.infosecurity-magazine.com/news/facebook-adds-instagram-data-abuse/ Facebook has announced an expansion to its bug bounty program covering third-party apps that abuse user data, to include the Instagram ecosystem.

Moscow’s blockchain voting system cracked a month before election

www.zdnet.com/article/moscows-blockchain-voting-system-cracked-a-month-before-election/ French researcher nets $15,000 prize for finding bugs in Moscow’s Ethereum-based voting system.

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

krebsonsecurity.com/2019/08/breach-at-hy-vee-supermarket-chain-tied-to-sale-of-5m-stolen-credit-debit-cards/ More than 5.3 million new accounts belonging to cardholders from 35 U.S. states.

Employees connect nuclear plant to the internet so they can mine cryptocurrency

www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/ The Ukrainian Secret Service is investigating the incident as a

Why Deepfake Audio Technology Is a Real Threat to Enterprise Security

securityintelligence.com/articles/why-deepfake-audio-technology-is-a-real-threat-to-enterprise-security/ Symantec has reported three successful audio attacks on private companies that involved a call from the “CEO” to a senior financial officer requesting an urgent money transfer.


www.wired.com/story/cyberwar-guide/ So far, theres no clearly documented case of a cyberwar attack directly causing loss of life. But a single cyberwar attack has already caused as much as $10 billion dollars in economic damage. Cyberwar has been used to terrorize individual companies and temporarily render entire governments comatose

80 suspects arrested in massive business email scam takedown

www.zdnet.com/article/80-suspects-arrested-in-massive-business-email-scam-takedown/ Police say the mainly-Nigerian network was responsible for the attempted theft of $46 million.

Aviation Faces Increasing Cybersecurity Scrutiny

www.darkreading.com/risk/aviation-faces-increasing-cybersecurity-scrutiny/d/d-id/1335610 Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.. The goal of this hands-on station part of the inaugural Aviation Village at DEF CON 27 earlier this month in Las Vegas was to give white-hat hackers a rare opportunity to learn how on-board airplane electronic devices operate and communicate.

Qualys Launches Free App for IT Asset Discovery and Inventory [VIDEO]

www.darkreading.com/qualys-launches-free-app-for-it-asset-discovery-and-inventory/v/d-id/1335625 Qualys’s Chairman and CEO, Philippe Courtot talks about changes in the security landscape he’s witnessed during the company’s 20-year lifespan, as well as what motivated the vendor to give away its Global IT Asset Discovery and Inventory app for free.

MS: Enabling MFA can prevent 99.9 percent of attacks on your accounts


The first Lightning security key for iPhones is here, and it works with USB-C, too

www.theverge.com/2019/8/20/20813129/yubico-first-security-key-for-iphones-works-with-usb-c-google-titan-ios-ipad-pro-1password-lastpass Today, Yubico is releasing the $70 YubiKey 5Ci, the first security key that can plug into your iPhones Lightning port or a USB-C port, and its compatible with popular password vaults LastPass and 1Password out of the box.

VMware buys Carbon Black and Pivotal, valued together at $4.8 billion

www.cnbc.com/2019/08/22/vmware-earnings-q2-2020-acquires-carbon-black-pivotal.html VMware is acquiring Carbon Black, a cybersecurity company that went public in 2018, the companies announce as part of VMware’s quarterly earnings report.

According to FBI report on 2018 cyber crime, Alaska most targeted per capita.

www.infosecurity-magazine.com/news/the-most-scammed-state-in-america/ With more than $450 million stolen, sunny California lost more money than any other state, but at 21.67 victims per 10,000 residents, Alaska had the highest per capita victim count.. Across the state, the total number of people targeted by cyber-thieves was 1,606, based on the number of complaints received. Overall, the state’s total losses in 2018 from internet scams was a painful $3.62 million. . Original report [PDF] – pdf.ic3.gov/2018_IC3Report.pdf

Over a Third of Firms Have Suffered a Cloud Attack

www.infosecurity-magazine.com/news/over-third-firms-have-suffered/ The cyber-assessment vendor interviewed 300 attendees at this years Infosecurity Europe show in London in June. It found that while 37% admitted suffering a cloud attack, over a quarter (27%) said they dont know how quickly they could tell if their cloud data has been compromised.. Also: 11% claimed they never run any kind of testing in the cloud, while nearly a fifth (19%) said they only do so annually.

Visa Announces New Payment Security Services to Prevent Fraud

www.infosecurity-magazine.com/news/visa-announces-new-payment/ Business and financial institutions received a helping hand today when Visa announced a suite of new industry-first payment security services and capabilities to prevent and disrupt payment fraud. The new capabilities are available to Visa clients at no additional cost or signup.

Mastercard Reports Data Breach to German and Belgian DPAs

www.bleepingcomputer.com/news/security/mastercard-reports-data-breach-to-german-and-belgian-dpas/ Customer data from the company’s Priceless Specials loyalty program was made available on the Internet, with customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth being included in the leaked info.

Should Companies Block Newly Registered Domains?

www.infosecurity-magazine.com/news/should-companies-block-newly/ A 2018 study by Farsight Security found that on average, 9.3% of NRDs died in their first seven days, with a median lifetime of just four hours and 16 minutes. The study concluded that the vast majority of these short-lived NRDs were used for cybercrime.. Study [PDF] –


Hong Kong protesters warn of Telegram feature that can disclose their identities

www.zdnet.com/article/hong-kong-protesters-warn-of-telegram-feature-that-can-disclose-their-identities/ Hong Kong software engineers say the discovered issue can allow a threat actor, such as Chinese law enforcement or intelligence services, to obtain the phone numbers users utilized to register a Telegram account, which authorities can then track down to protesters’ real-world identities.. Hong Kong users have started sharing a message on a popular local forum about what they called a bug in the Telegram app that can allow a threat actor to unmask their phone number, even when this setting is on “Nobody.”

Lenovo High-Severity Bug Found in Pre-Installed Software

threatpost.com/bug-found-in-pre-installed-software/147657/ A vulnerability reported in Lenovo Solution Center version 03.12.003,

US GOV: FISMA Annual Report to Congress

www.us-cert.gov/ncas/current-activity/2019/08/23/fisma-annual-report-congress The report highlights government-wide cybersecurity programs and initiatives, and agencies progress to enhance federal cybersecurity over the past year and into the future. Notably, in FY 2018, agencies reported 31,107 incidents, a 12 percent decrease from FY 2017.

Attacking Microsoft SQL Servers with malicious jobs


You might be interested in …

Daily NCSC-FI news followup 2021-05-03

Pulse Secure fixes VPN zero-day used to hack high-value targets www.bleepingcomputer.com/news/security/pulse-secure-fixes-vpn-zero-day-used-to-hack-high-value-targets/ Apple releases fixes for three WebKit zero-days, additional patches for a fourth therecord.media/apple-releases-fixes-for-three-webkit-zero-days-additional-patches-for-a-fourth/ Spam and phishing in Q1 2021 securelist.com/spam-and-phishing-in-q1-2021/102018/ Several instances of scammers using the COVID-19 pandemic as a lure. See article for screenshots of the phishing campaigns. Spearphishing Attack Uses COVID-21 Lure […]

Read More

Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.” Australian government warns of possible ransomware attacks on health sector www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 […]

Read More

Daily NCSC-FI news followup 2019-12-31

Ghosts in the Clouds: Inside Chinas Major Corporate Hack www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc. Tieto Oyj, a major Finnish […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.