Daily NCSC-FI news followup 2019-09-12

1B Mobile Users Vulnerable to Ongoing SimJacker Surveillance Attack

threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surveillance-attack/148277/ More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn.. Also:

www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/. Report: simjacker.com/

New Clues Show How Russias Grid Hackers Aimed for Physical Destruction

www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage.. In an insidious twist in the Ukrenergo case, Russia’s hackers apparently intended to trigger that destruction not at the time of the blackout itself but when grid operators turned the power back on, using the utility’s own recovery efforts against them.

Iranian Hackers Hit Over 60 Universities to Get Library Access

www.bleepingcomputer.com/news/security/iranian-hackers-hit-over-60-universities-to-get-library-access/ Cobalt Dickens, a threat actor associated with the Iranian government, ran a phishing operation in July and August that targeted more than 60 universities in countries on four continents.. Also:

threatpost.com/library-themed-university-phish-expands/148288/. Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks.

New WiryJMPer Dropper Hides Netwire RAT Payloads in Plain Sight

www.bleepingcomputer.com/news/security/new-wiryjmper-dropper-hides-netwire-rat-payloads-in-plain-sight/ A new malware dropper was observed while infecting computers with a Netwire malicious payload hidden between two benign binaries and using obfuscation to fly under the radar of most anti-malware solutions.

Infamous surveillance tech vendor makes pledge to follow UN human rights policy

www.zdnet.com/article/surveillance-tech-vendor-makes-pledge-to-follow-un-human-rights-policy/ Facing legal assault, NSO Group pledges to fight customers abusing its tools to spy on innocents, political opponents.

Tenable wants to see the end of the ‘nation-state attacked us’ excuse

www.zdnet.com/article/tenable-wants-to-see-the-end-of-the-nation-state-attacked-us-excuse/ The “nation-state attacked us” excuse, according to Tenable chairman and CEO Amit Yoran, is not a valid excuse for having a weak system be compromised.

Google discloses vulnerability in Chrome OS ‘built-in security key’ feature

www.zdnet.com/article/google-discloses-vulnerability-in-chrome-os-built-in-security-key-feature/ Security issue fixed in late June, with the release of Chrome OS 75. Additional remediation steps below.

Ransomware attacks: Weak passwords are now your biggest risk

www.zdnet.com/article/ransomware-attacks-weak-passwords-are-now-your-biggest-risk/ Researchers at F-Secure analysed attacks over the course of six months and found that brute force attacks are now the preferred means of spreading ransomware – but phishing emails remain popular.

APIs Get Their Own Top 10 Security List

www.darkreading.com/application-security/apis-get-their-own-top-10-security-list/d/d-id/1335786 OWASP’s new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.

August 2019s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices

blog.checkpoint.com/2019/09/12/august-2019s-most-wanted-malware-echobot-launches-widespread-attack-against-iot-devices/ In August, the research team saw an increase in a new variant of the Mirai IoT Botnet, Echobot, which has launched widespread attacks against a range of IoT devices. First seen in May 2019, Echobot has exploited over 50 different vulnerabilities, causing a sharp rise in the Command Injection Over HTTP vulnerability which has impacted 34% of organizations globally.

Kiina vakoilee verkossa Huaweita ei rajoiteta Suomessa, vaikka lännessä moni epäilee telejättiä

www.ulkopolitiikka.fi/lehti/3-2019/kiina-vakoilee-verkossa-huaweita-ei-rajoiteta-suomessa-vaikka-lannessa-moni-epailee-telejattia/ Kiina vakoilee, mutta toisinaan sitä on vaikea saada siitä kiinni. Tapaus Huawei jakaa mielipiteitä lännessä.

You might be interested in …

Daily NCSC-FI news followup 2019-11-03

BlueKeep attacks are happening, but it’s not a worm www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/ Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last […]

Read More

Daily NCSC-FI news followup 2021-04-02

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. FBI and CISA warn of […]

Read More

Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also: www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html Docker Hub images downloaded 20M times […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.