Daily NCSC-FI news followup 2019-09-25

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums

www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to hijack servers. No patch is known to be available.. Read also:

www.zdnet.com/article/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites/,

seclists.org/fulldisclosure/2019/Sep/31 and

thehackernews.com/2019/09/vbulletin-zero-day-exploit.html

GandCrab Operators Resurface with REvile Malware

threatpost.com/gandcrab-operators-resurface-revile-malware/148631/ The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware indicating that the group didnt really retire after all.. According to a technical analysis of REvil, CTU researchers found that the string decoding functions employed by REvil and GandCrab are nearly identical.

[Maksumuurin takana] Vieraskolumni: Mainiot hupparimiehet virtuaalikoneissaan

www.tivi.fi/uutiset/tv/e9d7c55d-4295-4eb8-9818-23abf046fa7d Kyberhyökkäys sekoitti järjestelmät. Tietomurto kotimaisessa verkkokaupassa. Poliisi varoittaa haittaohjelmasta. Tietojenkalastelu edelleen aktiivista. Varo tätä, pelkää tuota, suojaudu näin.

Apple to Fix iOS Bug Granting Full Access to 3rd Party Keyboards

www.bleepingcomputer.com/news/security/apple-to-fix-ios-bug-granting-full-access-to-3rd-party-keyboards/ After releasing iOS 13.1 to fix a long list of bugs left unpatched in iOS 13, Apple says in a support document published today that an issue is impacting third-party iOS 13 and iPadOS keyboard extensions.

Alert AL19-201 -TFlower Ransomware Campaign

cyber.gc.ca/en/alerts/tflower-ransomware-campaign On 30 July 2019 a new variant of ransomware named TFlower was discovered. The Cyber Centre has become aware of this ransomware recently affecting the Canadian public.

The Criticality of the Network in Securing IoT and Critical Infrastructure

blogs.cisco.com/security/the-criticality-of-the-network-in-securing-iot-and-critical-infrastructure Security is the key to the success of any digital project, whether you are connecting critical infrastructure, industrial Internet of Things (IoT), or delivering data and telemetry to reduce costs and increase revenue. We have long advocated the need for a holistic approach to IoT security, and with it, shared the vital role the network plays in embedding security. To further demonstrate the networks role, lets explore how it can help us tackle a series of IoT-related security challenges.

Adobe Fixes Critical Security Vulnerabilities in Coldfusion

www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-coldfusion/ Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. Read also:

helpx.adobe.com/security/products/coldfusion/apsb19-47.html

Varo Netflixin nimissä tehtävää huijausta voi osua erityisen vaikeaan aikaan [koska pankkitunnistautumisessa on muutoksia]

www.is.fi/digitoday/tietoturva/art-2000006250406.html Netflixin muistutukselta näyttävät huijausviestit saattavat harhauttaa varovaisiakin katsojia. Netflixin käyttäjiltä on yritetty huijata pankkitunnuksia pettävän aidon näköisten viestien ja verkkosivujen kautta. Huijaus osuu myös erityisen arkaan aikaan, kun pankkitunnistautumisissa on muutenkin meneillään suuria muutoksia. Tietoturvayhtiö MailGuardin havaitsema huijaus alkaa englanninkielisellä sähköpostilla, jonka aiheena on Your Netflix subscription has been cancelled, eli vastaanottajalle uskotellaan, että hänen Netflix-tilauksensa on suljettu. Lue myös:

www.mailguard.com.au/blog/phishing-email-brandjacks-netflix-claims-users-subscriptions-are-canceled

Cybersecurity: Why you should hire staff from firms which have fallen victim to hackers

www.zdnet.com/article/cybersecurity-why-you-should-hire-staff-from-firms-which-have-fallen-victim-to-hackers/ It used to be the case that staff who’d dealt with the fallout of a cyber attack were seen as having failed – but they could be the answer to protecting your organisation from data breaches and cyber incidents. Companies which fall victim to cyber attacks and data breaches often come in for criticism, but one the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who’ve faced a major attack.

Leading Magecart Group Targeting Captive Wi-Fi Users via L7 Routers

securityintelligence.com/posts/leading-magecart-group-targeting-captive-wi-fi-users-via-l7-routers/ Threat hunters from IBM X-Force Incident Response and Intelligence Services (IRIS) identified malicious activity attributed to a financially motivated cybercrime faction known as Magecart 5 (MG5). Our research revealed that MG5 is likely testing malicious code designed for injection into benign JavaScript files loaded by commercial-grade layer 7 (L7) routers. These routers are typically used by airports, casinos, hotels and resorts, to name a few. X-Force IRIS believes MG5 is currently targeting users shopping on U.S. and Chinese websites.

TrickBot or Treat Knocking on the Door and Trying to Enter

www.fortinet.com/blog/threat-research/trickbot-or-treat-threat-analysis.html? The FortiGuard SE Team discovered a particularly interesting targeted attack towards the end of August in Virus Total. The attack targeted a supplier for a distribution/logistics provider to a nation state. The email contained an attachment that appeared to have been sent by a company that manufactures and distributes electrical components and other parts, and has likely dealt at least once with the targeted organization via email. After analyzing its email headers, we were able to determine that the malicious spam legitimately came from the actual sender. We say legitimately because the malicious spam email came from the actual email account of the user, but without their knowledge or consent. The originating IP address (at the time of publication) was not blacklisted, and appears to have been leased out to a residential user of a major ISP located in the same jurisdiction as the manufacturers official place of business.

 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information.

www.us-cert.gov/ncas/current-activity/2019/09/25/apple-releases-security-updates Read also: support.apple.com/en-us/HT201222

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.