Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika

www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi.

Detecting and Preventing Emotet 2019 Campaign

media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the known Command-and-Control (CnC) servers started responding again. . ince September 16th, 2019, CERT-EU has been observing new phishing campaigns. To detect and prevent infection, CERT-EU analysed the behavior of those new versions of Emotet and hereby provides some recommendations for the SOC teams.

New Critical Exim Flaw Exposes Email Servers to Remote Attacks Patch Released

thehackernews.com/2019/09/exim-email-security-vulnerability.html A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.

Malvertiser exploited two browser bugs to show over one billion malicious ads

www.zdnet.com/article/malvertiser-exploited-two-browser-bugs-to-show-over-one-billion-malicious-ads/ Over the past six months, a criminal group specialized in showing malicious ads (malvertising) has used two obscure browser bugs to bypass browser security protections and successfully show intrusive popup ads and redirect users to malicious sites.

New PDFex attack can exfiltrate data from encrypted PDF files

www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/ German academics have developed a new attack that can extract and steal data from encrypted PDF files, sometimes without user interaction. Named PDFex, the new attack comes in two variations and was successfully tested against 27 desktop and web PDF viewers.

Daily NCSC-FI news followup 2020-08-21

Outlook mail issues phishing dont fall for this scam! nakedsecurity.sophos.com/2020/08/21/outlook-mail-issues-phishing-dont-fall-for-this-scam/ Heres a phish that our own security team received themselves. Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought […]

Daily NCSC-FI news followup 2020-01-13

Citrix ADC Exploits: Overview of Observed Payloads isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/ Now that there are public exploits for Citrix ADC, we are seeing many attacks and are observing various payloads. For the moment, after normalization, we observed 37 different payloads Who else works for this cover company network? intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network/ In our previous articles we identified a network of […]

Daily NCSC-FI news followup 2020-04-24

New Training: on orchestration of CSIRT Tools www.enisa.europa.eu/news/enisa-news/csirt-training-tools-new-orchestration The EU agency for Cybersecurity introduces new training materials to support Member States’ CSIRTs. ENISA puts great effort into supporting the development of EU Member States’ national incident response preparedness. To that purpose, ENISA updated its CSIRT training material aimed at improving the skills of CSIRT teams. […]