Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika

www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi.

Detecting and Preventing Emotet 2019 Campaign

media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the known Command-and-Control (CnC) servers started responding again. . ince September 16th, 2019, CERT-EU has been observing new phishing campaigns. To detect and prevent infection, CERT-EU analysed the behavior of those new versions of Emotet and hereby provides some recommendations for the SOC teams.

New Critical Exim Flaw Exposes Email Servers to Remote Attacks Patch Released

thehackernews.com/2019/09/exim-email-security-vulnerability.html A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.

Malvertiser exploited two browser bugs to show over one billion malicious ads

www.zdnet.com/article/malvertiser-exploited-two-browser-bugs-to-show-over-one-billion-malicious-ads/ Over the past six months, a criminal group specialized in showing malicious ads (malvertising) has used two obscure browser bugs to bypass browser security protections and successfully show intrusive popup ads and redirect users to malicious sites.

New PDFex attack can exfiltrate data from encrypted PDF files

www.zdnet.com/article/new-pdfex-attack-can-exfiltrate-data-from-encrypted-pdf-files/ German academics have developed a new attack that can extract and steal data from encrypted PDF files, sometimes without user interaction. Named PDFex, the new attack comes in two variations and was successfully tested against 27 desktop and web PDF viewers.

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Daily NCSC-FI news followup 2022-01-22

Cyber threat bulletin: Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity cyber.gc.ca/en/guidance/cyber-threat-bulletin-cyber-centre-urges-canadian-critical-infrastructure-operators-raise The Canadian Centre for Cyber Security encourages the Canadian cybersecurity communityespecially critical infrastructure network defendersto bolster their awareness of and protection against Russian state-sponsored cyber threats. The Cyber Centre joins our partners […]

Daily NCSC-FI news followup 2019-07-21

Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’ www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#56b83da66b11 Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSBRussia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and […]