Daily NCSC-FI news followup 2019-10-09

Exploring a Recent Magnitude Exploit Kit Sample

www.fortinet.com/blog/threat-research/magnitude-exploit-kit-sample-analysis.html As Internet Explorer’s share of the browser pie continues to shrink, exploit kits frameworks hosted by malicious actors to target browser vulnerabilities, particularly for IE are much less active than before. However, some of them now target geographic regions where IE owns a more sizable part of the market. Magnitude Exploit Kit is one that continues to target South Korea. At FortiGuard Labs, we discovered a sample that was using a specific technique with VBScript to load the .NET assembly from memory.

OpenDreamBox: the vulnerability that affects 32% of the worlds companies

www.pandasecurity.com/mediacenter/news/opendreambox-vulnerability/ The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack surface. One of the first examples of the kind of cyberattack that can affect IoT devices was Mirai. In 2016, this botnet managed to bring down large swaths of the Internet in the USA by carrying out a DDoS attack using IoT devices, including security cameras and smart TVs. It is estimated that this attack involved up to 150,000 infected endpoints.

Practice Social Media Safety to Protect Both Personal and Enterprise Data

securityintelligence.com/articles/practice-social-media-safety-to-protect-both-personal-and-enterprise-data/ When it comes to social media safety, users are often unaware of the ramifications of their online posts. Many dont realize they may be putting their personal data and, by extension, their companys data at risk. While you may not be dealing directly with your customers, youre only one step away from your clients on some social channels, and many organizations have spent a lot of time, money and effort to create brand loyalty through those channels.

Internet pioneer Dr. Paul Vixie on global internet security

www.welivesecurity.com/2019/10/09/paul-vixie-interview-internet-security/ We sat down with internet pioneer and Farsight Security CEO Dr. Paul Vixie, who co-invented some of the services that are central to the ‘Net’s fabric, to discuss a range of issues affecting security and privacy. The contributions that Dr. Paul Vixie has made to some of the foundational technologies underpinning the internet need little by way of introduction. As one of the brains behind the Domain Name System (DNS) architecture and an inventor of anti-spam measures, Dr. Vixie is an authoritative voice on a range of matters that concern the global internet.

Intimate Details on Healthcare Workers Exposed as Cloud Security Lags

threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/ Ponemon survey data shows that only a third of IT staff say they take a security-first approach to data storage in the cloud. Yet another non-password protected cloud database has come to light, this time exposing a raft of highly personal information on healthcare workers and traveling nurses including drug tests and arrest records. The incident showcases the unfortunate reality that cloud data security remains a persistent challenge for businesses of all kinds.

Two steps you should take to protect your network from hackers

www.zdnet.com/article/two-steps-you-should-take-to-protect-your-network-from-hackers/ Taking these two steps can tighten security significantly, according to a former chief of MI6. A former director of the UK’s secret intelligence service has offered advice on what organisations can do to help stay protected against cyber attacks. Speaking at the Digital Transformation Expo Europe in London, ex-MI6 chief John Sawers touched on the various threats facing the UK and other countries right now, including cyber attacks by and espionage by both criminals and nation states but told the audience there are some key things which can be done to help organisations and their employees from becoming victims.

Twitter käytti käyttäjien tietoturvansa lisäämiseksi antamia puhelinnumeroita mainosten kohdentamiseen

www.is.fi/digitoday/tietoturva/art-2000006266932.html Lyhytviestipalvelu Twitter myöntää käyttäneensä käyttäjien kaksivaiheista tunnistusta varten luovuttamia puhelinnumeroita ja sähköpostiosoitteita kohdennettujen mainosten esittämiseen. Yhtiön tukiartikkelin mukaan teko ei ollut tahallinen, eikä asiasta kärsineiden käyttäjien määrää tiedetä.

Tietoturva-asiantuntija: Sinun ei tarvitse puhua totta internetissä

yle.fi/uutiset/3-11010052 Henkilökohtaiset tiedot pitää mieltää valuutaksi, jonka jakamisessa on syytä olla tarkkana. Kun otat uuden verkkopalvelun tai sovelluksen käyttöösi, ruudulle ilmestyy usein lomake täytettäväksi. Tavallisesti siinä pyydetään kertomaan nimen lisäksi syntymäaika, kotiosoite, puhelinnumero ja sähköpostiosoite. Usein ihminen kirjaa nämä tiedot täsmällisesti sen enempää asiaa ajattelematta. Ei kannattaisi, sanoo tietoturva-asiantuntija Rik Ferguson.

Aalto-yliopisto opettaa sosiaalisen median pimeästä puolesta avoin verkkokurssi puhkoo kuplia

www.tivi.fi/uutiset/tv/5099d657-af85-4a27-a273-dd26286ee37a Aalto-yliopisto on julkaissut kaikille avoimen verkkokurssin sosiaalisen median ilmiöistä. Kurssi perustuu viime keväänä järjestettyyn Sosiaalisen median ilmiöt -luentosarjaan, jossa kuusi asiantuntijaa pureutui sosiaalisen median ilmiöihin eri näkökulmista. Luennoilla käsiteltiin muun muassa ratkaisuja somessa tapahtuvaan uhkailuun ja kiusaamiseen, someriippuvuutta, valeuutisia ja sosiaalisen median kuplia.

New Microsoft NTLM Flaws May Allow Full Domain Compromise

www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/ Two security vulnerabilities in Microsoft’s NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise. Microsoft patched the two NTLM flaws and issued security advisories as part of the Patch Tuesday security updates issued yesterday after Preempts disclosure.

A Controversial Plan to Encrypt More of the Internet

www.wired.com/story/dns-over-https-encrypted-web/ The road to routing all Domain Name System lookups through HTTPS is pocked with disagreements over just how much it will help. The security community generally agrees on the importance of encrypting private data: Add a passcode to your smartphone. Use a secure messaging app like Signal. Adopt HTTPS web encryption. But a new movement to encrypt a fundamental internet mechanism, promoted by browser heavyweights like Google Chrome and Mozilla’s Firefox, has sparked a heated controversy.

Utilities’ Operational Networks Continue to Be Vulnerable

www.darkreading.com/security-management/utilities-operational-networks-continue-to-be-vulnerable/d/d-id/1336035 More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds. A large proportion of the utility companies responsible for power generation, water supply, and other critical civil functions are unprepared for a cyberattack on the operational side of their business, despite more than half of utility professionals expecting an attack on critical infrastructure in the next year, according to a report published on October 7.

C is for Credit Card: MageCart Hits Volusion E-Commerce Sites

www.bleepingcomputer.com/news/security/c-is-for-credit-card-magecart-hits-volusion-e-commerce-sites/ Hackers compromised the infrastructure of Volusion cloud-based e-commerce platform to inject customer checkout pages with malicious JavaScript code that steals payment card data. The attackers added code for dynamic injection of the card data thieving script to a JavaScript that is part of the Volusion e-commerce software. Thousands of websites are likely loading the attackers’ script and sending payment information to their server. Some may have been compromised as early as September 12.

Patch Tuesday Lowdown, October 2019 Edition

krebsonsecurity.com/2019/10/patch-tuesday-lowdown-october-2019-edition/ On Tuesday Microsoft issued software updates to fix almost five dozen security problems in Windows and software designed to run on top of it. By most accounts, its a relatively light patch batch this month. Heres a look at the highlights.

Government interference in Australia’s premier cybersecurity conference is a worry

www.zdnet.com/article/government-interference-in-australias-premier-cybersecurity-conference-is-a-worry/ Two ‘incongruent’ speakers were dumped from Australia’s CyberCon. And bizarrely, the media was barred from covering a session explaining a public consultation process. It seemed like a good idea at the time. Roll the government’s Australian Cyber Security Centre (ACSC) conference into the professional Australian Information Security Association (AISA) conference to create a great, big, mega cyber-conference. But from day one, it’s looked like this might not have been such a good idea after all.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.