Daily NCSC-FI news followup 2019-10-17

Security researcher publishes proof-of-concept code for recent Android zero-day

www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/ Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day.

Operation Ghost: The Dukes arent back they never left

www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families. We believe Operation Ghost started in 2013 and it is still ongoing as of this writing. Our research shows that the Ministries of Foreign Affairs in at least three different countries in Europe are affected by this campaign. We have also discovered an infiltration by the Dukes at the Washington, DC embassy of a European Union country.. full report


The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History

www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/ How digital detectives unraveled the mystery of Olympic Destroyerand why the next big attack will be even harder to crack.

European Airport Systems Infected With Monero-Mining Malware

www.bleepingcomputer.com/news/security/european-airport-systems-infected-with-monero-mining-malware/ More than 50% of all computing systems at a European international airport were recently found to be infected with a Monero cryptominer linked to the Anti-CoinMiner campaign Zscaler spotted during August 2018.. see also


Trump Campaign Website Left Open to Email Server Hijack

threatpost.com/trump-campaign-website-allowed-email-hijack/149278/ A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trumps official campaign website.

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

thehackernews.com/2019/10/dark-web-child-abuse.html The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins.

When Card Shops Play Dirty, Consumers Win

krebsonsecurity.com/2019/10/when-card-shops-play-dirty-consumers-win/ Cybercrime forums have been abuzz this week over news that BriansClub one of the undergrounds largest shops for stolen credit and debit cards has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClubs longtime competitors trying to knock out a rival.

Microsoft Adds Azure AD Sign-In History to Detect Unusual Activity

www.bleepingcomputer.com/news/microsoft/microsoft-adds-azure-ad-sign-in-history-to-detect-unusual-activity/ Microsoft announced the addition of an Azure Active Directory (AD) sign-in history feature that would allow users to get an overview of past sign-ins and quickly detect any unusual login activity.

You might be interested in …

Daily NCSC-FI news followup 2021-01-03

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud threatpost.com/2021-cybersecurity-trends/162629/ Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts. After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and […]

Read More

Daily NCSC-FI news followup 2020-04-16

Linksys asks users to reset passwords after hackers hijacked home routers last month www.zdnet.com/article/linksys-asks-users-to-reset-passwords-after-hackers-hijacked-home-routers-last-month/ Linksys locks Smart WiFi cloud accounts and asks users to reset passwords after hackers hijacked routers to redirect traffic to malware sites. Continued Threat Actor Exploitation Post Pulse Secure VPN Patching www.us-cert.gov/ncas/alerts/aa20-107a This Alert provides an update to Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2021-04-27

EU selvittää väärinkäytön mahdollisuutta koronasovellusten käyttämässä rajapinnassa – Koronavilkun käyttö edelleen turvallista thl.fi/fi/-/eu-selvittaa-vaarinkayton-mahdollisuutta-koronasovellusten-kayttamassa-rajapinnassa-koronavilkun-kaytto-edelleen-turvallista- EU selvittää mahdollista tietoturva-aukkoa Android-puhelinten koronasovelluksissa, jotka hyödyntävät Googlen valmistamaa rajapintaa ja Google Play -palveluita. Toistaiseksi ei ole tullut ilmi, että rajapintaa olisi käytetty vääriin tarkoituksiin. Myös Suomessa käytössä oleva Koronavilkku-sovellus käyttää kyseistä rajapintaa. “Koronavilkkua voi edelleen käyttää turvallisesti. Tietoomme ei ole […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.