Daily NCSC-FI news followup 2019-10-30

Major vulnerability patched in the EU’s eIDAS authentication system

www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/ Vulnerability would have allowed attackers to pose as any EU citizen or business. SEC Consult researchers said they found that current versions of the eIDAS-Node package fail to validate certificates used in eIDAS operations, allowing attackers to fake the certificate of any other eIDAS citizen or business.. Also:


Takeaways from the $566M BriansClub breach

krebsonsecurity.com/2019/10/takeaways-from-the-566m-briansclub-breach/ Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the worlds largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.

Are Cybercriminals Winning the Mainframe Security Cat-and-Mouse Game?

securityintelligence.com/posts/are-cybercriminals-winning-the-mainframe-security-cat-and-mouse-game/ Just as mainframes are seeing a resurgence in usage, a recent poll revealed that multiple factors are converging to make it harder to secure the mission-critical data they contain and, increasingly, share with cloud-based systems and applications. Respondents cited new types of attacks as a top challenge and indicated that simple security measures are not yet widely adopted.

New Targeted Attack On Taiwanese Government & Tibetan Activists Open Up a Can Of Worms – GrayPigeon, Hangame & Shiqiang gang

www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html We observed new targeted attacks targeting various personnel with pro-Tibetan views. The targets? Weve seen targets at various branches of the Taiwanese government as well as a professor at the Central University Of Tibetan Studies in India.

MS-ISAC Releases EOS Software Report List

www.us-cert.gov/ncas/current-activity/2019/10/30/ms-isac-releases-eos-software-report-list The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an end-of-support (EOS) software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and is, therefore, susceptible to exploitation from security vulnerabilities.

Are we winning or losing the patch management battle?

www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/are-we-winning-or-losing-the-patch-management-battle/ A recent research publication from Kenna Security (Prioritization to Prediction Vol. 3) paints a very sorry picture of patch management at 300 sampled organizations. This grim data raises the question: should we abandon patch management as an accepted IT security control altogether?

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

thehackernews.com/2019/10/whatsapp-nso-group-malware.html Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service.. Also:



Insurance Pays Out a Sliver of Norsk Hydros Cyberattack Damages

threatpost.com/insurance-pays-norsk-hydro-cyberattack-damages/149707/ The company received $3.6 million in cyber insurance out of $71 million incurred in damages after a massive March cyberattack. On the heels of a severe cyberattack attack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and send several more into manual mode.

Confirmed: North Korean malware found on Indian nuclear plant’s network

www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/ Two days after rumors of a malware infection at the Kudankulam Nuclear Power Plant surfaced on Twitter, the plant’s parent company confirms the security breach. The network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today.. Also:


Ubisoft reports 93% drop in DDoS attacks after pushing back against attackers

www.zdnet.com/article/ubisoft-reports-93-drop-in-ddos-attacks-after-pushing-back-against-attackers/ Ubisoft said it sent cease-and-desist letters to DDoS service providers, filed complaints against offending players. Ubisoft said it recorded a 93% drop in the frequency of DDoS attacks aimed at Rainbox Six Siege (R6S) servers after the company started sending legal threats to DDoS-for-hire services and abusive players as part of a larger set of countermeasures the company announced last month.

Microsoft Users Hit with Phishing Kits Hosted on Thousands of Domains

www.bleepingcomputer.com/news/security/microsoft-users-hit-with-phishing-kits-hosted-on-thousands-of-domains/ Microsoft’s users were the most targeted by phishing campaigns among the top targeted brands with attackers using thousands of domains specifically registered to be used for harvesting credentials from their targets. 6,035 domains were used to host 120 phishing kit variants according to Akamais 2019 State of the Internet / Security Report, with users and employees of high tech companies being the ones most attacked.

World’s First Domain Registrar Network Solutions Discloses Breach

www.bleepingcomputer.com/news/security/worlds-first-domain-registrar-network-solutions-discloses-breach/ World’s first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company’s computing systems without authorization and potentially access some customers’ personally identifiable information (PII).

21 Million Logins for Top 500 Firms Offered on the Dark Web

www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/ A little over 21 million login credentials stolen from Fortune 500 companies have been found in various places on the dark web, many of them already cracked and available in plaintext form. The information was compiled by crawling multiple resources, like markets in the Tor network, web forums, Pastebin, IRC channels, social networks, and messenger chats.

Murky Details Surround Bed, Bath and Beyond Breach

threatpost.com/murky-details-bed-bath-beyond-breach/149691/ Housewares and home furnishings purveyor Bed, Bath and Beyond has disclosed a data-thieving cyber attack that allowed the adversaries to access customers online accounts. According to a Tuesday SEC filing, the company discovered that a third party acquired email and password information from a source outside of the companys systems which was used to access customers online accounts.. Also:


Remote Access Trojans

blogs.cisco.com/security/remote-access-trojans Youre working for a high-profile technology company, close to releasing a market-changing product to the public. Its a highly contested space, with many competitors, both domestic and international. Theres also a lot of buzz in the media and online speculation on the scope and impact your new product will have. And it goes without question that customers are keen to know more about the upcoming game-changer.

You might be interested in …

Daily NCSC-FI news followup 2019-08-23

Fortinet SSL VPN vulnerability from May 2019 being exploited in wild opensecurity.global/forums/topic/181-fortinet-ssl-vpn-vulnerability-from-may-2019-being-exploited-in-wild/ CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it’s a bad vulnerability.. Also: https://twitter.com/GossiTheDog/status/1164536461665996800. Original security advisory (2019-05-24) fortiguard.com/psirt/FG-IR-18-384 Cisco Warns of Public Exploit Code for Critical Switch Flaws www.bleepingcomputer.com/news/security/cisco-warns-of-public-exploit-code-for-critical-switch-flaws/ Cisco […]

Read More

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Daily NCSC-FI news followup 2021-03-17

Supon tutkija A-studiossa: Etätyö lisännyt verkkovakoilua “Kaikkia tietoturvaratkaisuja ei ole mietitty ihan täydellisesti” yle.fi/uutiset/3-11840467 Suojelupoliisin mukaan ulkomaiset tiedustelupalvelut ovat lisänneet verkossa tapahtuvaa vakoilua pandemian aikana. Supon erikoistutkijan Veli-Pekka Kivimäen mukaan kohteiden määrä verkossa on lisääntynyt muun muassa etätyön myötä. – Kaikkia tietoturvaratkaisuja ei ole välttämättä mietitty ihan täydellisesti, kun toimintoja on siirretty etätyöhön, Kivimäki sanoi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.