Daily NCSC-FI news followup 2019-11-02

Yhdysvallat tutkii TikTok-videosovellusta “Se on vastavakoilu-uhka”

yle.fi/uutiset/3-11048631 Yhdysvaltalaissenaattorien mukaan yrityst voitaisiin pakottaa jakamaan tietoja kiinalaisten tiedusteluelinten kanssa. Yhdysvaltain hallinto on alkanut tutkia kiinalaisomisteista TikTok-videosovellusta, kertoi New York Times (siirryt toiseen palveluun)perjantaina. Tutkinnan on mr selvitt, onko sovellus lhettnyt tietoja Kiinaan, kertoo lehti nimettmiin lhteisiin viitaten. Yhdysvaltalaissenaattorit ovat vaatineet selvityst sovelluksesta jo viime kuussa. TikTok on erityisesti nuorison suosima sovellus, jolla on arviolta 500 miljoonaa kyttj ympri maailman. Sovelluksessa kyttjt voivat jakaa itsetehtyj videoita, joilla kyttjt tavallisesti huulisynkkaavat taustalla soivan kappaleen tahtiin. Yrityksen tietokeskukset sijaitsevat Kiinan ulkopuolella, eik sovelluksen data ole yrityksen mukaan Kiinan lakien alaisuudessa. CFIUS-arviointeja koordinoiva Yhdysvaltain valtiovarainministeri kertoi, ettei se voi kommentoida sit, onko tutkinta tekeill vaiko ei. Ministerin edustajan mukaan laki est CFIUS:n tietojen julkistamisen. Lue mys:


US MS-ISAC Releases the October List of End of Support Software

www.bleepingcomputer.com/news/software/us-ms-isac-releases-the-october-list-of-end-of-support-software/ The Multi-State Information Sharing and Analysis Center (MS-ISAC) of the Center for Internet Security has a released the October 2019 list of of software that is currently in or nearing end of support. When software has reached end of support (EoS), it means the developers will no longer release fixes for any bugs that are found in the software. This includes fixes for security vulnerabilities that may be discovered. If you are using a listed product, it is strongly advised that you update your software to a supported version as soon as possible. More info:

www.cisecurity.org/wp-content/uploads/2019/10/EOS-Report-October.pdf and


Office 365 Phishing Campaign Baits Employees with Pay Raises

www.bleepingcomputer.com/news/security/office-365-phishing-campaign-baits-employees-with-pay-raises/ Pay raises were used by scammers to bait employees in a recent phishing campaign that tried to trick them into handing out their Microsoft Office 365 account credentials. The attackers posed as their targets’ Human Resources department and asked them to open an Excel spreadsheet with a salary-increase-sheet-November-2019.xls filename hosted online and supposedly containing a list of salary increases. “The threat actor attempts to make the email appear to come from the target company by manipulating the ‘from’ field in the headers, ” researchers at the Cofense Phishing Defense Center (PDC) found. Another phishing campaign from August used landing pages that cloned Microsoft 365 tenant login pages and were customized for each target by dynamically inserting automatically scraped company-branded backgrounds and banners.

Russia’s new ‘disconnect from the internet’ law is actually about surveillance

www.zdnet.com/article/russias-new-disconnect-from-the-internet-law-is-actually-about-surveillance/ Russia’s slowly building its own Great Firewall model, centralizing internet traffic through government servers. Today, a new “internet sovereignty” law entered into effect in Russia, a law that grants the government the ability to disconnect the entire country from the global internet. In order to achieve these goals, the law mandates that all local ISPs route traffic through special servers managed by the Roskomnadzor, the country’s telecoms regulator. More info:


Android bug lets hackers plant malware via NFC beaming

www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/ All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019. Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning. The CVE-2019-2114 bug resided in the fact that the Android Beam app was also whitelisted, receiving the same level of trust as the official Play Store app. The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources.

Office for Mac Users Warned of Malicious SYLK Files

threatpost.com/office-for-mac-malicious-sylk-files/149823/ Researchers warn XML macros embedded in SYLK files can sidestep Microsoft Office for Mac protections. Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the disable all macros without notification is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning comes from United States Computer Emergency Readiness Team (US-CERT), which said that symbolic link (SYLK) files can contain dangerous Extensible Markup Language (XML) macros. XML macros can be incorporated into SYLK files, wrote CERT on Friday. Macros in the SYLK format are problematic in that Microsoft Office does not open in Protected View to help protect users. See also: kb.cert.org/vuls/id/125336/

The DNA database used to find the Golden State Killer is a national security leak waiting to happen

www.technologyreview.com/s/614642/dna-database-gedmatch-golden-state-killer-security-risk-hack/ Heres how spies could use a crowdsourced genetic ancestry service to compromise your privacyeven if youre not a member. A private DNA ancestry database thats been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing peoples genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who dont choose to share their own information. You can replace your credit card number, but you cant replace your genome, says Peter Ney, a postdoctoral researcher in computer science at the University of Washington.

NordVPN users passwords exposed in mass credential-stuffing attacks

arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/ Many of the dumps have been pulled off public webpages, but at least one remains. As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts. In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts. I received a list of 753 credentials on Thursday and polled a small sample of users. The passwords listed for all but one were still in use. The one user who had changed their password did so after receiving an unrequested password reset email. It would appear someone who gained unauthorized access was trying to take over the account. Several other people said their accounts had been accessed by unauthorized people

Security News This Week: Government Officials Hacked Via WhatsApp

www.wired.com/story/security-roundup-government-officials-hacked-whatsapp/ NSO Group exploits, Counter-Strike money laundering, and a Pentagon scam are among the weeks top security news

www.is.fi/digitoday/tietoturva/art-2000006293291.html Windows 10 saa lisäturvaa: Tarkista onko jo tietokoneessasi. Microsoft otti uudet keinot käyttöön Windows 10:n suojaamiseksi rikollisilta ja muilta kybermaailman pahantekijöiltä. Yhtiön mukaan käyttöjärjestelmään alettiin lokakuussa levittää laajasti uutta toimintoa nimeltä Tamper protection, suomeksi Peukaloinnin torjunta. Microsoft viittaa esimerkiksi Nodersok-haittaohjelman kaltaisiin uhkiin, jotka pyrkivät estämään Windows Defender -virustutkan toiminnan tai hämäämään epäilyttävän toiminnan seurantaa

You might be interested in …

Daily NCSC-FI news followup 2020-03-10

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide thehackernews.com/2020/03/necurs-botnet-takedown.html Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. Fingridin kumppani joutui tietomurron uhriksi Verkot ovat hyvin suojassa edelleen www.is.fi/digitoday/tietoturva/art-2000006434452.html Hyökkäys […]

Read More

Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of […]

Read More

Daily NCSC-FI news followup 2020-12-01

Introducing the protocol design principles www.ncsc.gov.uk/blog-post/introducing-the-protocol-design-principles Systems comprise many building blocks, and protocols describe how they interact. The word protocol comes from Greek: prtos first + kolla glue’, so you could say that protocols are the glue that holds the internet together. A number of observations motivated the production of the white paper. We observe […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.