Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks

blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more than 5,000 packets within 60 seconds, causing a serious impact on a victims network.

Puolustusministeri Kaikkonen varoittaa kyber-alarmismista

www.hs.fi/kotimaa/art-2000006303786.html PUOLUSTUSMINISTERI Antti Kaikkonen (kesk) kehottaa välttämään kyber-alarmismia eli jatkuvaa julkisuudessa esitettävää uhkakuvien maalailua. Hänen mukaansa kokemukset valtioiden turvallisuutta merkittävästi heikentäneistä kyberhyökkäyksistä ovat vähäiset.. Myös

yle.fi/uutiset/3-11062431 “Puolustusvoimissa panostetaan lähivuosina rahaa ja henkilöstöä kybersodankäynnin tuomien uusien turvallisuusuhkien torjumiseen.

Apple Mail Stores Encrypted Emails in Plain Text Database, fix included!

medium.com/@boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4 The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware

www.theregister.co.uk/2019/11/11/dharma_decryption_promises_data_recovery/ Australian biz Fast Data Recovery boasted that it is capable of decrypting Dharma, which data recovery biz Coveware’s chief exec Bill Siegel described as implying “they have tools and computing power beyond that of the NSA”.

DDoS attacks in Q3 2019

securelist.com/ddos-report-q3-2019/94958/ This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out by spoofing the return IP address through the . WS-Discovery multicast protocol. . Also

www.theregister.co.uk/2019/11/11/kids_blamed_for_ddos_spike_in_september/

Vulnerable Versions of Adminer as a Universal Infection Vector

blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html This past week, weve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.

He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers

www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600 Security researchers agree that for most people, adding text-message authentication is a big step up from only using a password, but that can leave you open to a relatively new [?] attack called SIM swapping

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. 4, and the second Oct. 22. That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online.

Laaja sähkö- tai telekatko saisi Suomen polvilleen

www.hs.fi/mielipide/art-2000006303366.html Euroopan unionin lainsäädännön mukaisesti Suomessakin on jo joulukuussa 2022 pystyttävä pitämään yllä sähkönpalauttamiseen tarvittavia kriittisiä tietoliikenneyhteyksiä 24 tuntia, vaikka sähkönjakelu ei toimisikaan. Tämä vaatimus on ehdottomasti myös Suomen edun mukainen.

You might be interested in …

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/ Zoom reverses course to kill off Mac local web server www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more. New FinSpy iOS and Android implants revealed ITW securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is […]

Read More

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.