Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks

blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more than 5,000 packets within 60 seconds, causing a serious impact on a victims network.

Puolustusministeri Kaikkonen varoittaa kyber-alarmismista

www.hs.fi/kotimaa/art-2000006303786.html PUOLUSTUSMINISTERI Antti Kaikkonen (kesk) kehottaa välttämään kyber-alarmismia eli jatkuvaa julkisuudessa esitettävää uhkakuvien maalailua. Hänen mukaansa kokemukset valtioiden turvallisuutta merkittävästi heikentäneistä kyberhyökkäyksistä ovat vähäiset.. Myös

yle.fi/uutiset/3-11062431 “Puolustusvoimissa panostetaan lähivuosina rahaa ja henkilöstöä kybersodankäynnin tuomien uusien turvallisuusuhkien torjumiseen.

Apple Mail Stores Encrypted Emails in Plain Text Database, fix included!

medium.com/@boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4 The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware

www.theregister.co.uk/2019/11/11/dharma_decryption_promises_data_recovery/ Australian biz Fast Data Recovery boasted that it is capable of decrypting Dharma, which data recovery biz Coveware’s chief exec Bill Siegel described as implying “they have tools and computing power beyond that of the NSA”.

DDoS attacks in Q3 2019

securelist.com/ddos-report-q3-2019/94958/ This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out by spoofing the return IP address through the . WS-Discovery multicast protocol. . Also


Vulnerable Versions of Adminer as a Universal Infection Vector

blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html This past week, weve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.

He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers

www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600 Security researchers agree that for most people, adding text-message authentication is a big step up from only using a password, but that can leave you open to a relatively new [?] attack called SIM swapping

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. 4, and the second Oct. 22. That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online.

Laaja sähkö- tai telekatko saisi Suomen polvilleen

www.hs.fi/mielipide/art-2000006303366.html Euroopan unionin lainsäädännön mukaisesti Suomessakin on jo joulukuussa 2022 pystyttävä pitämään yllä sähkönpalauttamiseen tarvittavia kriittisiä tietoliikenneyhteyksiä 24 tuntia, vaikka sähkönjakelu ei toimisikaan. Tämä vaatimus on ehdottomasti myös Suomen edun mukainen.

You might be interested in …

Daily NCSC-FI news followup 2020-06-11

Hackers breached A1 Telekom, Austria’s largest ISP www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/ A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers. Snake Ransomware Delivers Double-Strike on Honda, Energy Co. threatpost.com/snake-ransomware-honda-energy/156462/ The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American […]

Read More

Daily NCSC-FI news followup 2020-01-07

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad www.us-cert.gov/ncas/alerts/aa20-006a The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nations critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the […]

Read More

Daily NCSC-FI news followup 2020-04-15

Pelaavatko lapset työkoneellasi? Se voi olla vakava tietoturvariski, varoittaa F-Securen Mikko Hyppönen yle.fi/uutiset/3-11293842 Tietomurron mahdollisuus kasvaa, mikäli työntekoon käytetään omia laitteita ilman kunnon suojausta. Alert (AA20-106A) – Guidance on the North Korean Cyber Threat www.us-cert.gov/ncas/alerts/aa20-106a The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.