Daily NCSC-FI news followup 2019-11-11

Threat Alert: TCP Reflection Attacks

blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more than 5,000 packets within 60 seconds, causing a serious impact on a victims network.

Puolustusministeri Kaikkonen varoittaa kyber-alarmismista

www.hs.fi/kotimaa/art-2000006303786.html PUOLUSTUSMINISTERI Antti Kaikkonen (kesk) kehottaa välttämään kyber-alarmismia eli jatkuvaa julkisuudessa esitettävää uhkakuvien maalailua. Hänen mukaansa kokemukset valtioiden turvallisuutta merkittävästi heikentäneistä kyberhyökkäyksistä ovat vähäiset.. Myös

yle.fi/uutiset/3-11062431 “Puolustusvoimissa panostetaan lähivuosina rahaa ja henkilöstöä kybersodankäynnin tuomien uusien turvallisuusuhkien torjumiseen.

Apple Mail Stores Encrypted Emails in Plain Text Database, fix included!

medium.com/@boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4 The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware

www.theregister.co.uk/2019/11/11/dharma_decryption_promises_data_recovery/ Australian biz Fast Data Recovery boasted that it is capable of decrypting Dharma, which data recovery biz Coveware’s chief exec Bill Siegel described as implying “they have tools and computing power beyond that of the NSA”.

DDoS attacks in Q3 2019

securelist.com/ddos-report-q3-2019/94958/ This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out by spoofing the return IP address through the . WS-Discovery multicast protocol. . Also


Vulnerable Versions of Adminer as a Universal Infection Vector

blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html This past week, weve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.

He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers

www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600 Security researchers agree that for most people, adding text-message authentication is a big step up from only using a password, but that can leave you open to a relatively new [?] attack called SIM swapping

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. 4, and the second Oct. 22. That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online.

Laaja sähkö- tai telekatko saisi Suomen polvilleen

www.hs.fi/mielipide/art-2000006303366.html Euroopan unionin lainsäädännön mukaisesti Suomessakin on jo joulukuussa 2022 pystyttävä pitämään yllä sähkönpalauttamiseen tarvittavia kriittisiä tietoliikenneyhteyksiä 24 tuntia, vaikka sähkönjakelu ei toimisikaan. Tämä vaatimus on ehdottomasti myös Suomen edun mukainen.

You might be interested in …

Daily NCSC-FI news followup 2020-01-04

Police Tracked a Terror Suspect Until His Phone Went Dark After a Facebook Warning www.morningstar.com/news/dow-jones/202001026663/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning WhatsApp, Facebook Inc.’s popular messaging tool, had just notified about 1,400 users — among them the suspected terrorist — that their phones had been hacked by an “advanced cyber actor.” An elite surveillance team was using spyware from NSO Group, […]

Read More

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2021-10-05

Understanding How Facebook Disappeared from the Internet blog.cloudflare.com/october-2021-facebook-outage/ The Internet is literally a network of networks, and it’s bound together by BGP. BGP allows one network (say Facebook) to advertise its presence to other networks that form the Internet. As we write Facebook is not advertising its presence, ISPs and other networks can’t find Facebook’s […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.