Daily NCSC-FI news followup 2019-11-11
Threat Alert: TCP Reflection Attacks
blog.radware.com/security/2019/11/threat-alert-tcp-reflection-attacks/ Independent research in the behavior of a multitude of systems and devices on the internet exposed more than 4.8 million devices vulnerable to an average amplification factor of 112x and thousands of hosts that could be abused for amplification up to a factor of almost 80,000x, respectively, reflect more than 5,000 packets within 60 seconds, causing a serious impact on a victims network.
Puolustusministeri Kaikkonen varoittaa kyber-alarmismista
www.hs.fi/kotimaa/art-2000006303786.html PUOLUSTUSMINISTERI Antti Kaikkonen (kesk) kehottaa välttämään kyber-alarmismia eli jatkuvaa julkisuudessa esitettävää uhkakuvien maalailua. Hänen mukaansa kokemukset valtioiden turvallisuutta merkittävästi heikentäneistä kyberhyökkäyksistä ovat vähäiset.. Myös
yle.fi/uutiset/3-11062431 “Puolustusvoimissa panostetaan lähivuosina rahaa ja henkilöstöä kybersodankäynnin tuomien uusien turvallisuusuhkien torjumiseen.
Apple Mail Stores Encrypted Emails in Plain Text Database, fix included!
medium.com/@boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4 The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it
If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware
www.theregister.co.uk/2019/11/11/dharma_decryption_promises_data_recovery/ Australian biz Fast Data Recovery boasted that it is capable of decrypting Dharma, which data recovery biz Coveware’s chief exec Bill Siegel described as implying “they have tools and computing power beyond that of the NSA”.
DDoS attacks in Q3 2019
securelist.com/ddos-report-q3-2019/94958/ This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out by spoofing the return IP address through the . WS-Discovery multicast protocol. . Also
www.theregister.co.uk/2019/11/11/kids_blamed_for_ddos_spike_in_september/
Vulnerable Versions of Adminer as a Universal Infection Vector
blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html This past week, weve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.
He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers
www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600 Security researchers agree that for most people, adding text-message authentication is a big step up from only using a password, but that can leave you open to a relatively new [?] attack called SIM swapping
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin
krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. 4, and the second Oct. 22. That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online.
Laaja sähkö- tai telekatko saisi Suomen polvilleen
www.hs.fi/mielipide/art-2000006303366.html Euroopan unionin lainsäädännön mukaisesti Suomessakin on jo joulukuussa 2022 pystyttävä pitämään yllä sähkönpalauttamiseen tarvittavia kriittisiä tietoliikenneyhteyksiä 24 tuntia, vaikka sähkönjakelu ei toimisikaan. Tämä vaatimus on ehdottomasti myös Suomen edun mukainen.
