Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT

threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike beacons as well as a downloader that has similarities to the Shifu banking Trojan. Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

thehackernews.com/2019/12/strandhogg-android-vulnerability.html Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking credentials and spy on their activities.. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.. see also


Imminent Monitor a RAT Down Under


CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

threatpost.com/cisa-us-agencies-vulnerability-disclosure-policies/150718/ A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.. see also


Insecure Database Exposes Millions of Private SMS Messages

threatpost.com/insecure-database-exposes-millions-of-private-sms-messages/150706/ Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Now even the FBI is warning about your smart TVs security

techcrunch.com/2019/12/01/fbi-smart-tv-security/ If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things.

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/ We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign.

Supo ja Nato tutkivat jo nyt ulkoministeriö kutsuu hakkerit testaamaan palvelujensa turvallisuutta

www.tivi.fi/uutiset/tv/6fe4dd92-4381-4b27-9460-34d2c6e5de6e Ulkoministeriö kertoo käynnistävänsä palkkionmetsästysohjelman verkkopalvelujen haavoittuvuuksien etsimiseksi.. Hakkerien havaintojen varaan ulkoministeriön palvelujen tietoturvaa ei toki ole jätetty. Sitä ovat arvioineet jo muun muassa Kyberturvallisuuskeskus, Suojelupoliisi, EU Neuvoston turvakomitea, Nato Office of Security sekä useat suomalaiset tietoturvayritykset.

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

www.zdnet.com/article/researchers-disclose-bugs-in-autodesk-trend-micro-kaspersky-software/ Researchers have disclosed a set of security vulnerabilities in Autodesk, Trend Micro, and Kaspersky software. . On Monday, the SafeBreach Labs published three security advisories describing the bugs, all of which were privately reported to the vendors before public disclosure.

Luetko sähköpostisi kännykällä? Ole varovainen

www.is.fi/digitoday/tietoturva/art-2000006325653.html Tietojenkalasteluviestit ovat uskottavampia puhelimella katsottaessa, tietoturvayhtiö varoittaa mobiiliuhkien oppaassaan.

Eettistä hakkerointia: opiskelijat tietoturva-aukkoja etsimässä

www.epressi.com/tiedotteet/tietoturva/eettista-hakkerointia-opiskelijat-tietoturva-aukkoja-etsimassa.html Perjantaina 8.11. noin 30 espoolaista lukiolaista ja datanomiopiskelijaa kokoontui Ciscon Espoon toimitiloihin tehtävänään hakkeroida Sanoma Pron sähköisiä järjestelmiä. Haaste tuotti myös tulosta, sillä opiskelijat tekijät kolme merkittävää löydöstä, joita voidaan hyödyntää jatkossa esimerkiksi ohjelmistonkehitystyössä.

Next up, what’s up with TCP port 26?

isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Whenever I sign up for another shift, if I don’t already have a diary topic in mind, I take a look at the top 10 ports in the dashboard when I login to isc.sans.edu. For the last few weeks, I’ve noticed port 26 showing up, so I decided to see if I could figure out what was going on there.

Attain Embedded Cloud Security With a DevSecOps Approach


Fake Android apps uploaded to Play store by notorious Sandworm hackers

nakedsecurity.sophos.com/2019/12/02/fake-android-apps-uploaded-to-play-store-by-notorious-sandworm-hackers/ The Russian Sandworm hacking group (not to be confused with the malware of the same name) has been caught repeatedly uploading fake and modified Android apps to Googles Play store.. They were detected by Google Threat Analysis Group (TAG), making the attacks public during a presentation at the recent CyberwarCon conference.

You might be interested in …

Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the […]

Read More

Daily NCSC-FI news followup 2020-10-26

Apua ja neuvoja tietovuodon uhreille tietovuotoapu.fi/fi/ Tietovuotoapu-sivustolta löydät kootusti viranomaisten ja avustusjärjestöjen ohjeita tietovuodon uhreille. Sivustoa päivitetään jatkuvasti. Mitä tehdä, jos törmää vuodettuun materiaaliin? Tietojen käsittelemisestä voi saada jopa vuoden vankeusrangaistuksen yle.fi/uutiset/3-11613689 Jos netissä törmää vuodettuun, haitalliseen sisältöön, siitä tulisi ilmoittaa Kyberturvallisuuskeskukseen tai poliisille. Moni miettii nyt, onko oma tietoturva ajan tasalla asiantuntija kertoo viisi […]

Read More

Daily NCSC-FI news followup 2020-08-06

Australia’s 2020 Cyber Security Strategy www.pm.gov.au/media/australias-2020-cyber-security-strategy The Morrison Governments 2020 Cyber Security Strategy outlines how we will keep Australian families and businesses secure online, protect and strengthen the security and resilience of Australias critical infrastructure and ensure law enforcement agencies have the powers and technical capabilities to detect, target, investigate and disrupt cybercrime, including on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.