Daily NCSC-FI news followup 2019-12-04

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/ Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.. see also

securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/. full whitepaper www.ibm.com/downloads/cas/OAJ4VZNJ

Uutta valtionhallinnossa: Traficom organisoituu osaamisalueiksi ja vaikuttavuusverkostoiksi

www.traficom.fi/fi/ajankohtaista/uutta-valtionhallinnossa-traficom-organisoituu-osaamisalueiksi-ja Liikenne- ja viestintävirasto Traficomin organisaatio uudistuu 1.1.2020 alkaen neljäksi osaamisalueeksi ja kahdeksi vaikuttavuusverkostoksi. Tavoitteena on mahdollistaa viraston uudistumiskyky ja moninäkökulmainen päätöksenteko ja siten varmistaa virastolle osoitettujen tehtävien toteuttaminen tehokkaasti ja tuloksekkaasti.

Two malicious Python libraries caught stealing SSH and GPG keys

www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ The two libraries were created by the same developer and mimicked other more popular libraries — using a technique called typosquatting to register similarly-looking names.. The first is “python3-dateutil,” which imitated the popular “dateutil” library. The second is “jeIlyfish” (the first L is an I), which mimicked the “jellyfish” library.

China resurrects Great Cannon for DDoS attacks on Hong Kong forum

www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/ After more than two years since it’s been used the last time, the Chinese government deployed an infamous DDoS tool named the “Great Cannon” to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests.

New macOS Threat Served from Cryptocurrency Trading Platform

www.bleepingcomputer.com/news/security/new-macos-threat-served-from-cryptocurrency-trading-platform/ Security researchers have encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus.

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html Attackers have a dirty little secret that is being used to conduct big intrusions. Well explain how they’re “unpatching” an exploit and then provide new Outlook hardening guidance that is not available elsewhere.. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsofts CVE-2017-11774 patch functionality.

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign


EU gets a bit STRESSED out about 5G: With great economic benefits come great security risks

www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/ The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits.

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

thehackernews.com/2019/12/goahead-web-server-hacking.html Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

A stranger wants to give me money. What could possibly go wrong?

www.kaspersky.com/blog/incoming-transfer-scam/31716/ Two schemes whereby a victim receives money and neither one is good news.

Analysis of a strangely poetic malware


You might be interested in …

Daily NCSC-FI news followup 2021-03-12

Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/ Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its latest observations on exploitation attempts against organizations that it tracks worldwide. myös: www.tivi.fi/uutiset/tv/31187ac4-d460-4a33-be35-0256443bbb11 F-Secure: “Tilanne voi revetä käsiin” Exchange-hyökkäysten hirmumyrsky repii maailmaa […]

Read More

Daily NCSC-FI news followup 2021-03-24

Rauli Paananen: Tehdään kyberturvallisuudesta kansalaistaito ja vientituote www.erillisverkot.fi/rauli-paananen-tehdaan-kyberturvallisuudesta-kansalaistaito-ja-vientituote/ Asia on yhteinen: kansallinen kyberturvallisuus rakentuu viranomaisten, elinkeinoelämän, järjestöjen ja kansalaisten yhteistyönä. Tarvitsemme lisää suomalaista osaamista ja alan yritystoimintaa näille on kysyntää maailmallakin, kirjoittaa blogivieraamme valtion kyberturvallisuusjohtaja Rauli Paananen liikenne- ja viestintäministeriöstä. Microsoftin Exchange-palvelimen haavoittuvuudesta johtuvasta henkilötietojen tietoturvaloukkauksesta tulee ilmoittaa rekisteröidyille ja tietosuojavaltuutetun toimistolle tietosuoja.fi/-/microsoftin-exchange-palvelimen-haavoittuvuudesta-johtuvasta-henkilotietojen-tietoturvaloukkauksesta-tulee-ilmoittaa-rekisteroidyille-ja-tietosuojavaltuutetun-toimistolle Tietosuojavaltuutetun toimisto […]

Read More

Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays! nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you! Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.