Daily NCSC-FI news followup 2019-12-20

267 miljoonan Facebook-käyttäjän tiedot päätyivät nettiin – älä silti hätäile

www.is.fi/digitoday/tietoturva/art-2000006350462.html Vuoto ei kuitenkaan ole hälyttävin mahdollinen, vaikka koskeekin suurta määrää käyttäjiä. Tietueessa ei esimerkiksi ole salasanoja tai maksukortin tietoja. Lisäksi tiedot ovat enimmäkseen amerikkalaisilta käyttäjiltä.. Src:

www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/

Supo: 5g-verkkotoimijat arvioitava ja poliittinen keskustelu käytävä

www.is.fi/digitoday/tietoturva/art-2000006348909.html

Cisco ASA DoS Bug Attacked in Wild

blogs.cisco.com/security/talos/cisco-asa-dos-bug-attacked-in-wild Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability. The attacker can use a specially crafted URL to cause the ASA appliance to reboot or disclose unauthenticated information.

Frankfurt city officials take down IT network to prevent Emotet to be used as a staging point to launch a ransomware attack.

www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/ Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet.

Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft

www.bleepingcomputer.com/news/security/canadian-insurance-firm-hit-by-maze-ransomware-denies-data-theft/ According to emails sent to BleepingComputer from the operators of the Maze Ransomware, Andrew Agencies was attacked on October 21st, 2019 when the attackers breached their network and encrypted 245 computers. Based on the encrypted sizes listed in this proof, the Maze Ransomware states they have encrypted a total of 63 terabytes of data.

Ransomware: The number of victims paying up is on the rise, and that’s bad news

www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/

Nexus Mods breached.

www.nexusmods.com/news/14178 Even though we were able to secure the endpoint as soon as we discovered the exploit, as a measure of security, we are informing all of you, as we cannot rule out that further access to other user data including email addresses, password hashes and password salts has taken place.. Also

www.bleepingcomputer.com/news/security/nexus-mods-game-modding-site-discloses-data-breach/

– From dropbox(updater) to NT AUTHORITY\SYSTEM

decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/ In this post Im going to show how to use the DropBoxUpdater service in order to get SYSTEM privileges starting from a simple Windows user.

Privilege Escalation Flaws Found in Preinstalled Acer, ASUS Software

www.securityweek.com/privilege-escalation-flaws-found-preinstalled-acer-asus-software The first bug impacts Acer Quick Access, an application that allows users to toggle wireless devices on or off, to modify power-off USB charge settings and network sharing options, and more.. The second flaw impacts ASUS ATK Package and can be exploited during the post-compromise phase of an attack, to achieve persistence and evade detection.

OpenSSL 1.0.2u released.

www.openssl.org/news/openssl-1.0.2-notes.html

DNSSEC still fueling DNS amplification attacks, TCP SYN flood attacks rise

www.helpnetsecurity.com/2019/12/19/dns-amplification-attacks-increase/ TCP SYN flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.