Daily NCSC-FI news followup 2019-12-20

267 miljoonan Facebook-käyttäjän tiedot päätyivät nettiin – älä silti hätäile

www.is.fi/digitoday/tietoturva/art-2000006350462.html Vuoto ei kuitenkaan ole hälyttävin mahdollinen, vaikka koskeekin suurta määrää käyttäjiä. Tietueessa ei esimerkiksi ole salasanoja tai maksukortin tietoja. Lisäksi tiedot ovat enimmäkseen amerikkalaisilta käyttäjiltä.. Src:

www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/

Supo: 5g-verkkotoimijat arvioitava ja poliittinen keskustelu käytävä

www.is.fi/digitoday/tietoturva/art-2000006348909.html

Cisco ASA DoS Bug Attacked in Wild

blogs.cisco.com/security/talos/cisco-asa-dos-bug-attacked-in-wild Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability. The attacker can use a specially crafted URL to cause the ASA appliance to reboot or disclose unauthenticated information.

Frankfurt city officials take down IT network to prevent Emotet to be used as a staging point to launch a ransomware attack.

www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/ Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet.

Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft

www.bleepingcomputer.com/news/security/canadian-insurance-firm-hit-by-maze-ransomware-denies-data-theft/ According to emails sent to BleepingComputer from the operators of the Maze Ransomware, Andrew Agencies was attacked on October 21st, 2019 when the attackers breached their network and encrypted 245 computers. Based on the encrypted sizes listed in this proof, the Maze Ransomware states they have encrypted a total of 63 terabytes of data.

Ransomware: The number of victims paying up is on the rise, and that’s bad news

www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/

Nexus Mods breached.

www.nexusmods.com/news/14178 Even though we were able to secure the endpoint as soon as we discovered the exploit, as a measure of security, we are informing all of you, as we cannot rule out that further access to other user data including email addresses, password hashes and password salts has taken place.. Also

www.bleepingcomputer.com/news/security/nexus-mods-game-modding-site-discloses-data-breach/

– From dropbox(updater) to NT AUTHORITY\SYSTEM

decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/ In this post Im going to show how to use the DropBoxUpdater service in order to get SYSTEM privileges starting from a simple Windows user.

Privilege Escalation Flaws Found in Preinstalled Acer, ASUS Software

www.securityweek.com/privilege-escalation-flaws-found-preinstalled-acer-asus-software The first bug impacts Acer Quick Access, an application that allows users to toggle wireless devices on or off, to modify power-off USB charge settings and network sharing options, and more.. The second flaw impacts ASUS ATK Package and can be exploited during the post-compromise phase of an attack, to achieve persistence and evade detection.

OpenSSL 1.0.2u released.

www.openssl.org/news/openssl-1.0.2-notes.html

DNSSEC still fueling DNS amplification attacks, TCP SYN flood attacks rise

www.helpnetsecurity.com/2019/12/19/dns-amplification-attacks-increase/ TCP SYN flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.

You might be interested in …

Daily NCSC-FI news followup 2020-03-14

Etätyö kaatoi valtion salatun verkkoyhteyden työntekijöiltä estetään Facebookiin pääsy ensi viikolla yle.fi/uutiset/3-11255717 Moni työpaikka kehottaa nyt tekemään etätöitä koronaviruksen leviämisen estämiseksi. Salattuja eli VPN-verkkoyhteyksiä ei ole kuitenkaan suunniteltu siten, että suurin osa työntekijöistä olisi etätöissä. Silloin ne saattavat kaatua. Kapasiteettia kuormittaa käyttäjämäärän lisäksi se, mitä käyttäjät tekevät verkossa. Esimerkiksi videoiden katsominen kuormittaa verkkoa. Keskisuurissa ja […]

Read More

Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February […]

Read More

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.