Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why?

www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

PHA Family Highlights: Bread (and Friends)

security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html In this edition of our PHA Family Highlights series we introduce Bread, a large-scale billing fraud family. We first started tracking Bread (also known as Joker) in early 2017, identifying apps designed solely for SMS fraud. As the Play Store has introduced new policies and Google Play Protect has scaled defenses, Bread apps were forced to continually iterate to search for gaps. They have at some . point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere. In this post, we show how Google Play Protect has defended against a well organized, persistent attacker and share examples of their techniques.

Valtio hämmentää tunnistautumisen markkinoita “aivan liian aikaista uudelle järjestelmälle

www.tivi.fi/uutiset/tv/4f86b33c-07e6-4732-a165-e940ac38d0a5 Valtio suunnittelee Suomeen uudenlaista mobiilihenkilökorttia. Kyseessä olisi mobiilisovellus, jota voitaisiin käyttää henkilöllisyyden todentamiseen ja sähköiseen tunnistamiseen. Tivi uutisoi asiasta ensimmäisen kerran syksyllä verkossa.

Senator unveils bill to stop the US from sharing intel with countries using Huawei 5G

www.zdnet.com/article/senator-unveils-bill-to-stop-the-us-from-sharing-intel-with-countries-using-huawei-5g/#ftag=RSSbaffb68 Sen. Tom Cotton, R-Ark., introduced legislation this week that would prohibit the US from sharing intelligence with any country allowing Huawei to operate 5G technologies within its borders. If such legislation passed, it would have a major impact on US foreign policy, as well as business for the Chinese telecom giant.

SHA-1 chosen prefix collisions and DNSSEC

www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html On the 7th January, a new more flexible and efficient collision attack against SHA-1 was announced: SHA-1 is a shambles. SHA-1 is deprecated but still used in DNSSEC, and this collision attack means that some attacks against DNSSEC are now merely logistically challenging rather than being cryptographically infeasible.

50+ orgs ask Google to take a stance against Android bloatware

www.zdnet.com/article/50-orgs-ask-google-to-take-a-stance-against-android-bloatware/#ftag=RSSbaffb68 In an open letter published yesterday, more than 50 organizations have asked Google to take action against Android smartphone vendors who ship devices with unremovable pre-installed apps, also known as bloatware.

Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html This is the first blog post in a three-part series that will detail how a vulnerability in iMessage can be exploited remotely without any user interaction on iOS 12.4 (fixed in iOS 12.4.1 in August 2019). It is essentially a more detailed version of my 36C3 talk from December 2019.

AT&T Alien Labs analysis of an active cryptomining worm

cybersecurity.att.com/blogs/labs-research/att-alien-labs-analysis-of-an-active-cryptomining-worm#When:14:00:00Z This blog post provides an overview of the AT&T Alien Labs technical analysis of the common malicious implants used by threat actors targeting vulnerable Exim, Confluence, and WebLogic servers. Upon exploitation, malicious implants are deployed on the compromised machine. While most of the attacks described below are historical, we at Alien Labs are continuing to see new attacks

The Bug That Exposed Your PayPal Password

medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9 This is the story of a high-severity bug affecting what is probably one of PayPals most visited pages: the login form.

Who is Mr Gu?

intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/ In our previous articles we identified thirteen companies that this blog knows are a front for APT activity in Hainan. Following further analysis, we noticed a close association between these Hainan front companies and the academic world. Multiple job adverts for the the companies are posted on university websites. Hainan Xiandun even appears to operate from the Hainan University Library!

You might be interested in …

Daily NCSC-FI news followup 2021-03-05

PLEASE LEAVE AN EXPLOIT AFTER THE BEEP www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep In January 2021, Dubex investigated suspicious activity on a set of Exchange servers. Generic post exploitation activity was seen, and many POST requests were sent to webshells hosted in the OWA directory. It was initially suspected the servers might be backdoored directly through the OWA and that […]

Read More

Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the […]

Read More

Daily NCSC-FI news followup 2020-11-05

Hakkerit löysivät testivaiheessa aukkoja uudesta Apotti-potilasjärjestelmästä ovatko kahden miljoonan ihmisen arkaluontoiset tiedot varmasti turvassa? yle.fi/uutiset/3-11630403 Suomalaisen it-johtajan mukaan pelkästään Yhdysvalloissa on varastettu tänä vuonna jo kymmeniä miljoonia potilastietoja. Poliisi selvitti netin välityksellä tehdyn uhkauksen Oulussa www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/poliisi_selvitti_netin_valityksella_tehdyn_uhkauksen_oulussa_94446 Poliisi on tutkinut kouluun kohdistunutta internetin välityksellä tehtyä uhkausta Oulussa. Poliisi sai selville ja kuulusteli uhkauksesta epäiltyä henkilöä keskiviikkona […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.