Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher


Cisco Webex bug allowed anyone to join a password-protected meeting

www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation far, far away to join a “password-protected meeting without providing the meeting password”.

FBI Releases Alert on Iranian Hackers’ Defacement Techniques

www.bleepingcomputer.com/news/security/fbi-releases-alert-on-iranian-hackers-defacement-techniques/ The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers’ TTPs to help administrators and users to protect their websites.

Tampa Bay Times hit with Ryuk ransomware attack

blog.malwarebytes.com/ransomware/2020/01/tampa-bay-times-hit-with-ryuk-ransomware-attack/ Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity.. [Article refers to the campaign known as SeaTurtle]

Russian Cybercrime Boss Burkov Pleads Guilty

krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/ Aleksei Burkov, an ultra-connected Russian hacker once described as an asset of supreme importance to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Leaking Data on Intel CPUs via Cache Evictions

cacheoutattack.com/ We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel’s attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.. report:


[UK] Government to strengthen security of internet-connected products

www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products New legislation to improve security standards of internet-connected household devices

Toimittaja testasi: Kännykkäni laverteli minusta melkein kaiken datakauppiaille kahdessa viikossa Koetin jäljittää, mitä tiedoilleni tapahtui


Intel Is Patching the Patch for the Patch for Its Zombieload Flaw

www.wired.com/story/intel-zombieload-third-patch-speculative-execution/ Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?. Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?

Exclusive: Hackers acting in Turkey’s interests believed to be behind recent cyberattacks – sources

www.reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said.. [Article refers to the campaign known as SeaTurtle]

Watch six decade-long disinformation operations unfold in six minutes

medium.com/@alexa.pavliuc/watch-six-decade-long-disinformation-operations-unfold-in-six-minutes-5f69a7e75fb3 Heres a birds eye view of six state-backed information operations on Twitter, and how they evolved over the last decade. This research was funded by the Mozilla Foundation by an Open Source Support Award.

The duke of URL: Zoom meetups’ info leaked out through eavesdrop hole

www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.. report:


OurMine Hackers Are Back, Hijack NFL Teams’ Social Accounts

www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/ It looks like the OurMine crew is back and they’re on a hacking spree, taking brief control of the social media accounts of high-profile individuals.

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender

www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/ A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.. When attackers are able to compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to the EternalBlue vulnerability.

The average ransom demand for a REvil ransomware infection is a whopping $260,000

www.zdnet.com/article/the-average-ransom-demand-for-a-revil-ransomware-infection-is-a-whopping-260000/ Security researchers sinkhole the REvil ransomware servers and gain an insight into the operation of today’s biggest ransomware gang.. report: www.kpn.com/security-blogs/Tracking-REvil.htm

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

threatpost.com/lorawan-encryption-keys-easy-to-crack-jeopardizing-security-of-iot-networks/152276/ New research from IOActive has found that blindly trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

thehackernews.com/2020/01/new-cacheout-attack-leaks-data-from.html Researchers at the universities of Adelaide and Michigan demonstrated:. the effectiveness of CacheOut in violating process isolation by recovering AES keys and plaintexts from an OpenSSL-based victim

You might be interested in …

Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment www.justice.gov/opa/press-release/file/1328521/download. see also www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able […]

Read More

Daily NCSC-FI news followup 2020-11-10

With Great Power comes Great Leakage platypusattack.com/ With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor’s power consumption to infer data and extract cryptographic keys. Lisäksi: www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus. Lisäksi: arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/. Lisäksi: www.theregister.com/2020/11/10/intel_sgx_side_channel/ Microsoft Releases November 2020 […]

Read More

Daily NCSC-FI news followup 2019-10-20

Equifax used ‘admin’ as username and password for sensitive data finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html The Pixel 4s face unlock works on sleeping, unconscious people arstechnica.com/gadgets/2019/10/the-pixel-4s-face-unlock-works-on-sleeping-unconscious-people/ NordVPN is investigating a potential certificate leak. Unconfirmed as of now. https://twitter.com/NordVPN/status/1185979592374398976 See also https://twitter.com/cryptostorm_is/status/1185976222364438528

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.