Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher


Cisco Webex bug allowed anyone to join a password-protected meeting

www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation far, far away to join a “password-protected meeting without providing the meeting password”.

FBI Releases Alert on Iranian Hackers’ Defacement Techniques

www.bleepingcomputer.com/news/security/fbi-releases-alert-on-iranian-hackers-defacement-techniques/ The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers’ TTPs to help administrators and users to protect their websites.

Tampa Bay Times hit with Ryuk ransomware attack

blog.malwarebytes.com/ransomware/2020/01/tampa-bay-times-hit-with-ryuk-ransomware-attack/ Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity.. [Article refers to the campaign known as SeaTurtle]

Russian Cybercrime Boss Burkov Pleads Guilty

krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/ Aleksei Burkov, an ultra-connected Russian hacker once described as an asset of supreme importance to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Leaking Data on Intel CPUs via Cache Evictions

cacheoutattack.com/ We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel’s attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.. report:


[UK] Government to strengthen security of internet-connected products

www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products New legislation to improve security standards of internet-connected household devices

Toimittaja testasi: Kännykkäni laverteli minusta melkein kaiken datakauppiaille kahdessa viikossa Koetin jäljittää, mitä tiedoilleni tapahtui


Intel Is Patching the Patch for the Patch for Its Zombieload Flaw

www.wired.com/story/intel-zombieload-third-patch-speculative-execution/ Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?. Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?

Exclusive: Hackers acting in Turkey’s interests believed to be behind recent cyberattacks – sources

www.reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said.. [Article refers to the campaign known as SeaTurtle]

Watch six decade-long disinformation operations unfold in six minutes

medium.com/@alexa.pavliuc/watch-six-decade-long-disinformation-operations-unfold-in-six-minutes-5f69a7e75fb3 Heres a birds eye view of six state-backed information operations on Twitter, and how they evolved over the last decade. This research was funded by the Mozilla Foundation by an Open Source Support Award.

The duke of URL: Zoom meetups’ info leaked out through eavesdrop hole

www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.. report:


OurMine Hackers Are Back, Hijack NFL Teams’ Social Accounts

www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/ It looks like the OurMine crew is back and they’re on a hacking spree, taking brief control of the social media accounts of high-profile individuals.

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender

www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/ A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.. When attackers are able to compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to the EternalBlue vulnerability.

The average ransom demand for a REvil ransomware infection is a whopping $260,000

www.zdnet.com/article/the-average-ransom-demand-for-a-revil-ransomware-infection-is-a-whopping-260000/ Security researchers sinkhole the REvil ransomware servers and gain an insight into the operation of today’s biggest ransomware gang.. report: www.kpn.com/security-blogs/Tracking-REvil.htm

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

threatpost.com/lorawan-encryption-keys-easy-to-crack-jeopardizing-security-of-iot-networks/152276/ New research from IOActive has found that blindly trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

thehackernews.com/2020/01/new-cacheout-attack-leaks-data-from.html Researchers at the universities of Adelaide and Michigan demonstrated:. the effectiveness of CacheOut in violating process isolation by recovering AES keys and plaintexts from an OpenSSL-based victim

You might be interested in …

Daily NCSC-FI news followup 2020-07-09

More evil: A deep look at Evilnum and its toolset www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/ In this article we connect the dots and disclose a detailed picture of Evilnums activities. The groups targets remain fintech companies, but its toolset and infrastructure have evolved and now consist of a mix of custom, homemade malware combined with tools purchased from Golden […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Daily NCSC-FI news followup 2021-03-26

German Parliament targeted again by Russian state hackers www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/ It is believed that the attackers were able to gain access to the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments. “The Ghostwriter campaign leverages traditional cyber threat activity and information operations tactics to promote narratives […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.