Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher


Cisco Webex bug allowed anyone to join a password-protected meeting

www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation far, far away to join a “password-protected meeting without providing the meeting password”.

FBI Releases Alert on Iranian Hackers’ Defacement Techniques

www.bleepingcomputer.com/news/security/fbi-releases-alert-on-iranian-hackers-defacement-techniques/ The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers’ TTPs to help administrators and users to protect their websites.

Tampa Bay Times hit with Ryuk ransomware attack

blog.malwarebytes.com/ransomware/2020/01/tampa-bay-times-hit-with-ryuk-ransomware-attack/ Florida newspaper The Tampa Bay Times suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity.. [Article refers to the campaign known as SeaTurtle]

Russian Cybercrime Boss Burkov Pleads Guilty

krebsonsecurity.com/2020/01/russian-cybercrime-boss-burkov-pleads-guilty/ Aleksei Burkov, an ultra-connected Russian hacker once described as an asset of supreme importance to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Leaking Data on Intel CPUs via Cache Evictions

cacheoutattack.com/ We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel’s attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.. report:


[UK] Government to strengthen security of internet-connected products

www.gov.uk/government/news/government-to-strengthen-security-of-internet-connected-products New legislation to improve security standards of internet-connected household devices

Toimittaja testasi: Kännykkäni laverteli minusta melkein kaiken datakauppiaille kahdessa viikossa Koetin jäljittää, mitä tiedoilleni tapahtui


Intel Is Patching the Patch for the Patch for Its Zombieload Flaw

www.wired.com/story/intel-zombieload-third-patch-speculative-execution/ Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?. Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third times the charm?

Exclusive: Hackers acting in Turkey’s interests believed to be behind recent cyberattacks – sources

www.reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said.. [Article refers to the campaign known as SeaTurtle]

Watch six decade-long disinformation operations unfold in six minutes

medium.com/@alexa.pavliuc/watch-six-decade-long-disinformation-operations-unfold-in-six-minutes-5f69a7e75fb3 Heres a birds eye view of six state-backed information operations on Twitter, and how they evolved over the last decade. This research was funded by the Mozilla Foundation by an Open Source Support Award.

The duke of URL: Zoom meetups’ info leaked out through eavesdrop hole

www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/ Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.. report:


OurMine Hackers Are Back, Hijack NFL Teams’ Social Accounts

www.bleepingcomputer.com/news/security/ourmine-hackers-are-back-hijack-nfl-teams-social-accounts/ It looks like the OurMine crew is back and they’re on a hacking spree, taking brief control of the social media accounts of high-profile individuals.

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender

www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/ A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.. When attackers are able to compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to the EternalBlue vulnerability.

The average ransom demand for a REvil ransomware infection is a whopping $260,000

www.zdnet.com/article/the-average-ransom-demand-for-a-revil-ransomware-infection-is-a-whopping-260000/ Security researchers sinkhole the REvil ransomware servers and gain an insight into the operation of today’s biggest ransomware gang.. report: www.kpn.com/security-blogs/Tracking-REvil.htm

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

threatpost.com/lorawan-encryption-keys-easy-to-crack-jeopardizing-security-of-iot-networks/152276/ New research from IOActive has found that blindly trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

New ‘CacheOut’ Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

thehackernews.com/2020/01/new-cacheout-attack-leaks-data-from.html Researchers at the universities of Adelaide and Michigan demonstrated:. the effectiveness of CacheOut in violating process isolation by recovering AES keys and plaintexts from an OpenSSL-based victim

You might be interested in …

Daily NCSC-FI news followup 2021-06-30

Public Windows PrintNightmare 0-day exploit allows domain takeover www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ Another vulnerability, CVE-2021-1675 also regarding Print Spooler, was fixed in the Microsoft June update. Researchers from Chinese security company Sangfor, decided to release their writeup and demo exploit called PrintNightmareand believed to release information about the same issue. As it turns out PrintNightmare is not the […]

Read More

Daily NCSC-FI news followup 2020-06-22

Google Analytics as a data exfiltration channel www.kaspersky.com/blog/web-skimming-with-ga/35986/ Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Lets explore why this is dangerous and how […]

Read More

Daily NCSC-FI news followup 2019-11-01

Safe downloading habits: What to teach your kids www.welivesecurity.com/2019/11/01/safe-downloading-habits-teach-kids/ Even if you are careful about what you click and download, chances are your children will be less cautious. Heres how you can help them and your entire family stay safe. Life without the internet is rather difficult to fathom, and particularly for children the online […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.