Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source:


Austria: Cyber attack on the Foreign Ministry is over

www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all the departments involved, last weekend we managed to clean up our IT systems and end the cyber attack on the Foreign Ministry, said Foreign Minister Alexander Schallenberg on Thursday.. Also


Escaping the Chrome Sandbox with RIDL

googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT).. At the time of writing, both Apple and Microsoft are actively working on a fix to prevent this attack in collaboration with the Chrome security team.

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

www.zdnet.com/article/bug-in-wordpress-plugin-can-let-hackers-wipe-up-to-200000-sites/ Same bug can also let attackers gain access to the admin account. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill.

Severe vuln in WordPress plugin Profile Builder allows remote attackers to gain admin access

www.theregister.co.uk/2020/02/17/wordpress_profile_builder_v3_1_0_vuln/ Version 3.1.1 of Profile Builder was released a week ago. WordPress.org’s counter tracks 50,000 installs of the plugin.

Twitter says Olympics, IOC accounts hacked

www.reuters.com/article/us-twitter-olympics/twitter-says-olympics-ioc-accounts-hacked-idUSKBN2090SA An official Twitter account of the Olympics and the International Olympic Committees (IOC) media Twitter account had been hacked and temporarily locked. The accounts were hacked through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

Nedbank says 1.7 million customers impacted by breach at third-party provider

www.zdnet.com/article/nedbank-says-1-7-million-customers-impacted-by-breach-at-third-party-provider/ In a security notice posted on its website, Nedbank said there was a vulnerability in the third-party provider’s systems that allowed an attacker to infiltrate its systems.. Nedbank said that none of its own systems have been affected by this incident, and the breach was limited only to its contractor’s network. The contractor appears to have had a copy of the bank’s customer data, but no direct access to the bank’s systems.

US Government update information on: North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2020/02/14/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US: 2019 Healthcare Data Breach Report

www.hipaajournal.com/2019-healthcare-data-breach-report/ Figures from the Department of Health and Human Services Office for Civil Rights breach portal show a major increase in healthcare data breaches in 2019. Last year, 510 healthcare data breaches of 500 or more records were reported, which represents a 196% increase from 2018.

Targeted Phishing Attack Using Microsoft SLK files

www.bleepingcomputer.com/news/security/targeted-phishing-attack-aims-for-well-known-corporate-brands/ An SLK (Symbolic Link) file is a Microsoft file format used to share data between Microsoft Excel spreadsheets. Due to this, an SLK file will be displayed with an Excel icon as shown below.. When the attached SLK files are opened, a user will be prompted to ‘Enable Editing’ and ‘Enable Content’ to properly display the spreadsheet. These can then execute code.

There’s finally a way to remove xHelper, the unremovable Android malware

www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-unremovable-android-malware/ Malwarebytes researchers find a way to remove the malware, but they still don’t know how it really operates.

You might be interested in …

Daily NCSC-FI news followup 2019-11-26

The RIPE NCC has run out of IPv4 Addresses www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses. Stantinko botnet adds cryptomining to its pool of criminal activities www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/ The operators […]

Read More

Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden. The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations […]

Read More

Daily NCSC-FI news followup 2019-09-29

German Cops Raid Cyberbunker 2.0, Arrest 7 in Child Porn, Dark Web Market Sting krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/ German authorities said Friday theyd arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buried inside […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.