Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source:


Austria: Cyber attack on the Foreign Ministry is over

www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all the departments involved, last weekend we managed to clean up our IT systems and end the cyber attack on the Foreign Ministry, said Foreign Minister Alexander Schallenberg on Thursday.. Also


Escaping the Chrome Sandbox with RIDL

googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT).. At the time of writing, both Apple and Microsoft are actively working on a fix to prevent this attack in collaboration with the Chrome security team.

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

www.zdnet.com/article/bug-in-wordpress-plugin-can-let-hackers-wipe-up-to-200000-sites/ Same bug can also let attackers gain access to the admin account. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill.

Severe vuln in WordPress plugin Profile Builder allows remote attackers to gain admin access

www.theregister.co.uk/2020/02/17/wordpress_profile_builder_v3_1_0_vuln/ Version 3.1.1 of Profile Builder was released a week ago. WordPress.org’s counter tracks 50,000 installs of the plugin.

Twitter says Olympics, IOC accounts hacked

www.reuters.com/article/us-twitter-olympics/twitter-says-olympics-ioc-accounts-hacked-idUSKBN2090SA An official Twitter account of the Olympics and the International Olympic Committees (IOC) media Twitter account had been hacked and temporarily locked. The accounts were hacked through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

Nedbank says 1.7 million customers impacted by breach at third-party provider

www.zdnet.com/article/nedbank-says-1-7-million-customers-impacted-by-breach-at-third-party-provider/ In a security notice posted on its website, Nedbank said there was a vulnerability in the third-party provider’s systems that allowed an attacker to infiltrate its systems.. Nedbank said that none of its own systems have been affected by this incident, and the breach was limited only to its contractor’s network. The contractor appears to have had a copy of the bank’s customer data, but no direct access to the bank’s systems.

US Government update information on: North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2020/02/14/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US: 2019 Healthcare Data Breach Report

www.hipaajournal.com/2019-healthcare-data-breach-report/ Figures from the Department of Health and Human Services Office for Civil Rights breach portal show a major increase in healthcare data breaches in 2019. Last year, 510 healthcare data breaches of 500 or more records were reported, which represents a 196% increase from 2018.

Targeted Phishing Attack Using Microsoft SLK files

www.bleepingcomputer.com/news/security/targeted-phishing-attack-aims-for-well-known-corporate-brands/ An SLK (Symbolic Link) file is a Microsoft file format used to share data between Microsoft Excel spreadsheets. Due to this, an SLK file will be displayed with an Excel icon as shown below.. When the attached SLK files are opened, a user will be prompted to ‘Enable Editing’ and ‘Enable Content’ to properly display the spreadsheet. These can then execute code.

There’s finally a way to remove xHelper, the unremovable Android malware

www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-unremovable-android-malware/ Malwarebytes researchers find a way to remove the malware, but they still don’t know how it really operates.

You might be interested in …

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial […]

Read More

Daily NCSC-FI news followup 2019-07-11

(10.7.) Kemin tietoliikenneverkossa päällä pitkä vikatilanne ongelmia erityisesti terveyspalveluissa, kun potilastietoihin ei päästä käsiksi www.kaleva.fi/uutiset/pohjois-suomi/kemin-tietoliikenneverkossa-paalla-pitka-vikatilanne-ongelmia-erityisesti-terveyspalveluissa-kun-potilastietoihin-ei-paasta-kasiksi/823324/ Myös: www.radiopooki.fi/uutiset/lappi/a-181258 (Kemin tietoverkkoviat korjattu). Myös: www.kaleva.fi/uutiset/pohjois-suomi/kemin-kaupungin-tietoliikenneverkko-toimii-jalleen-normaalisti/823346/. Myös: www.kaleva.fi/uutiset/pohjois-suomi/kemia-riivanneen-tietoliikenneverkon-hairion-syy-saatiin-selvitettya/823367/. (Kemin kaupungin tiedote): www.kemi.fi/ajankohtaista/2019/07/11/kemin-kaupungin-tietoliikenneverkon-hairion-syy-ei-ollut-ulkopuolinen-hairinta/ Vulnerable GE anesthesia machines can be manipulated by attackers www.helpnetsecurity.com/2019/07/10/vulnerable-ge-anesthesia-machines/ A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.