Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source:

www.clearskysec.com/fox-kitten/

Austria: Cyber attack on the Foreign Ministry is over

www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all the departments involved, last weekend we managed to clean up our IT systems and end the cyber attack on the Foreign Ministry, said Foreign Minister Alexander Schallenberg on Thursday.. Also

www.theregister.co.uk/2020/02/14/austria_foreign_ministry_hack_turla_group_allegs/

Escaping the Chrome Sandbox with RIDL

googleprojectzero.blogspot.com/2020/02/escaping-chrome-sandbox-with-ridl.html tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is up to date and disable hyper-threading (HT).. At the time of writing, both Apple and Microsoft are actively working on a fix to prevent this attack in collaboration with the Chrome security team.

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

www.zdnet.com/article/bug-in-wordpress-plugin-can-let-hackers-wipe-up-to-200000-sites/ Same bug can also let attackers gain access to the admin account. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill.

Severe vuln in WordPress plugin Profile Builder allows remote attackers to gain admin access

www.theregister.co.uk/2020/02/17/wordpress_profile_builder_v3_1_0_vuln/ Version 3.1.1 of Profile Builder was released a week ago. WordPress.org’s counter tracks 50,000 installs of the plugin.

Twitter says Olympics, IOC accounts hacked

www.reuters.com/article/us-twitter-olympics/twitter-says-olympics-ioc-accounts-hacked-idUSKBN2090SA An official Twitter account of the Olympics and the International Olympic Committees (IOC) media Twitter account had been hacked and temporarily locked. The accounts were hacked through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

Nedbank says 1.7 million customers impacted by breach at third-party provider

www.zdnet.com/article/nedbank-says-1-7-million-customers-impacted-by-breach-at-third-party-provider/ In a security notice posted on its website, Nedbank said there was a vulnerability in the third-party provider’s systems that allowed an attacker to infiltrate its systems.. Nedbank said that none of its own systems have been affected by this incident, and the breach was limited only to its contractor’s network. The contractor appears to have had a copy of the bank’s customer data, but no direct access to the bank’s systems.

US Government update information on: North Korean Malicious Cyber Activity

www.us-cert.gov/ncas/current-activity/2020/02/14/north-korean-malicious-cyber-activity The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US: 2019 Healthcare Data Breach Report

www.hipaajournal.com/2019-healthcare-data-breach-report/ Figures from the Department of Health and Human Services Office for Civil Rights breach portal show a major increase in healthcare data breaches in 2019. Last year, 510 healthcare data breaches of 500 or more records were reported, which represents a 196% increase from 2018.

Targeted Phishing Attack Using Microsoft SLK files

www.bleepingcomputer.com/news/security/targeted-phishing-attack-aims-for-well-known-corporate-brands/ An SLK (Symbolic Link) file is a Microsoft file format used to share data between Microsoft Excel spreadsheets. Due to this, an SLK file will be displayed with an Excel icon as shown below.. When the attached SLK files are opened, a user will be prompted to ‘Enable Editing’ and ‘Enable Content’ to properly display the spreadsheet. These can then execute code.

There’s finally a way to remove xHelper, the unremovable Android malware

www.zdnet.com/article/theres-finally-a-way-to-remove-xhelper-the-unremovable-android-malware/ Malwarebytes researchers find a way to remove the malware, but they still don’t know how it really operates.

You might be interested in …

Daily NCSC-FI news followup 2019-12-23

Finnish government supports local authorities in cyber security initiative www.computerweekly.com/news/252475795/Finnish-government-supports-local-authorities-in-cyber-security-initiative Over 200 of Finlands 311 municipalities have joined the Local Government Anti Cyberspace Threats (LGACT) project to conduct joint IT network defence exercises. Venäjä testasi verkkoyhteyksiä ulkoisen hyökkäyksen varalta yle.fi/uutiset/3-11133312 Venäjän viranomaiset ilmoittavat varautuvansa ääritilanteeseen, jossa maa joutuisi maailmanlaajuisen verkon ulkopuolelle ja eristyksiin muusta maailmasta. […]

Read More

Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi: yle.fi/uutiset/3-11637719 Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja […]

Read More

Daily NCSC-FI news followup 2021-01-08

Sealed U.S. Court Records Exposed in SolarWinds Breach krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/ The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.