Daily NCSC-FI news followup 2020-02-27

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now


Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right?

www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/ Encryption keys forced to zero by chip-level KrØØk flaw

Credit Card Skimmer Uses Fake CDNs To Evade Detection

www.bleepingcomputer.com/news/security/credit-card-skimmer-uses-fake-cdns-to-evade-detection/ Threat actors have been spotted cloaking their credit card skimmers using fake content delivery network domains as part of an effort to hide them and their exfil traffic in plain sight.. also:


Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/ The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim’s data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon.

Nämä 10 vaarallista Android-sovellusta tulisi poistaa heti

www.tivi.fi/uutiset/tv/d730cffb-50bd-4753-897b-0bf77236822a Google Play -sovelluskaupasta löytyvät vpn-sovellukset voivat olla vaaraksi.

Tuorein kybermurhe: verkkoihin tungetaan kelvottomia iot-laitteita

www.tivi.fi/uutiset/tv/3938b616-b370-4e2c-b600-ad296e1d38b1 Yli puolet yritysverkkojen miljardeista iot-laitteista on kuluttajaluokan härpäkkeitä. Työntekijöiden omat älykellot ja sykemittarit eivät todellakaan firman verkkoon kuulu.

Suomi on jatkuvan Gmail-hyökkäyksen kohteena ilmiölle vaikea löytää selitystä

www.is.fi/digitoday/tietoturva/art-2000006420941.html?ref=rss Suomeen lähetetään Gmailissa mittavat määrät haitallisia asiakirjoja, Google kertoi PC Magazinen mukaan.

Six suspected drug dealers went free after police lost evidence in ransomware attack

www.zdnet.com/article/six-suspected-drug-dealers-went-free-after-police-lost-evidence-in-ransomware-attack/ Seventh incident of its kind when police investigations were impacted by a ransomware infection.

Android malware can steal Google Authenticator 2FA codes

www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/ A new version of the “Cerberus” Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.. “Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application,” the ThreatFabric team said.

Offensive Tools Are For Blue Teams Too


Valtion kyberturvallisuusjohtajaksi valittu Rauli Paananen: Suomi on kyberturvallisuuden kärkimaita

yle.fi/uutiset/3-11230455 Suurimmat Suomea koskevat uhat ovat Paanasen mukaan tällä hetkellä huijauskampanjat, palvelunestohyökkäykset sekä yritysvakoilu.

Tuhansia suomalaisia koijattu ilmaisia iPhoneja ei ole jaossa

www.tivi.fi/uutiset/tv/5558849a-3a86-4841-851d-61a2b1ea851c Facebookissa leviää Verkkokauppa.comiksi tekeytyneen sivun huijauspäivitys.

Hyvästi salattu viestintä internetissä: Yhdysvallat aikoo pakottaa viranomaisille takaportin kaikkeen tietoliikenteeseen

www.tivi.fi/uutiset/tv/47babfae-08cf-485c-92ba-f9a4d812b9da Yhdysvaltain oikeusministeriö myönsi painostavansa maan lainsäätäjiä hyväksymään lain, joka jättäisi viranomaisille takaportin kaikkeen salattuun tietoliikenteeseen. Ministeriö myöntää käyttävänsä hyväkseen tietotekniikkayhtiöiden heikentynyttä julkisuuskuvaa.

Toimi näin, jos saat oudon soiton poliisi varoittaa huijauspuheluista

www.is.fi/digitoday/tietoturva/art-2000006421373.html Poliisi ja Kyberturvallisuuskeskus varoittavat suomalaisia piinaavista huijaussoitoista tiedotteessa. Huijauksia on liikkeellä kahdenlaisia: niin sanottuja helpdesk-huijauksia sekä wangiri- eli häläripuheluita.

Ransomware victims thought their backups were safe. They were wrong

www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/ Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cybersecurity agency.

A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data

www.wired.com/story/a-flaw-in-billions-of-wi-fi-chips-let-attackers-decrypt-data/ Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers.

Norton LifeLock Phishing Scam Installs Remote Access Trojan

www.bleepingcomputer.com/news/security/norton-lifelock-phishing-scam-installs-remote-access-trojan/ Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes.

Cisco Working on Patches for New Kr00k WiFi Vulnerability


Mac adware is more sophisticated and dangerous than traditional Mac malware


As Coronavirus Spreads, So Does Covid-19 Themed Malware

www.bleepingcomputer.com/news/security/as-coronavirus-spreads-so-does-covid-19-themed-malware/ Threat actors are still taking advantage of the ongoing COVID-19 global outbreak by attempting to drop Remcos RAT and malware payloads on their targets’ computers via malicious files that promise to provide Coronavirus safety measures.

You might be interested in …

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Daily NCSC-FI news followup 2022-01-07

The JNDI Strikes Back Unauthenticated RCE in H2 Database Console jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). Although this […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.