Daily NCSC-FI news followup 2020-03-09

A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.

threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/ Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.. see also

www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys

ENTSO-E: cyber intrusion on its office network

www.fingrid.fi/en/pages/news/news/2020/entso-e-cyber-intrusion-on-its-e-office-network/ European Network of Transmission System Operations for Electricity ENTSO-E has informed that some of their IT systems had been subjected to a security attack.. The attack was not directed against Fingrid or other transmission system operators, and it didn’t have any influence on Fingrids customers or other stakeholders.

Terve epäluulo suojaa parhaiten petosrikoksilta

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/terve_epaluulo_suojaa_parhaiten_petosrikoksilta_88476?language=fi Rikolliset osaavat häikäilemättä käyttää hyväkseen ihmisten luontaista uskoa hyvään ja toivetta nopeaan vaurastumiseen. Petosrikollisuudelta parhaiten suojaakin usein terve epäluulo.

New Variant of TrickBot Being Spread by Word Document

www.fortinet.com/blog/threat-research/new-variant-of-trickbot-being-spread-by-word-document.html Recently, FortiGuard Labs captured an MS Office Word sample in the wild that is spreading a new variant of TrickBot. I did an analysis on this sample file, and in this post I will explain how it works on the victims machine.

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

threatpost.com/amd-downplays-cpu-threat-opening-chips-to-data-leak-attacks/153516/ New side-channel attacks have been disclosed in AMD CPUs, however AMD said that they are not new.

Check Point chap: Small firms don’t invest in infosec then hope they won’t get hacked. Spoiler alert: They get hacked

www.theregister.co.uk/2020/03/09/check_point_interview/ One vendor’s security controls aren’t enough, says Dan Wiley

Twitter First: Trump Video Retweet Tagged as ‘Manipulated Media’

www.bleepingcomputer.com/news/security/twitter-first-trump-video-retweet-tagged-as-manipulated-media/ For the first time, Twitter has labeled a video as ‘Manipulated Media’ that attempts to portray Joe Biden as stating that Donald Trump should be re-elected.

Top Tips for Secure Remote Working

blog.checkpoint.com/2020/03/09/top-tips-for-secure-remote-working/ Practical tips to enable employees to work safely from home during the Coronavirus outbreak

International Womens Day: awareness of stalkerware, monitoring, and spyware apps on the rise

blog.malwarebytes.com/stalkerware/2020/03/international-womens-day-awareness-of-stalkerware-monitoring-and-spyware-apps-on-the-rise/

Crescendo: Real Time Event Viewer for macOS

www.fireeye.com/blog/threat-research/2020/03/crescendo-real-time-event-viewer-for-macos.html

You might be interested in …

Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a […]

Read More

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Daily NCSC-FI news followup 2019-07-13

Brazil is at the forefront of a new type of router attack www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/ On these sites, malicious ads (malvertising) run special code inside users’ browsers to search and detect the IP address of a home router, the router’s model. When they detect the router’s IP and model, the malicious ads then use a list of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.