Daily NCSC-FI news followup 2020-03-11

Warning Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed

thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.

Beware of ‘Coronavirus Maps’ It’s a malware infecting PCs to steal passwords

thehackernews.com/2020/03/coronavirus-maps-covid-19.html The malware campaign specifically aims to target those who are looking on the Internet for cartographic presentations of the spread of COVID-19 and serving them with a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer.

DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes

www.bleepingcomputer.com/news/security/ddr4-memory-still-at-rowhammer-risk-new-method-bypasses-fixes/ Academic researchers testing modern memory modules from Samsung, Micron, and Hynix discovered that current protections against Rowhammer attacks are insufficient.. The new findings show that memory bit flipping works on many devices, including popular smartphones from Google, Samsung, and OnePlus.

Dutch government loses hard drives with data of 6.9 million registered donors

www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/ The Dutch government said it lost two external hard disk storage devices that contained the personal data of more than 6.9 million organ donors.. The hard drives stored electronic copies of all donor forms filed with the Dutch Donor Register between February 1998 to June 2010, officials from the Dutch Minister of Health, Wellness, and Sport said earlier this week.

Popular ThemeREX WordPress Plugin Opens Websites to RCE

threatpost.com/themerex-wordpress-plugin-remote-code-execution/153592/ A critical vulnerability in a WordPress plugin known as ThemeREX Addons could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day.

Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

yoroi.company/research/karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government/ In this campaign, the APT group may have compromised a Microsoft Exchange Server belonging to a Lebanon government entity, in fact, we found some evidence in the communication logic.

The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs

yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/ Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity. Cybaze-Yoroi ZLab decided to study in depth a recent threat attributed to a North Korean APT dubbed Kimsuky.

Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account

isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/ For a few days, there are new waves of Agent Tesla[1] landing in our mailboxes. I found one that uses two new “channels” to deliver the trojan. Today, we can potentially receive notifications and files from many types of systems or devices. I found a phishing sample that tries to hide behind a Canon EOS camera notification.

Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database

www.theregister.co.uk/2020/03/11/secret_sharing_app_whisper_shared_secrets_in_exposed_database/ 900 million records detailing country, interests and more left in full view

Why are governments so vulnerable to ransomware attacks?

www.zdnet.com/article/why-are-governments-so-vulnerable-to-ransomware-attacks/#ftag=RSSbaffb68 Emisoft estimates that over 2019, ransomware attacks impacted at least 948 government agencies, educational entities, and healthcare providers.. Analysis conducted by Recorded Future suggests that 81 successful ransomware attacks took place against US government bodies across the year, and these incidents would often have a knock-on effect of impacting high numbers of towns and cities in their local areas.

Suomessa varaudutaan etätöiden kasvuun koronan vuoksi kapasiteettia ei voi kasvattaa rajattomasti

www.tivi.fi/uutiset/tv/0c720acc-d867-4e45-a1de-89db080ed8e6 Valtionhallinnon perustietotekniikasta vastaava Valtori kertoo varautuneensa etätyön huomattavaan lisääntymiseen.

Rumat luvut: Suomalaisten ilmoittamat nettipetokset lisääntyvät aina vaan

www.is.fi/digitoday/art-2000006434458.html Vaikka ilmoituksia petoksista on tuhansia aiempaa enemmän, kaikkia ei vieläkään ilmoiteta poliisille.

Valkohattuhakkeri voidaan kokea uhkaavana Pelko estää yrityksiä reagoimasta haavoittuvuuksiin

www.tivi.fi/uutiset/tv/9de19815-cd84-4170-b3e6-a7b9210d7795 Tietoturvatutkija Laura Kankaalan mukaan joissain yrityksissä ei vieläkään haluttaisi saattaa tietoturva-aukkoja päivänvaloon.

Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan

blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/ We recently discovered a new campaign that we dubbed Operation Overtrap for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack.

Five ways to detect early signs of a breach using the network


Safeguarding Healthcare for the Future With Zero Trust Security


Securing the MSP: best practices for vetting cybersecurity vendors


You might be interested in …

Daily NCSC-FI news followup 2021-06-20

Norway says Chinese group APT31 is behind catastrophic 2018 government hack therecord.media/norway-says-chinese-group-apt31-is-behind-catastrophic-2018-government-hack/ Norway’s police secret service said this week that APT31, a cyber-espionage group operating on behalf of China, was responsible for a 2018 breach of the government’s IT network. According to the Norwegian Police Security Service (PST), the 2018 hack was as bad as […]

Read More

Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also: www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and Microsoft Phishing Attack Uses Google Redirects to Evade Detection www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign […]

Read More

Daily NCSC-FI news followup 2021-05-28

APT29: Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered. This file contained a malicious LNK file, a malicious DLL file, and a legitimate lure referencing foreign threats to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.