Daily NCSC-FI news followup 2020-03-11

Warning Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed

thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.

Beware of ‘Coronavirus Maps’ It’s a malware infecting PCs to steal passwords

thehackernews.com/2020/03/coronavirus-maps-covid-19.html The malware campaign specifically aims to target those who are looking on the Internet for cartographic presentations of the spread of COVID-19 and serving them with a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer.

DDR4 Memory Still At Rowhammer Risk, New Method Bypasses Fixes

www.bleepingcomputer.com/news/security/ddr4-memory-still-at-rowhammer-risk-new-method-bypasses-fixes/ Academic researchers testing modern memory modules from Samsung, Micron, and Hynix discovered that current protections against Rowhammer attacks are insufficient.. The new findings show that memory bit flipping works on many devices, including popular smartphones from Google, Samsung, and OnePlus.

Dutch government loses hard drives with data of 6.9 million registered donors

www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/ The Dutch government said it lost two external hard disk storage devices that contained the personal data of more than 6.9 million organ donors.. The hard drives stored electronic copies of all donor forms filed with the Dutch Donor Register between February 1998 to June 2010, officials from the Dutch Minister of Health, Wellness, and Sport said earlier this week.

Popular ThemeREX WordPress Plugin Opens Websites to RCE

threatpost.com/themerex-wordpress-plugin-remote-code-execution/153592/ A critical vulnerability in a WordPress plugin known as ThemeREX Addons could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day.

Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

yoroi.company/research/karkoff-2020-a-new-apt34-espionage-operation-involves-lebanon-government/ In this campaign, the APT group may have compromised a Microsoft Exchange Server belonging to a Lebanon government entity, in fact, we found some evidence in the communication logic.

The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs

yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/ Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity. Cybaze-Yoroi ZLab decided to study in depth a recent threat attributed to a North Korean APT dubbed Kimsuky.

Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account

isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/ For a few days, there are new waves of Agent Tesla[1] landing in our mailboxes. I found one that uses two new “channels” to deliver the trojan. Today, we can potentially receive notifications and files from many types of systems or devices. I found a phishing sample that tries to hide behind a Canon EOS camera notification.

Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database

www.theregister.co.uk/2020/03/11/secret_sharing_app_whisper_shared_secrets_in_exposed_database/ 900 million records detailing country, interests and more left in full view

Why are governments so vulnerable to ransomware attacks?

www.zdnet.com/article/why-are-governments-so-vulnerable-to-ransomware-attacks/#ftag=RSSbaffb68 Emisoft estimates that over 2019, ransomware attacks impacted at least 948 government agencies, educational entities, and healthcare providers.. Analysis conducted by Recorded Future suggests that 81 successful ransomware attacks took place against US government bodies across the year, and these incidents would often have a knock-on effect of impacting high numbers of towns and cities in their local areas.

Suomessa varaudutaan etätöiden kasvuun koronan vuoksi kapasiteettia ei voi kasvattaa rajattomasti

www.tivi.fi/uutiset/tv/0c720acc-d867-4e45-a1de-89db080ed8e6 Valtionhallinnon perustietotekniikasta vastaava Valtori kertoo varautuneensa etätyön huomattavaan lisääntymiseen.

Rumat luvut: Suomalaisten ilmoittamat nettipetokset lisääntyvät aina vaan

www.is.fi/digitoday/art-2000006434458.html Vaikka ilmoituksia petoksista on tuhansia aiempaa enemmän, kaikkia ei vieläkään ilmoiteta poliisille.

Valkohattuhakkeri voidaan kokea uhkaavana Pelko estää yrityksiä reagoimasta haavoittuvuuksiin

www.tivi.fi/uutiset/tv/9de19815-cd84-4170-b3e6-a7b9210d7795 Tietoturvatutkija Laura Kankaalan mukaan joissain yrityksissä ei vieläkään haluttaisi saattaa tietoturva-aukkoja päivänvaloon.

Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan

blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/ We recently discovered a new campaign that we dubbed Operation Overtrap for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack.

Five ways to detect early signs of a breach using the network


Safeguarding Healthcare for the Future With Zero Trust Security


Securing the MSP: best practices for vetting cybersecurity vendors


You might be interested in …

Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta” www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota. China’s APT hackers move to […]

Read More

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More

Daily NCSC-FI news followup 2020-07-07

F5 BigIP vulnerability exploitation followed by a backdoor implant attempt isc.sans.edu/diary/rss/26322 While monitoring SANS Storm Center’s honeypots today, I came across the second F5 BIGIP CVE-2020-5902 vulnerability exploitation followed by a backdoor deployment attempt. The first one was seen by Johannes yesterday. www.bleepingcomputer.com/news/security/mitigating-critical-f5-big-ip-rce-flaw-not-enough-bypass-found/ Mac ThiefQuest malware may not be ransomware after all blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/ The ThiefQuest […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.