Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP!

thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also

www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks

www.bleepingcomputer.com/news/security/48k-windows-hosts-vulnerable-to-smbghost-cve-2020-0796-rce-attacks/ After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).

Tracking Turla: New backdoor delivered via Armenian watering holes

www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/ ESET researchers found a watering hole (aka strategic web compromise) operation targeting several high-profile Armenian websites. It relies on a fake Adobe Flash update lure and delivers two previously undocumented pieces of malware we have dubbed NetFlash and PyFlash.

Swallowing the Snakes Tail: Tracking Turla Infrastructure

www.recordedfuture.com/turla-apt-infrastructure/ Turla, also known as Snake, Waterbug, and Venomous Bear, is a well-established, sophisticated, and strategically focused cyberespionage group that has for over a decade been linked to operations against research, diplomatic, and military organizations worldwide, with an ongoing focus against entities within North Atlantic Treaty Organization (NATO) and Commonwealth of Independent States (CIS)

OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution

blog.trendmicro.com/trendlabs-security-intelligence/opensmtpd-vulnerability-cve-2020-8794-can-lead-to-root-privilege-escalation-and-remote-code-execution/ A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. . The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.

Flaws Riddle Zyxels Network Management Software

threatpost.com/flaws-zyxels-network-management-software/153554/ Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.

Juha Tapiona esiintynyt henkilö yritti huijata fanilta 10 000 euroa Rahanpesusta epäilty nigerialaismies poliisille: “Olin lumouksen vallassa”

yle.fi/uutiset/3-11249443?origin=rss

Trumpilta tuomiopäivän raportti kybersodan varalle Tilanne on sama kuin ydinaseissa

www.tivi.fi/uutiset/tv/05244fdc-048c-4b4b-9a44-74a6422fbb12 Yhdysvaltain liittohallituksen tuore pelikirja laajan kyberiskun varalle korostaa nettiyhteyksien pitämistä avoimina sekä talouselämän ja jakeluketjujen toimimista poikkeustilanteissa. Ohjeita kutsutaan kybersodan tuomiopäivän kirjaksi.

Yli 60 % yrityksistä ei ole löytänyt riittävää tietosuojaa 5g-yhteyksille tai esineiden internetille

www.tivi.fi/uutiset/tv/040583a2-26a5-4aa5-8fd6-603e12f61a29 Dellin tekemän globaalin kyselyn mukaan suurin osa yrityksistä ja muista organisaatioista ei ole löytänyt riittävää tietoturvaa uusille it-teknologioille. Yli 80 prosenttia yrityksistä on kärsinyt tietoturvaongelmista vuoden aikana.

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/ A new ransomware called CoronaVirus is has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

Cookiethief: a cookie-stealing Trojan for Android

securelist.com/cookiethief/96332/ We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals server.

Crafty Web Skimming Domain Spoofs https

krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/ Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. . While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked sites source code: http[.]ps (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).

Hackers Get $1.6 Million for Card Data from Breached Online Shops

www.bleepingcomputer.com/news/security/hackers-get-16-million-for-card-data-from-breached-online-shops/ Hackers have collected $1.6 million from selling more than 239,000 payment card records on the dark web. The batch was assembled from thousands of online shops running last year a tainted version of Volusion e-commerce software.

PXJ Ransomware Campaign Identified by X-Force IRIS

securityintelligence.com/posts/pxj-ransomware-campaign-identified-by-x-force-iris/ Ransomware has become one of the most profitable types of malware in the hands of cybercriminals, with reported cybercrime losses tripling in the last five years, according to the FBI.

$100K Paid Out for Google Cloud Shell Root Compromise

threatpost.com/100k-google-cloud-shell-root-compromise/153665/ A Dutch researcher claimed Googles very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.