NCSC-FI News followup

Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP! Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).

Tracking Turla: New backdoor delivered via Armenian watering holes ESET researchers found a watering hole (aka strategic web compromise) operation targeting several high-profile Armenian websites. It relies on a fake Adobe Flash update lure and delivers two previously undocumented pieces of malware we have dubbed NetFlash and PyFlash.

Swallowing the Snakes Tail: Tracking Turla Infrastructure Turla, also known as Snake, Waterbug, and Venomous Bear, is a well-established, sophisticated, and strategically focused cyberespionage group that has for over a decade been linked to operations against research, diplomatic, and military organizations worldwide, with an ongoing focus against entities within North Atlantic Treaty Organization (NATO) and Commonwealth of Independent States (CIS)

OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. . The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.

Flaws Riddle Zyxels Network Management Software Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.

Juha Tapiona esiintynyt henkilö yritti huijata fanilta 10 000 euroa Rahanpesusta epäilty nigerialaismies poliisille: “Olin lumouksen vallassa”

Trumpilta tuomiopäivän raportti kybersodan varalle Tilanne on sama kuin ydinaseissa Yhdysvaltain liittohallituksen tuore pelikirja laajan kyberiskun varalle korostaa nettiyhteyksien pitämistä avoimina sekä talouselämän ja jakeluketjujen toimimista poikkeustilanteissa. Ohjeita kutsutaan kybersodan tuomiopäivän kirjaksi.

Yli 60 % yrityksistä ei ole löytänyt riittävää tietosuojaa 5g-yhteyksille tai esineiden internetille Dellin tekemän globaalin kyselyn mukaan suurin osa yrityksistä ja muista organisaatioista ei ole löytänyt riittävää tietoturvaa uusille it-teknologioille. Yli 80 prosenttia yrityksistä on kärsinyt tietoturvaongelmista vuoden aikana.

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer A new ransomware called CoronaVirus is has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

Cookiethief: a cookie-stealing Trojan for Android We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals server.

Crafty Web Skimming Domain Spoofs https Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. . While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked sites source code: http[.]ps (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).

Hackers Get $1.6 Million for Card Data from Breached Online Shops Hackers have collected $1.6 million from selling more than 239,000 payment card records on the dark web. The batch was assembled from thousands of online shops running last year a tainted version of Volusion e-commerce software.

PXJ Ransomware Campaign Identified by X-Force IRIS Ransomware has become one of the most profitable types of malware in the hands of cybercriminals, with reported cybercrime losses tripling in the last five years, according to the FBI.

$100K Paid Out for Google Cloud Shell Root Compromise A Dutch researcher claimed Googles very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.