Daily NCSC-FI news followup 2020-04-16

Linksys asks users to reset passwords after hackers hijacked home routers last month

www.zdnet.com/article/linksys-asks-users-to-reset-passwords-after-hackers-hijacked-home-routers-last-month/ Linksys locks Smart WiFi cloud accounts and asks users to reset passwords after hackers hijacked routers to redirect traffic to malware sites.

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

www.us-cert.gov/ncas/alerts/aa20-107a This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organizations to immediately patch CVE-2019-11510an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances.. This Alert provides new detection methods for this activity, including a CISA-developed tool that helps network administrators search for indicators of compromise (IOCs) associated with exploitation of CVE-2019-11510.

Puhelimeen voi tulla koronan varjolla ikävä yllätys 16 haittaohjelmaa vaanii rahojasi ja tietojasi

www.is.fi/digitoday/tietoturva/art-2000006476230.html Verkkorikolliset ovat jo jonkin aikaa yrittäneet huijata verkonkäyttäjiä korona-aiheisilla sähköposteilla ja verkkosivuilla. Näiden ohella ihmisiä yritetään harhauttaa myös lataamaan puhelimeensa haittaohjelmia koronan varjolla, kertoo tietoturvayhtiö Check Point.

Kiristäjät löivät turbon päälle näin lisätään lunnaiden maksuhaluja

www.tivi.fi/uutiset/tv/60abbcdb-907c-484f-a783-185c2f22a6f9 Tietoturvayhtiö Check Point kertoo havainneensa, että etenkin sairaaloita ja yrityksiä pihteihinsä ottavat verkkorikolliset ovat ottaneet käyttöön entistä kovemmat keinot. Check Point puhuu kaksinkertaisesta kiristyksestä.

Pornoiskuja, rasistista huutelua ja vuodettuja salasanoja Suosittu Zoom-videopuhelupalvelu on kärsinyt tietoturvaongelmista

yle.fi/uutiset/3-11307551 Yhtiön käyttäjämäärät ja pörssikurssit ovat kohonneet räjähdysmäisesti ongelmista huolimatta.

Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

www.vice.com/en_us/article/qjdqgv/hackers-selling-critical-zoom-zero-day-exploit-for-500000 People who trade in zero-day exploits say there are two Zoom zero-days, one for Windows and one for MacOS, on the market.

Zoom-bombing disrupted a House Oversight Committee meeting

www.zdnet.com/article/zoom-bombing-disrupted-a-house-oversight-committee-meeting/ A US congressman says that miscreants have managed to disrupt a Zoom meeting held at the highest levels of the US government, despite warnings against using the software.

Streaming TV Fraudsters Steal Millions of Ad Dollars in ICEBUCKET Attack

threatpost.com/icebucket-streaming-tv-fraudsters-steal-ad-dollars/154852/ A massive television ad fraud campaign that abuses the programmatic advertising ecosystem for connected TV (CTV) has successfully impersonated more than 2 million people in over 30 countries so far during its run, defrauding more than 300 different brands out of their ad dollars.

Kernel vulnerabilities in Android devices using Qualcomm chips explored

www.zdnet.com/article/technical-details-of-kernel-vulnerabilities-in-android-devices-using-qualcomm-chips-revealed/ Updated: The security flaws that allowed attackers to achieve root capabilities on handsets have now been described in detail.

New AgentTesla variant steals WiFi credentials

blog.malwarebytes.com/cybercrime/2020/04/new-agenttesla-variant-steals-wifi-credentials/ Newer variants of AgentTesla seen in the wild have the capability to collect information about a victims WiFi profile, possibly to use it as a way to spread onto other machines. In this blog we provide details about how this new feature works.

SentinelOne researcher trolled in new MBRLocker ransomware campaign

www.zdnet.com/article/sentinelone-researcher-trolled-in-new-mbrlocker-ransomware-campaign/ Malware was released using the researchers name as author, alongside his contact details.

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

thehackernews.com/2020/04/rubygem-typosquatting-malware.html In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems packages written in Ruby programming language that supply chain attackers were caught recently distributing through the RubyGems repository.

Double Extortion Ransomware Attacks Spike

threatpost.com/double-extortion-ransomware-attacks-spike/154818/ More ransomware operators are setting up pages where they threaten to publish compromised data from victims an added pressure for victims to pay the ransom.

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” At this time, we do not believe this attack is associated with an already known threat actor.. Our research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus we believe the adversaries in this case want to target citizens of the country Azerbaijan, including private companies in the SCADA sector like wind turbine systems.

Coronavirus: Cisco wanted to delay patch for critical flaw in phone used by doctors

www.zdnet.com/article/coronavirus-cisco-wanted-to-delay-patch-for-critical-flaw-in-phone-used-by-doctors/ Cisco has gone ahead and disclosed a critical flaw in a range of its internet protocol (IP) phones. However, it had originally wanted to break from its own 90-day disclosure policy due to “extenuating circumstances” created by the COVID-19 coronavirus pandemic.

The secret behind unkillable Android backdoor called xHelper has been revealed

arstechnica.com/information-technology/2020/04/solved-how-android-backdoor-called-xhelper-survives-factory-resets/ The precise cause of the reinfections stumped researchers for months.

Sipping from the Coronavirus Domain Firehose

krebsonsecurity.com/2020/04/sipping-from-the-coronavirus-domain-firehose/ Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. . As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

AI spots critical Microsoft security bugs 97% of the time

venturebeat.com/2020/04/16/ai-spots-critical-microsoft-security-bugs-97-of-the-time/ Microsoft claims to have developed a system that correctly distinguishes between security and non-security software bugs 99% of the time, and that accurately identifies critical, high-priority security bugs on average 97% of the time. In the coming months, it plans to open-source the methodology on GitHub, along with example models and other resources.

Financial Cyberthreats in 2019


You might be interested in …

Daily NCSC-FI news followup 2019-09-20

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite www.wired.com/story/air-force-defcon-satellite-hacking/ When the Air Force showed up at the Defcon hacker conference in Las Vegas last month, it didnt come empty-handed. It brought along an F-15 fighter-jet data systemone that security researchers thoroughly dismantled, finding serious vulnerabilities along the way. The USAF was […]

Read More

Daily NCSC-FI news followup 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials. SolarWinds hack analysis reveals 56% boost […]

Read More

Daily NCSC-FI news followup 2019-06-14

Tietoturvayhtiö varoittaa: Merkit pahasta kyberiskusta näkyvissä www.is.fi/digitoday/tietoturva/art-2000006142010.html Tietoturvayhtiö Check Point yhtyy Microsoftin ja monien asiantuntijoiden kuoroon ja kehottaa vanhojen Windowsien käyttäjiä korjaamaan viimeistään nyt niin sanotun BlueKeep-haavoittuvuuden. The Brussels Times: Cyber-attack causes aircraft parts maker to close indefinitely www.brusselstimes.com/all-news/business/technology/58373/cyber-attack-causes-aircraft-parts-maker-to-close-indefinitely-asco/ According to Data News, Asco has shut down its base in Zaventem, as well as operations […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.