Daily NCSC-FI news followup 2020-04-20

Taiwan High-Tech Ecosystem Targeted by Foreign APT Group:

medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730 – From what we found even those who use VPNs are at risk even more so than usual. Read below to see how and what to do about it. The main objective of these attacks was the exfiltration of intellectual property, such as documents on integrated circuits (IC), software development kits (SDKs), IC designs, source code, etc. Full report:

cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf

Windows 10 SMBGhost RCE exploit demoed by researchers

www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/ A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 ‘wormable’ pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. For the time being though, Ricerca Security has decided not to share their RCE PoC exploit publicly to avoid having it fall in the wrong hands.

5g-mastoja tuhotaan jo Ruotsissakin: 70-metrinen masto nurin

www.tivi.fi/uutiset/tv/2cc1d7d1-8abe-4107-9a44-7a6d3ba2554c 5g-mastojen tuhotyöt ovat nyt levinneet myös Ruotsiin. Länsinaapurissa on tehty kaksi mastoihin kohdistunutta iskua. Örkelljungassa kaadettiin 70 metrinen masto iltahämärissä jo 16. maaliskuuta. Viisi päivää myöhemmin samaa temppua yritettiin myös Skoonen Klippanissa. Masto sai yrityksessä ainoastaan vaurioita.

Huijaustekstareita ja -sähköposteja liikkeellä paljon vedätyksiä esimerkiksi Postin nimissä

www.is.fi/digitoday/art-2000006480907.html

Students, university clash over forced installation of remote exam monitoring software on home PCs

www.zdnet.com/article/students-university-clash-over-plans-to-install-remote-exam-monitoring-software-on-home-pcs/ The use of remote spying software to prevent cheating has raised an outcry from students.

Microsoft: Our AI can spot security flaws from just the titles of developers’ bug reports

www.zdnet.com/article/microsoft-our-ai-can-spot-security-flaws-from-just-the-titles-of-developers-bug-reports/ Microsoft’s machine-learning model can speed up the triage process when handling bug reports. Microsoft says its machine-learning model correctly distinguishes between security and non-security bugs 99% of the time. It can also accurately identify critical security bugs 97% of the time.

Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities Intelligence for Vulnerability Management, Part Three

www.fireeye.com/blog/threat-research/2020/04/how-mandiant-intelligence-rates-vulnerabilities.html

Trickbot malware is using these unique ‘macro-laced’ document attachments with a coronavirus theme

www.zdnet.com/article/trickbot-malware-is-using-these-unique-macro-laced-document-attachments-with-a-coronavirus-theme/ Microsoft Security Intelligence warns that there’s been a large uptick in Covid-19 themed lures in phishing attacks by this one malware operation in recent days.

Google rolls out BeyondCorp Remote Access for browser-based apps

www.zdnet.com/article/google-rolls-out-beyondcorp-remote-access-for-browser-based-apps/ Google Cloud on Monday rolled out BeyondCorp Remote Access, a new cloud-based product that allows employees to securely access their company’s internal web apps from any device or any location. Amid the scramble to get employees working remotely through the COVID-19 pandemic, the new product aims to quickly provide secure access to browser-based apps.

Foxit PDF Reader, PhantomPDF Open to Remote Code Execution

threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/ Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could enable remote code execution.

Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox

www.nytimes.com/2020/04/20/technology/zoom-security-dropbox-hackers.html Dropbox privately paid top hackers to find bugs in software by the videoconferencing company Zoom, then pressed it to fix them.

267 million Facebook profiles sold for $600 on the dark web

www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/ Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.

Research Grants to support Google VRP Bug Hunters during COVID-19

security.googleblog.com/2020/04/research-grants-to-support-google-vrp_20.html As of today, every Google VRP Bug Hunter who submitted at least two remunerated reports from 2018 through April 2020 will be eligible for a $1, 337 research grant.

Coronavirus update: as economic stimulus payments start to flow, cyber-attackers want to get their share too

blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.