Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset

www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen Digicert.

Punainen verkko: Venäjä piirtää valtiollisia rajoja bittiavaruuteen

ulkopolitist.fi/2020/05/04/venaja-piirtaa-valtiollisia-rajoja-bittiavaruuteen/ Venäjä haluaa saavuttaa digitaalisen itsenäisyyden vuoteen 2024 mennessä ja rakentaa siksi kansallista internetiä. Venäjän oma, kansallinen internet on neuvostoliittolaisista juurista kumpuava projekti, joka voisi antaa mallia niille autoritaarisille valtioille, jotka miettivät, miten ottaa internet valtion hallintaan. Internetin “kansallistamiset” muuttaisivat merkittävästi maailmanlaajuisen tietoverkon luonnetta.

Ovatko Iran ja Venäjä yrittäneet hakkeroida tietoja koronarokotteesta muilta? Kilpajuoksu rokotteen keksimisestä jatkuu

www.tivi.fi/uutiset/tv/6c398eb1-41ce-4338-8a8b-5fd74dfa571d Lehden mukaan Venäjä ja Iran ovat kohdistaneet Britannian yliopistoihin ja rokotetta tutkiviin laitoksiin kyberhyökkäyksiä. Juttu ei kuitenkaan yksilöi tarkemmin, mikä taho hyökkäyksiä on tehnyt.

More Covid Charity Scammers (hosted by Shinjiru Technologies AS45839)

garwarner.blogspot.com/2020/05/more-covid-charity-scammers-hosted-by.html Last week we shared information about a particularly interesting cluster of scams that focus on their shared use of a set of nameservers where all of the related content seems to be criminal in nature. Working with CAUCE (The Coalition Against Unsolicited Commercial Email) and the ZETAlytics “Massive Passive DNS” we have continued to monitor the hostnames associated with these DNS servers for additional Covid-19 related fraud.

CursedChrome turns your browser into a hacker’s proxy

www.zdnet.com/article/cursedchrome-turns-your-browser-into-a-hackers-proxy/#ftag=RSSbaffb68 Last week, a security researcher published a proof-of-concept Chrome extension that turns Chrome browsers into proxy bots, allowing hackers to navigate the web using an infected user’s identity. The tool, named CursedChrome, was created by security researcher Matthew Bryant, and released on GitHub as an open-source project.

New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

thehackernews.com/2020/05/air-gap-malware-power-speaker.html A researcher from Israel’s Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices. Dubbed ‘POWER-SUPPLaY, ‘ the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers.

India’s Jio Coronavirus symptom checker exposed test results

securityaffairs.co/wordpress/102698/data-breach/coronavirus-symptom-checker-data-leak.html A security glitch in the self-test coronavirus symptom checker developed by India’s Jio cell network exposed test results.

India orders mandatory use of COVID-19 contact tracing app for all workers

www.zdnet.com/article/india-orders-mandatory-use-of-covid-19-contact-tracing-app-for-all-workers/#ftag=RSSbaffb68 The Indian government announced on Friday that all workers, both in the public and private sectors, are required to install the nation’s COVID-19 contact tracing app as it begins to ease some of its lockdown measures for lower-risk areas.

Hacker Bribed ‘Roblox’ Insider to Access User Data

www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwords A hacker bribed a Roblox worker to gain access to the back end customer support panel of the massively popular online video game, giving them the ability to lookup personal information on over 100 million active monthly users and grant virtual in-game currency.

CAM4 adult cam site exposes 11 million emails, private chats

www.bleepingcomputer.com/news/security/cam4-adult-cam-site-exposes-11-million-emails-private-chats/ Adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users, stored within more than 10.88 billion database records. The sensitive data was leaked after one of the site’s production databases was left open to Internet access on a misconfigured Elasticsearch cluster, with records dating back to March 16, 2020.

Tarkett floored by cyber attack

www.grahamcluley.com/tarkett-floored-by-cyber-attack/ French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result

Microsoft warns of multiple malspam campaigns carrying malicious disk image files

www.zdnet.com/article/microsoft-warns-of-multiple-malspam-campaigns-carrying-malicious-disk-image-files/#ftag=RSSbaffb68 The campaign, detected last week, is using COVID-19 lures (email subject lines) to trick users into downloading and running ISO or IMG file attachments. Microsoft said these files are infected with a version of the Remcos remote access trojan (RAT), which gives attackers full control over the infected hosts. Microsoft says the attackers have been persistent and have launched multiple different spam runs, targeting companies across different industries, in multiple countries across the globe.

Tietoturvan osaajia ei pidä käyttää näin riskit kasvavat pomminvarmasti

www.tivi.fi/uutiset/tv/c6c8601b-7245-4f14-b4e5-324c048fb6a8 Moni tietoturvan ammattilainen on yllätyksekseen huomannut joutuneensa etätöissä hoitamaan yleisen it-tuen tehtäviä. Vaarallinen käytäntö lisää tietomurtojen riskejä.

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

www.schneier.com/blog/archives/2020/05/denmark_sweden_.html This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator. paper:


You might be interested in …

Daily NCSC-FI news followup 2019-09-23

Dear network operators, please use the existing tools to fix security www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/ Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.. Routers use the Border Gateway Protocol (BGP) to tell each other the current […]

Read More

Daily NCSC-FI news followup 2019-11-20

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems www.wired.com/story/iran-apt33-industrial-control-systems/ The recent shift away from IT networks raises the possibility that Irans APT33 is exploring physically disruptive cyberattacks on critical infrastructure. Ransomware Gangs Adopt APT Tactics in Targeted Attacks www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/ Ransomware operators are moving away from mass volume attacks and partnering with specialists who […]

Read More

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.