Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases

threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also:

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also:

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/

Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution

blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html An exploitable path traversal vulnerability exists in the Zoom Client version 4.6.10 processes messages including animated GIFs. In order to trigger this vulnerability, an attacker needs to send a specially crafted message to a target user or a group. See also:

talosintelligence.com/vulnerability_reports/TALOS-2020-1055. And also:

talosintelligence.com/vulnerability_reports/TALOS-2020-1056

Large-scale attack tries to steal configuration files from WordPress sites

www.zdnet.com/article/large-scale-attack-tries-to-steal-configuration-files-from-wordpress-sites/ Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites. Campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem

Ransomware gang says it breached one of NASA’s IT contractors

www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/ DopplePaymer ransomware gang claims to have breached DMI, a major US IT and cybersecurity provider, and one of NASA IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand.

European Cyber Security Challenge 2020 – Event Date Change

www.enisa.europa.eu/news/enisa-news/european-cyber-security-challenge-2020-dates-changed The ECSC Steering Committee together with the Austrian national planners and the support of the European Agency for Cybersecurity decided to change the dates of the European Cyber Security Challenge 2020 Finals, scheduled to take place in Vienna this November. More information: europeancybersecuritychallenge.eu/

Pidä varasi: Lidl-huijaus kerää suomalaisten yhteystietoja

www.is.fi/digitoday/tietoturva/art-2000006528702.html Facebookissa näytetään suomalaisille Lidlin nimissä tehtyä huijausta, jonka varjolla ihmisiltä kalastellaan yhteystietoja.

You might be interested in …

Daily NCSC-FI news followup 2019-11-04

Chrome bug squashed, QNAP NAS nasty hits, BlueKeep malware spreads, and more www.theregister.co.uk/2019/11/04/security_roundup_november1/ Including Spanish camgirl sites spill info, domain registrars hacked Happy Birthday, CVE! Naked Security nationalcybersecurity.com/happy-birthday-cve-naked-security/ It was October 1999. Macs had just got embedded Wi-Fi, Napster had launched, and Yahoo had purchased Geocities for $3.6bn. Something else happened that escaped most computer […]

Read More

Daily NCSC-FI news followup 2020-01-26

Teenagers today. Can’t take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist www.theregister.co.uk/2020/01/25/security_roundup/ Also, Cisco, Citrix emit patches, US army advises using Signal Patching the Citrix ADC Bug Doesn’t Mean You Weren’t Hacked www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/ Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. […]

Read More

Daily NCSC-FI news followup 2019-08-26

Poliisi varoittaa ihmisiä yhä yleisemmiksi käyvistä verkkorikoksista. Esimerkiksi niin sanottuja pomohuijauksia yritetään yllättäviinkin kohteisiin. www.tivi.fi/uutiset/tv/dd810717-424e-4651-b482-e5c5014dcdd5 Tänä vuonna on tehty jo 196 rikosilmoitusta epäillystä toimitusjohtajapetoksesta ja poliisin arvion mukaan yritykset ja muut rikosten kohteeksi joutuneet toimijat ovat menettäneet rikosten takia rahaa arviolta 4,2 miljoonaa euroa. Valtio aikoo fuusioida edellisen hallituksen sote- ja maakuntayhdistyksen yhteydessä perustamat it-yhtiöt […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.