Daily NCSC-FI news followup 2020-06-10

Ransomware attacks spike by 140%, 57% of organizations agree to pay

atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

thehackernews.com/2020/06/SMBleed-smb-vulnerability.html Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks.. see also


Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks

thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE).. Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache.. see also cacheoutattack.com/

Diving into the SMBLost vulnerability (CVE-2020-1301)

airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/ As part of this article, we will confirm Microsofts advice through our recent discovery about a new SMBv1 vulnerability which impacts probably all versions of Windows.

Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs

blog.trendmicro.com/trendlabs-security-intelligence/patch-tuesday-fixes-for-lnk-smb-and-sharepoint-bugs/ This months Patch Tuesday had the highest number of entries so far in 2020 a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.

New Ransomware-as-a-Service Tool Thanos Shows Connections to Hakbit

www.recordedfuture.com/thanos-ransomware-builder/ In January 2020, while using the Recorded Future® Platform to monitor the weaponization of the RIPlace technique, Insikt Group uncovered a new family of ransomware for sale on Exploit Forum called Thanos, developed by a threat actor with the alias Nosophoros.

Honda and Enel impacted by cyber attack suspected to be ransomware

blog.malwarebytes.com/threat-analysis/2020/06/honda-and-enel-impacted-by-cyber-attack-suspected-to-be-ransomware/ Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of energy distribution in the City of Buenos Aires.

Encryption Utility Firm Accused of Bundling Malware Functions in Product

threatpost.com/legitimate-italian-guloader-obfuscator/156443/ An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection

Self-destructing skimmer steals credit cards of Greenworks customers

www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/ Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.

GnuTLS patches huge security hole that hung around for two years worse than Heartbleed, says Google cryptoboffin

www.theregister.com/2020/06/10/gnutls_patches_security_hole/ GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack.

Älä koske tähän! Väärä Veikkaus-sovellus kerää latauksia Google Playssa

www.is.fi/digitoday/tietoturva/art-2000006536505.html Android-laitteisiin tarjotaan Veikkauksen nimissä huijaussovellusta. Sovellus on saatavilla virallisesta Google Play -kaupasta ja sillä oli uutista kirjoitettaessa ainakin tuhat latausta. Google ei ilmoita tarkkaa lukua.

Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin

www.bleepingcomputer.com/news/security/fake-spacex-youtube-channels-scam-viewers-out-of-150k-in-bitcoin/ Scammers have hijacked three YouTube channels to display bitcoin scams impersonating Elon Musk’s SpaceX channel. So far, these scams have raked in close to $150,000 in bitcoins in two days.

Job application-themed malspam pushes ZLoader


Hakkerit kiusaavat Nintendoa: jo 300 000 käyttäjän tiedot vuotaneet

www.tivi.fi/uutiset/tv/fd77ce14-17fb-489f-8fe0-c430e794f497 Nintendo kehottaa asiakkaitaan kytkemään päälle kaksivaiheisen tunnistautumisen sen tarjoaman tehokkaan tietoturvan vuoksi.

You might be interested in …

Daily NCSC-FI news followup 2019-08-24

Kyberhyökkäykset ravistelevat suomalaiskuntia Tampere: “Harjoittelemme säännöllisesti” www.tivi.fi/uutiset/tv/d884768a-4cba-4abb-b990-64620669935d Sähköpostihuijareiden toimintatapoja tarkemmin – eiliseen 80 huijarin kiinniottoon liittyvä analyysi garwarner.blogspot.com/2019/08/los-angeles-court-charges-80-nigerians.html Fortnite-pelin huijausohjelma sisältääkin haittaohjelman ja vaatii lunnaat www.kaspersky.com/blog/ransomware-in-fortnite-cheats/28104/ FireEyen tuore raportti sote-sektorin toistuvasta kohdennuksesta ja altistumisesta tietovuodoille www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Facebook jakoi vuosittaisen Internet Defence Prize -palkintonsa saksalaisille tutkijoille: 100’000 USD uudesta suojausmekanismista. www.zdnet.com/article/facebook-awards-100000-prize-for-new-code-isolation-technique/ Esineiden internet: älyuunit päälle keskellä […]

Read More

Daily NCSC-FI news followup 2019-11-07

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections www.theregister.co.uk/2019/11/07/ignite_2019_security/ Your guide to some of the security enhancements announced this week. Office 365 will be getting additional security protections through Application Guard, the sandboxing tool Microsoft debuted with its Edge browser. The idea is that Application Guard will isolate documents, preventing malicious […]

Read More

Daily NCSC-FI news followup 2020-06-21

Ransomware operators lurk on your network after their attack www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won’t get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.