Daily NCSC-FI news followup 2020-06-10

Ransomware attacks spike by 140%, 57% of organizations agree to pay

atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

thehackernews.com/2020/06/SMBleed-smb-vulnerability.html Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks.. see also


Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks

thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE).. Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache.. see also cacheoutattack.com/

Diving into the SMBLost vulnerability (CVE-2020-1301)

airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/ As part of this article, we will confirm Microsofts advice through our recent discovery about a new SMBv1 vulnerability which impacts probably all versions of Windows.

Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs

blog.trendmicro.com/trendlabs-security-intelligence/patch-tuesday-fixes-for-lnk-smb-and-sharepoint-bugs/ This months Patch Tuesday had the highest number of entries so far in 2020 a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.

New Ransomware-as-a-Service Tool Thanos Shows Connections to Hakbit

www.recordedfuture.com/thanos-ransomware-builder/ In January 2020, while using the Recorded Future® Platform to monitor the weaponization of the RIPlace technique, Insikt Group uncovered a new family of ransomware for sale on Exploit Forum called Thanos, developed by a threat actor with the alias Nosophoros.

Honda and Enel impacted by cyber attack suspected to be ransomware

blog.malwarebytes.com/threat-analysis/2020/06/honda-and-enel-impacted-by-cyber-attack-suspected-to-be-ransomware/ Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later confirmed by the company in a tweet. Another similar attack, also disclosed on Twitter, hit Edesur S.A., one of the companies belonging to Enel Argentina which operates in the business of energy distribution in the City of Buenos Aires.

Encryption Utility Firm Accused of Bundling Malware Functions in Product

threatpost.com/legitimate-italian-guloader-obfuscator/156443/ An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus detection

Self-destructing skimmer steals credit cards of Greenworks customers

www.bleepingcomputer.com/news/security/self-destructing-skimmer-steals-credit-cards-of-greenworks-customers/ Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.

GnuTLS patches huge security hole that hung around for two years worse than Heartbleed, says Google cryptoboffin

www.theregister.com/2020/06/10/gnutls_patches_security_hole/ GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack.

Älä koske tähän! Väärä Veikkaus-sovellus kerää latauksia Google Playssa

www.is.fi/digitoday/tietoturva/art-2000006536505.html Android-laitteisiin tarjotaan Veikkauksen nimissä huijaussovellusta. Sovellus on saatavilla virallisesta Google Play -kaupasta ja sillä oli uutista kirjoitettaessa ainakin tuhat latausta. Google ei ilmoita tarkkaa lukua.

Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin

www.bleepingcomputer.com/news/security/fake-spacex-youtube-channels-scam-viewers-out-of-150k-in-bitcoin/ Scammers have hijacked three YouTube channels to display bitcoin scams impersonating Elon Musk’s SpaceX channel. So far, these scams have raked in close to $150,000 in bitcoins in two days.

Job application-themed malspam pushes ZLoader


Hakkerit kiusaavat Nintendoa: jo 300 000 käyttäjän tiedot vuotaneet

www.tivi.fi/uutiset/tv/fd77ce14-17fb-489f-8fe0-c430e794f497 Nintendo kehottaa asiakkaitaan kytkemään päälle kaksivaiheisen tunnistautumisen sen tarjoaman tehokkaan tietoturvan vuoksi.

You might be interested in …

Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät? www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, […]

Read More

Daily NCSC-FI news followup 2019-06-24

How to remove Ryuk Ransomware (Uninstall guide) csirt.cy/how-to-remove-ryuk-ransomware-uninstall-guide/ Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time.. According to the […]

Read More

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.