Daily NCSC-FI news followup 2020-06-16

T-Mobile confirms nationwide outage impacting millions of customers

abc13.com/tmobile-outage-is-out-t-mobile-down/6248980/ T-Mobile customers are dealing with a nationwide outage of its voice and data network. The phone carrier’s president of technology, Neville Ray, confirmed the outage Monday afternoon. “Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. We’re sorry for the inconvenience and hope to have this fixed shortly, ” Ray tweeted. The outage has not only impacted the company’s more than 86 million customers. It has also impacted contact with emergency services. also:

www.reuters.com/article/us-t-mobile-us-regulator/fcc-chair-calls-t-mobile-u-s-network-outage-unacceptable-vows-probe-idUSKBN23N0CP. also:

www.t-mobile.com/news/update-for-customers-on-network-issues. also:


Northampton-based cosmetics giant Avon is KO’d by worldwide cyber-attack

www.northamptonchron.co.uk/business/northampton-based-cosmetics-giant-avon-kod-worldwide-cyber-attack-2884686 Avon has been forced to shut down its online retail operations following a cyber attack. The Northampton-based global cosmetics brand’s website is offline and the Chronicle & Echo believes some agency staff have been told not to go into work following an incident on Wednesday last week. But a statement from Avon CEO Angela Cretu said: “Avon has experienced a cyber incident that has interrupted some of its systems and partially affected operations. In response, we immediately launched an investigation, engaged third party forensic advisors and alerted law enforcement. “Our teams are working around the clock alongside the world-class technical experts to re-establish our affected systems. We are planning to restart some of our critical systems in impacted markets throughout the course of the week.

SMBleedingGhost Writeup Part II: Unauthenticated Memory Read Preparing the Ground for an RCE

blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/ In the previous blog post we mentioned that although the Microsoft Security Advisory describes the bug as a Remote Code Execution (RCE) vulnerability, there is no public POC that demonstrates RCE through this bug. This was true until chompie1337 released the first public RCE POC, based on the writeup of Ricerca Security. Our POC uses a different method, and doesn’t involve physical memory access. Instead, we use the SMBleed (CVE-2020-1206) bug to help with the exploitation.

Warning issued over hackable security cameras

www.welivesecurity.com/2020/06/15/warning-issued-hackable-security-cameras/ Around 3.5 million security cameras installed in homes and offices mainly in Asia and Europe have serious vulnerabilities that expose the gadgets’ owners to the risk that attackers will spy on them, steal their data or target other devices on the same networks, the United Kingdom’s consumer watchdog Which? has warned. “Brands with potentially vulnerable cameras include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis, ” says Which?, adding that any wireless camera using the CamHi app and sporting a certain type of Unique Identification Number (UID) could be susceptible to a hack. Some 700, 000 of the cameras are in use in Europe, including 100, 000 in the UK.

Amnesty calls out countries with ‘most dangerous’ contact tracing apps

www.zdnet.com/article/amnesty-calls-out-countries-with-most-dangerous-contact-tracing-apps/ Norway, Bahrain, and Kuwait have been singled out for having “the most invasive” COVID-19 contact tracing apps in an Amnesty International study that assessed apps from Europe, Middle East, and North Africa, but does not include those from Asia or the US.

Zero TrustPart 1: Networking

www.microsoft.com/security/blog/2020/06/15/zero-trust-part-1-networking/ Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no longer rely on this approach. Taking a Zero Trust approach can help to ensure optimal security without compromising end user application experiences. Over a series of three blogs (of which this is the first), we will take a deeper dive into the aspects of the Networking pillar in the Microsoft Zero Trust security model. We will go through each of the dimensions listed (network segmentation, threat protection, and encryption) and show design patterns and helpful guidance on using Microsoft Azure services to achieve optimality.

Nyt napsahti ikävästi suomalaistenkin suosima ruokalähettipalvelu korkattiin, yli 700 000 asiakkaan koti tiedetään nyt sentilleen

www.tivi.fi/uutiset/tv/93890368-cde5-4140-b2c7-da53d70f82c0 Data Breach Today sanoo, että hakkerit ovat korkanneet ruokalähettipalvelu Foodoran. Rosvot saivat saaliikseen 727 000 käyttäjän yksityistietoja kaikkiaan 14 maasta. Korjattu 13:00 – Jutussa sanottiin aiemmin hakkerien vieneen asiakasdataa Liechtensteinistä. Uskomme tämän olleen Data Breach Todayn virhe, joka päätyi meille asti: alkuperäisjutun mukana olleen kuvan mukaan ko. tietokanta ei ole LI eli Liechtenstein vaan FI eli Suomi.. lue myös:

www.iltalehti.fi/ulkomaat/a/791959a7-f099-4338-8e1f-ec1ca157aa52. lue myös: yle.fi/uutiset/3-11405147

Sextortion to The Next Level

isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/ The bad guys create fake accounts on dating websites pretending to be young women looking for new contacts and probably more. It’s clear that it does not take a while before being contacted by people looking for extramarital relations. They initiate contact and grab interesting information about the victim. In such a scenario, collected pieces of evidence are totally legit: name, mobile phone, location, sexual preferences, etc. Details are published on the forum, as well as conversations and pictures. To be “unlisted”, they have to register on the forum and pay some money to “help the project”.

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/ Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products.Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. Affected products include smart home devices, power grid equipment, healthcare systems, industrial gear, transportation systems, printers, routers, mobile/satellite communications equipment, data center devices, commercial aircraft devices, various enterprise solutions, and many others. also: www.jsof-tech.com/ripple20/

Super secretive Russian disinfo operation discovered dating back to 2014

www.zdnet.com/article/super-secretive-russian-disinfo-operation-discovered-dating-back-to-2014/ Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far. Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election. Graphika says this new and separate group has been operating since 2014 and has been relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America. also:

secondaryinfektion.org/. also:


Adobe fixes critical flaws in Illustrator, After Effects, more

www.bleepingcomputer.com/news/security/adobe-fixes-critical-flaws-in-illustrator-after-effects-more/ Adobe has released out-of-band security updates to address 18 critical flaws that could allow attackers to execute arbitrary code on systems running vulnerable versions of Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition on Windows and macOS devices.

Theft of CIA’s Vault 7′ Secrets Tied to Woefully Lax” Security

threatpost.com/theft-of-cias-vault-7-secrets-tied-to-woefully-lax-security/156591/ A just-released report on the 2016 Central Intelligence Agency (CIA) data breach, which lead to the Vault 7 document dump on WikiLeaks, blames “woefully lax” security by the nation’s top spy agency. The report described the CIA as “focused more on building up cyber tools than keeping them secure.”. Part of the investigation revealed sensitive cyber weapons were not compartmented and government cybersecurity researchers shared systems administrator-level passwords. Systems with sensitive data were not equipped with user activity monitoring and historical data was available to users indefinitely, the report stated.

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

thehackernews.com/2020/06/oracle-e-business-suite.html If your business operations and security of sensitive data rely on Oracle’s E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software. The two vulnerabilities, dubbed “BigDebIT” and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date.

Checkers and Brute Forcers Highlight Dangers of Poor Password Management

www.recordedfuture.com/checkers-brute-forcers/ Checkers and brute forcers are popular tools sold and shared on the criminal underground. Some are all-in-one, credential-stuffing attack platforms, while others are company-specific. These tools help unskilled cybercriminals launch an array of automated brute-forcing attacks against organizations’ sites, which they profit from by stealing financial and personal data, installing webshells and sniffers, or simply reselling access on the dark web.

New Java STRRAT ships with.crimson ransomware module

www.gdatasoftware.com/blog/strrat-crimson This Java based malware installs RDPWrap, steals credentials, logs keystrokes and remote controls Windows systems. It may soon be capable to infect without Java installed.

Exploiting a crisis: How cybercriminals behaved during the outbreak

www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/ The COVID-19 outbreak has truly been a global event. Cybercriminals have taken advantage of the crisis to lure new victims using existing malware threats. In examining the telemetry, these attacks appear to be highly correlated to local interest and news. Overall, COVID-19 themed attacks are just a small percentage of the overall threats the Microsoft has observed over the last four months. There was a global spike of themed attacks cumulating in the first two weeks of March. Based on the overall trend of attacks it appears that the themed attacks were at the cost of other attacks in the threat environment.

You might be interested in …

Daily NCSC-FI news followup 2020-01-18

Microsoft Issues Mitigation for Actively Exploited IE Zero-Day www.bleepingcomputer.com/news/security/microsoft-issues-mitigation-for-actively-exploited-ie-zero-day/ Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.. Redmond’s advisory says that the company is aware of “limited targeted attacks” targeting this vulnerability. Kriittinen nollapäivähaavoittuvuus Internet Explorerissa (CVE-2020-0674) www.kyberturvallisuuskeskus.fi/fi/kriittinen-nollapaivahaavoittuvuus-internet-explorerissa-cve-2020-0674 Microsoft on julkaissut tiedotteen […]

Read More

Daily NCSC-FI news followup 2021-08-02

Pegasus spyware found on journalists’ phones, French intelligence confirms www.theguardian.com/news/2021/aug/02/pegasus-spyware-found-on-journalists-phones-french-intelligence-confirms Announcement is first time an independent and official authority has corroborated Pegasus project findings ‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware www.nbcnews.com/tech/social-media/i-will-not-be-silenced-women-targeted-hack-leak-attacks-n1275540 Female journalists and activists say they had their private photos shared on social media by governments […]

Read More

Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi: www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/ Recently fixed Windows zero-day actively exploited since mid-2020 www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.