Daily NCSC-FI news followup 2020-07-05

CVE-2020-5902 F5 BIG-IP Exploitation Attempt

isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310 A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability CVE-2020-5902.

Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data

www.forbes.com/sites/daveywinder/2020/07/05/reddit-latest-to-get-caught-by-apple-ios-14-clipboard-data-copying-alerts-iphone-privacy/ Yesterday it was LinkedIn that was making the news after being exposed by Apple’s iOS 14 new privacy notification feature. The same developer that spotted the LinkedIn app accessing his clipboard data with every keystroke, Don Morton, has also posted a video to Twitter showing the Reddit app exhibiting the same worrying behavior.

Bring your own .NET Core Garbage Collector

www.contextis.com/us/blog/bring-your-own-.net-core-garbage-collector As mentioned early in this blog post, having the ability to force any .NET Core application to load and call a function from an attacker controlled DLL, and from any location on a system, can be used as an application whitelisting bypass technique.. A scenario in which most of the well-known living off the land binaries and scripts (LOLBAS) and unsigned applications are blocked on a targeted system, it can be quite challenging to execute arbitrary code. However, if there is a whitelisted .NET Core application, it is possible to execute arbitrary code via the application.. Notes on detection:

pentestlaboratories.com/2020/07/02/net-core-evasion-detection/. Fix rejected at github.com/dotnet/runtime/issues/38078

Iran threatens retaliation after what it calls possible cyber attack on nuclear site

www.reuters.com/article/us-iran-nuclear-natanz-idUSKBN2441VY Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence said, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage. . Also

www.forbes.com/sites/kateoflahertyuk/2020/07/03/iran-nuclear-facility-explosion-accident-sabotage-or-cyber-attack/

www.forbes.com/sites/kateoflahertyuk/2020/07/04/stuxnet-2-iran-hints-nuclear-site-explosion-could-be-a-cyberattack/

You might be interested in …

Daily NCSC-FI news followup 2019-06-13

Tivi: Louhen palvelimissa tietomurto, palveluja alhaalla jo neljättä päivää Uskomattoman hidasta toimintaa www.tivi.fi/uutiset/louhen-palvelimissa-tietomurto-palveluja-alhaalla-jo-neljatta-paivaa-uskomattoman-hidasta-toimintaa/1f174864-f64a-46d7-9aab-dbdab45801c5 Suomalaisen webhotelli-yhtiö Louhen palvelut ovat kärsineet vakavista ongelmista tietomurron takia. Louhi tiedottaa verkkosivuillaan, että seitsemän webhotellipalvelinta on kärsinyt ongelmista. Niiden johdosta verkkosivut ja sähköpostipalvelut eivät ole toimineet. Tapahtuneen tietomurron johdosta palvelut tullaan siirtämään korvaaville alustoille niin pian kuin mahdollista, Louhi tiedottaa. Ransomware […]

Read More

Daily NCSC-FI news followup 2019-08-03

Joosua sai palkkion hakkeroinnista: Menneinä vuosina ei katsottu hyvällä www.is.fi/digitoday/tietoturva/art-2000006192538.html Joosua Santasalo sai tuntuvan palkkion löytämästään tietoturva-aukosta. Bug bounty -kampanjoiden yleistyminen kertoo ohjelmistoalan asennemuutoksesta. Internet connected cars can be hacked to gridlock major cities www.hackread.com/internet-connected-cars-hacked-gridlock-cities/ Hacking Internet Connected Cars a near possibility for cybercriminals to cause major havoc. Say hello to Lord Exploit Kit blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/ […]

Read More

Daily NCSC-FI news followup 2021-03-05

PLEASE LEAVE AN EXPLOIT AFTER THE BEEP www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep In January 2021, Dubex investigated suspicious activity on a set of Exchange servers. Generic post exploitation activity was seen, and many POST requests were sent to webshells hosted in the OWA directory. It was initially suspected the servers might be backdoored directly through the OWA and that […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.