Daily NCSC-FI news followup 2020-07-06

U.K. Set to Start Huawei 5G Phase-Out as Soon as This Year

www.bloomberg.com/news/articles/2020-07-05/u-k-prepares-to-start-huawei-5g-phase-out-as-soon-as-this-year Prime Minister Boris Johnson is preparing to begin phasing out the use of Huawei Technologies Co. equipment in the U.K.s 5G telecoms network as soon as this year, a person familiar with the matter said.


badpackets.net/over-1800-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/ Using data provided by BinaryEdge, we scanned 3,945 F5 BIG-IP servers to determine which were vulnerable. Our scans found a total of 1,832 unique IPv4 hosts worldwide vulnerable to CVE-2020-5902.. No sensitive information was disclosed or recorded during our scans as we only sent a HTTP HEAD request to confirm the vulnerability.. Also






The key to stopping cyberattacks? Understanding your own systems before the hackers strike

www.zdnet.com/article/the-key-to-stopping-cyberattacks-understanding-your-own-systems-before-the-hackers-strike/ “That’s what people often misunderstand about attacks they don’t happen at the speed of light, it often takes months or years to get the right level of access in a network and ultimately to be able to push the trigger and cause a destructive act,” says Dmitri Alperovitch, executive chairman at Silverado Policy Accelerator and co-founder and former CTO of CrowdStrike.

North Korean hackers are skimming US and European shoppers

sansec.io/research/north-korea-magecart North Korean state sponsored hackers are implicated in the interception of online payments from American and European shoppers, Sansec research shows. Hackers associated with the APT Lazarus/HIDDEN COBRA1 group were found to be breaking into online stores of large US retailers and planting payment skimmers as early as May 2019.

Fraunhofer FKIE: Significant security flaws detected in Home Routers

www.fkie.fraunhofer.de/en/press-releases/Home-Router.html Alarming findings are published in the »Home Router Security Report 2020« by the Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE. Of the 127 home routers tested from seven major manufacturers, nearly all were found to have security flaws, some of them very severe. The problems range from missing security updates to easily decrypted, hard-coded passwords and . known vulnerabilities that should have been patched long ago.. Report at

www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf. Tool at fkie-cad.github.io/FACT_core/

First full version of the Cyber Security Body of Knowledge published

www.ncsc.gov.uk/blog-post/full-version-of-the-cyber-security-body-of-knowledge-published We are delighted to announce that version 1.0 of the Cyber Security Body of Knowledge (CyBOK) has been published. This is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector, a culmination of international cyber security effort over the last 3 years.. The 828 pages of PDF at


Avaddon ransomware shows that Excel 4.0 macros are still effective

www.bleepingcomputer.com/news/security/avaddon-ransomware-shows-that-excel-40-macros-are-still-effective/ Avaddon ransomware has been spreading this week via an old technique that’s making a comeback, Microsoft cautions on Thursday.. The attacks appear to be more targeted and rely on malicious Excel 4.0 macros to download the malware directly on the system.

False Flags in Cyber Threat Intelligence Operations

medium.com/@dw.chow/false-flags-in-cyber-threat-intelligence-operations-6893af697080 Based on my research and poking; I was able to successfully prove to a client that CTI adversary injection was indeed possible and could have major impacts on the entity depending on specific timing and scale of the injection. . … In under 15 sample submissions; we were able to get the client domain blacklisted for a period of 4872 hours until whitelisting submissions were validated by varying vendors including Symantec, Microsoft, and BlueCoat.

Data Breach: Millions of Dating App Records, Messages, and User Profiles Exposed in Data Leak

www.wizcase.com/blog/dating-breaches-research/ WizCases security team has recently uncovered breaches in 5 different dating site and app databases. These leaks have compromised user data, including sensitive and confidential information like real names, billing addresses, email addresses, phone numbers, private messages, and more. The total number of leaked entries is in the millions. Every server was easily accessible via the internet and . not password protected.

Credit card skimmer targets ASP.NET sites

blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/ In the world of digital skimming, weve seen the most activity on e-commerce content management systems (CMSes), such as Magento and plugins like WooCommerce.. However, it is important to remember that attackers can and will go after any victim when the opportunity is there. Case in point: The skimmer we describe today has been active in the wild since mid-April, and is targeting websites hosted on Microsoft IIS servers running the ASP.NET web application framework.

Poliisilta ja pankilta varoitus Suomessakin päivittäin vaanivista rakkaushuijareista “Keskimäärin puhutaan useammasta tuhannesta eurosta

www.kauppalehti.fi/uutiset/poliisilta-ja-pankilta-varoitus-suomessakin-paivittain-vaanivista-rakkaushuijareista-keskimaarin-puhutaan-useammasta-tuhannesta-eurosta/43ffa779-483c-4531-a1e1-d480ca2b51ea Rakkaushuijaukset ovat yksi alue, ja voi sanoa, että jo pelkästään niitä tulee päivittäin, kertoo Nordean henkilöasiakasliiketoiminnan riskijohtaja Aki Pohjanmaa.. Myös


WastedLocker Goes “Big-Game Hunting” in 2020

blog.talosintelligence.com/2020/07/wastedlocker-emerges.html After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.

US Secret Service reports an increase in hacked managed service providers (MSPs)

www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/ In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC — Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.

EDP energy giant confirms Ragnar Locker ransomware attack

www.bleepingcomputer.com/news/security/edp-energy-giant-confirms-ragnar-locker-ransomware-attack/ EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).. “On April 13, 2020, EDPR NAs parent corporation experienced a ransomware attack on its information systems,” EDPR NA’s Chief Executive Officer Miguel Angel Prado says in a breach notification letter sent to customers.

You might be interested in …

Daily NCSC-FI news followup 2020-06-04

Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’ www.zdnet.com/article/ciscos-warning-critical-flaw-in-ios-routers-allows-complete-system-compromise/ Most severe vulns are remote code execution by unauthenticated attackers. French CERT (ANSSI) releases Active Directory Security Assessment Checklist www.cert.ssi.gouv.fr/uploads/guide-ad.html U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked threatpost.com/nuclear-contractor-maze-ransomware-data-leaked/156289/ A U.S. military contractor involved in the maintenance of the country’s Minuteman III […]

Read More

Daily NCSC-FI news followup 2020-03-11

Warning Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. Beware of ‘Coronavirus Maps’ It’s a malware […]

Read More

Daily NCSC-FI news followup 2021-02-11

Vastaamon palvelimen portti 3306 oli auki nettiin 1, 5 vuotta ja kiristys alkoi jo 2018 julkisuuskatastrofia viivytettiin viimeiseen asti www.is.fi/digitoday/tietoturva/art-2000007794906.html Vastaamon ensimmäisessä kiristysyrityksessä on saattanut olla kyse “roiskaisusta”, jossa tietomurtaja ei tiennyt, mitä hänellä oli käsissään. Vastaamon asiakastietokannan varastaminen johtui palvelimelle auki jätetystä tietoliikenneportista, joka oli auki 1, 5 vuoden ajan. Lookout Discovers Novel Confucius […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.