Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener

isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a honeypot listening on TCP 81, this activity might be contained in your logs. I have included the URL to the IPDetails reported to ISC that shows similar activity from the same source IP address listed in this diary.

Pahamaineinen vakooja opastaa: Näin puhelin ei paljasta sijaintiasi

www.is.fi/digitoday/mobiili/art-2000006594867.html Yhdysvaltalainen tiedusteluelin National Security Agency (NSA) julkaisi ohjeet mobiilikäyttäjille oman sijaintinsa piilottamiseksi ulkopuolisilta. Asiasta kertoi Bleeping Computer. Vaikka NSA:n toiminta ympäri maailmaa on ollut paikoin kyseenalaista, sen ohjeet Yhdysvaltain puolustusministeriön työntekijöille (pdf) ovat oivaa luettavaa kaikille, jotka haluavat pitää sijaintinsa omana tietonaan. IS Digitoday teki näihin ohjeisiin joitakin tarkennuksia. Jos noudatat näitä ohjeita, varaudu siihen että useat tärkeät sijaintiin nojaavat sovellukset, kuten kartat, kuntomittarit tai sääennusteet, eivät välttämättä enää toimi. Read also:


Kyberharjoittelu paransi Kevan valmiuksia kohdata tosielämän uhkatilanteita

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberharjoittelu-paransi-kevan-valmiuksia-kohdata-tosielaman-uhkatilanteita Onko organisaatiosi kiinnostunut kyberharjoittelun aloittamisesta, mutta ette vielä tiedä, mistä lähteä liikkeelle? Kyberturvallisuuskeskus on säännöllisesti mukana tukemassa organisaatioiden harjoittelua. Olemme pyytäneet muutamia harjoitelleita tahoja kirjoittamaan kokemuksistaan. Ensimmäisenä kyberharjoituksestaan kertoo Julkisen alan työeläkevakuuttaja Keva.

Älä anna päivitysprosessin lomailla suvena

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/ala-anna-paivitysprosessin-lomailla-suvena Kriittisten haavoittuvuuksien päivittäminen on tärkeää – myös kesäaikana. Ovathan prosessit kunnossa ja sijaisjärjestelyt mietittynä työntekijöiden lomaillessa? Päivityksiä tulee tasaiseen tahtiin myös lomakaudella ja haavoittuvuuksien hyväksikäyttöä tapahtuu nopealla syklillä haavojen julkaisemisen jälkeen. Älä siis jätä päivityskalenteriin loma-aikaa!

5G Just Got Weird – Industry group 3GPP takes 5G in new directions in latest set of standards

spectrum.ieee.org/tech-talk/telecom/standards/5g-release-16 Release 16 is where things are getting weird for 5G. While earlier releases focused on the core of 5G as a generation of cellular service, Release 16 lays the groundwork for new services that have never been addressed by cellular before. At least, not in such a rigorous, comprehensive way. One of the flashiest things in Release 16 is V2X, short for “Vehicle to Everything.” In other words, using 5G for cars to communicate with each other and everything else around them. Hanbyul Seo, an engineer at LG Electronics, says V2X technologies have previously been standardized in IEEE 802.11p and 3GPP LTE V2X, but that the intention in these cases was to enable basic safety services. Seo is one of the rapporteurs for 3GPP’s item on V2X, meaning he was responsible for reporting on the item’s progress to 3GPP. Release 16 also includes information on location services. In past generations of cellular, three cell towers were required to triangulate where a phone was by measuring the round-trip distance of a signal from each tower. But 5G networks will be able to use the round-trip time from a single tower to locate a device. That’s because massive MIMO and beamforming allow 5G towers to send precise signals directly to devices, and so the network can measure the direction and angle of a beam, along with its distance from the tower, to locate it. Then there’s private networks. When we think of cellular networks, we tend to think of wide networks that cover lots of ground so that you can always be sure you have a signal. But 5G incorporates millimeter waves, which are higher frequency radio waves (30 to 300 GHz) that don’t travel nearly as far as traditional cell signals. Millimeter waves means it will be possible to build a network just for an office building, factory, or stadium. At those scales, 5G could function essentially like Wi-Fi networks. Release 16 has introduced a lot of new areas for 5G service, but very few of these areas are finished. “The Release 17 scope was decided last December, ” says Tseng. “We’ve got a pretty good idea of what’s in there.” In general, that means building on a lot of the blocks established in Release 16. For example, Release 17 will include more mechanisms by which devicesnot just carscan sidelink.

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI

www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ The block was put in place at the end of July and is enforced via China’s Great Firewall. The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies. The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report.

You might be interested in …

Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also: thehackernews.com/2020/07/iranian-hacking-training-videos.html, arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/ Can the exfiltration of personal data by web trackers be stopped? freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of […]

Read More

Daily NCSC-FI news followup 2021-02-28

Bombardier Blindsided By Extortion Threat After Hackers Breach Server www.forbes.com/sites/leemathews/2021/02/27/bombardier-blindsided-by-extortion-threat-after-hackers-breach-server/ It seems likely that the attackers intent was never to launch a more sophisticated and lucrative attack. Instead they sought to use a fresh exploit to hit as many Accellion FTA customers as quickly as possible. A 2020 Go Malware Round-Up www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf In the last […]

Read More

Daily NCSC-FI news followup 2021-06-05

Attackers are scanning for vulnerable VMware servers, patch now! www.bleepingcomputer.com/news/security/attackers-are-scanning-for-vulnerable-vmware-servers-patch-now/ Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. The ongoing scanning activity was spotted by threat intelligence company Bad Packets yesterday and confirmed […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.