Daily NCSC-FI news followup 2020-08-11

Viittä nuorta miestä epäillään tietomurroista yritysten verkkopalveluihin poliisin mukaan yksittäisiä tietomurtoja paljastui useita miljoonia

yle.fi/uutiset/3-11487798 Poliisin esitutkinta kesti lähes kolme vuotta. Tutkinnassa oli jopa 10 miljoonaa yksittäistä tekoa. Lue myös:

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/esitutkinta_tietomurtojen_tehtailusta_valmistui_epaillyt_nuoret_miehet_tekoaikaan_alaikaisia_92557. Sekä: www.is.fi/digitoday/tietoturva/art-2000006598167.html

NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github

www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/ Exclusive British infosec biz NCC Group has admitted to The Register that its internal training data was leaked on GitHub after folders purporting to help people pass the Crest pentest certification exams appeared online.

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

www.zdnet.com/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/ Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users’ devices. The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as CVE-2020-1464, Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures. As for the second zero-day, this one is tracked as CVE-2020-1380, and resides in the scripting engine that ships with Internet Explorer.

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

threatpost.com/critical-intel-flaw-motherboards-server-compute-modules/158270/ A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules. Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw (CVE-2020-8708) ranks 9.6 out of 10 on the CVSS scale, making it critical. Dmytro Oleksiuk, who discovered the flaw, told Threatpost that it exists in the firmware of Emulex Pilot 3. This baseboard-management controller is a service processor that monitors the physical state of a computer, network server or other hardware devices via specialized sensors.

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/ Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

thehackernews.com/2020/08/chrome-csp-bypass.html If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.

Researcher Publishes Patch Bypass for vBulletin 0-Day

threatpost.com/researcher-publishes-bypass-for-patch-for-vbulletin-0-day-flaw/158232/ A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation, ” Austin-based security researcher Amir Etemadieh published details and examples of exploit code on three developer platforms Bash, Python and Rubyfor the patch in a post published Sunday night. Read also:

thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html. As well as:


Critical Adobe Acrobat and Reader Bugs Allow RCE

threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/ Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app. Read also: helpx.adobe.com/security/products/acrobat/apsb20-48.html

Ransomware: These warning signs could mean you are already under attack

www.zdnet.com/article/ransomware-these-warning-signs-could-mean-you-are-already-under-attack/ File-encrypting ransomware attacks can take months of planning by gangs. Here’s what to look out for. There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware.

A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks

www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/ At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today.

Homeland Security details new tools for extracting device data at US borders

www.cnet.com/news/homeland-security-details-new-tools-for-extracting-device-data-at-us-borders/ The agency says it can now obtain details including your phone’s location history, social media information, and photos and videos. Read also:


2019 Center for Internet Security Year in Review

www.cisecurity.org/white-papers/2019-center-for-internet-security-year-in-review/ 2019 was a fast-paced and highly-productive year for the Center for Internet Security, Inc. (CIS). We continued to experience remarkable growth in our products and services, furthering our mission as an independent, global leader in cybersecurity for the benefit of both public and private sector organizations. Read also:


Belarus Has Shut Down the Internet Amid a Controversial Election

www.wired.com/story/belarus-internet-outage-election/ Human rights organizations have blamed the Belarusian government for widespread outages. INTERNET CONNECTIVITY AND cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus’ presidential election Sunday.

Citrix provides security update on Citrix Endpoint Management

www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/ Today we posted a Security Bulletin covering a set of vulnerabilities in certain on-premises instances of Citrix Endpoint Management (CEM), often referred to as XenMobile Server.. Read also:


You might be interested in …

Daily NCSC-FI news followup 2020-08-29

Emotet malware’s new ‘Red Dawn’ attachment is just as dangerous www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever. After a five-month “vacation, ” the Emotet malware returned in July 2020 and began to spew massive amounts of malicious spam worldwide. […]

Read More

Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix-pulse-secure-and-exchange-bugs/ Magecart Attack […]

Read More

Daily NCSC-FI news followup 2019-11-02

Yhdysvallat tutkii TikTok-videosovellusta “Se on vastavakoilu-uhka” yle.fi/uutiset/3-11048631 Yhdysvaltalaissenaattorien mukaan yrityst voitaisiin pakottaa jakamaan tietoja kiinalaisten tiedusteluelinten kanssa. Yhdysvaltain hallinto on alkanut tutkia kiinalaisomisteista TikTok-videosovellusta, kertoi New York Times (siirryt toiseen palveluun)perjantaina. Tutkinnan on mr selvitt, onko sovellus lhettnyt tietoja Kiinaan, kertoo lehti nimettmiin lhteisiin viitaten. Yhdysvaltalaissenaattorit ovat vaatineet selvityst sovelluksesta jo viime kuussa. TikTok on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.