Daily NCSC-FI news followup 2020-08-11

Viittä nuorta miestä epäillään tietomurroista yritysten verkkopalveluihin poliisin mukaan yksittäisiä tietomurtoja paljastui useita miljoonia

yle.fi/uutiset/3-11487798 Poliisin esitutkinta kesti lähes kolme vuotta. Tutkinnassa oli jopa 10 miljoonaa yksittäistä tekoa. Lue myös:

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/esitutkinta_tietomurtojen_tehtailusta_valmistui_epaillyt_nuoret_miehet_tekoaikaan_alaikaisia_92557. Sekä: www.is.fi/digitoday/tietoturva/art-2000006598167.html

NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github

www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/ Exclusive British infosec biz NCC Group has admitted to The Register that its internal training data was leaked on GitHub after folders purporting to help people pass the Crest pentest certification exams appeared online.

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

www.zdnet.com/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/ Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users’ devices. The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as CVE-2020-1464, Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures. As for the second zero-day, this one is tracked as CVE-2020-1380, and resides in the scripting engine that ships with Internet Explorer.

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

threatpost.com/critical-intel-flaw-motherboards-server-compute-modules/158270/ A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules. Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw (CVE-2020-8708) ranks 9.6 out of 10 on the CVSS scale, making it critical. Dmytro Oleksiuk, who discovered the flaw, told Threatpost that it exists in the firmware of Emulex Pilot 3. This baseboard-management controller is a service processor that monitors the physical state of a computer, network server or other hardware devices via specialized sensors.

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/ Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

thehackernews.com/2020/08/chrome-csp-bypass.html If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.

Researcher Publishes Patch Bypass for vBulletin 0-Day

threatpost.com/researcher-publishes-bypass-for-patch-for-vbulletin-0-day-flaw/158232/ A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation, ” Austin-based security researcher Amir Etemadieh published details and examples of exploit code on three developer platforms Bash, Python and Rubyfor the patch in a post published Sunday night. Read also:

thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html. As well as:


Critical Adobe Acrobat and Reader Bugs Allow RCE

threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/ Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app. Read also: helpx.adobe.com/security/products/acrobat/apsb20-48.html

Ransomware: These warning signs could mean you are already under attack

www.zdnet.com/article/ransomware-these-warning-signs-could-mean-you-are-already-under-attack/ File-encrypting ransomware attacks can take months of planning by gangs. Here’s what to look out for. There are as many as 100 claims to insurers over ransomware attacks every day, according to one estimate. And as the average ransomware attack can take anywhere from 60 to 120 days to move from the initial security breach to the delivery of the actual ransomware, that means hundreds of companies could have hackers hiding in their networks at any time, getting ready to trigger their network-encrypting malware.

A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks

www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/ At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today.

Homeland Security details new tools for extracting device data at US borders

www.cnet.com/news/homeland-security-details-new-tools-for-extracting-device-data-at-us-borders/ The agency says it can now obtain details including your phone’s location history, social media information, and photos and videos. Read also:


2019 Center for Internet Security Year in Review

www.cisecurity.org/white-papers/2019-center-for-internet-security-year-in-review/ 2019 was a fast-paced and highly-productive year for the Center for Internet Security, Inc. (CIS). We continued to experience remarkable growth in our products and services, furthering our mission as an independent, global leader in cybersecurity for the benefit of both public and private sector organizations. Read also:


Belarus Has Shut Down the Internet Amid a Controversial Election

www.wired.com/story/belarus-internet-outage-election/ Human rights organizations have blamed the Belarusian government for widespread outages. INTERNET CONNECTIVITY AND cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus’ presidential election Sunday.

Citrix provides security update on Citrix Endpoint Management

www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/ Today we posted a Security Bulletin covering a set of vulnerabilities in certain on-premises instances of Citrix Endpoint Management (CEM), often referred to as XenMobile Server.. Read also:


You might be interested in …

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Daily NCSC-FI news followup 2020-08-16

Elisalla poikkeuksellinen häiriötilanne: Viihde-palvelun ongelmat kestäneet jo päiviä www.is.fi/digitoday/art-2000006603504.html Elisan Viihde-palvelun häiriöt alkoivat torstaina. Vielä lauantai-iltana vian korjaustoimenpiteet olivat kesken. TikTok ei riitä Trumpille Onko tässä kieltolistan seuraava kohde? www.tivi.fi/uutiset/tv/cda7545a-24e5-4504-85c8-3d39b00977b5 Trumpin kieltoaikeet eivät tökänneet TikTokiin. Harkinnassa on useita kieltoja, joiden joukossa on myös Alibaba. Use A Smart Lock? Get In The Sea, 73% Of Security […]

Read More

Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts? securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.