Daily NCSC-FI news followup 2020-08-31

Bluetoothin turvallinen käyttö älylaitteissa

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/bluetoothin-turvallinen-kaytto-alylaitteissa Suomen korona-altistuksia jäljittävä sovellus auttaa katkaisemaan tartuntaketjuja ja hillitsemään viruksen leviämistä. Jäljittäminen perustuu Bluetooth Low Energy (BLE) -tekniikkaan: laitteet tunnistavat olevansa toisen laitteen lähellä BLE-signaalien voimakkuuden perusteella. Tässä artikkelissa korjaamme oletuksia ja vastaamme kysymyksiin, jotka liittyvät Bluetoothin käytön tietoturvariskeihin.

Cisco warns of actively exploited bug in carrier-grade routers

www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/ Cisco warned over the weekend that threat actors are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability in the company’s Cisco IOS XR software that runs on carrier-grade routers. Cisco’s IOS XR Network OS is deployed on multiple router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. Cisco hasn’t yet released software updates to address this actively exploited security flaw but the company provides mitigation in a security advisory published over the weekend.

Hackers are backdooring QNAP NAS devices with 3-year old RCE bug

www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap-nas-devices-with-3-year-old-rce-bug/ Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. According to a report published today by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices’ firmware.. also:


Varo Whatsapp-huijausta! Viestiin vastaaminen voi johtaa tilin kaappaamiseen

www.tivi.fi/uutiset/tv/761d6bf2-105b-4da9-88ac-ef15940a9f14 Rikolliset yrittävät kalastella Whatsapp-tilien vahvistuskoodeja Suomessa.

Malware Used by Lazarus after Network Intrusion

blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html JPCERT/CC has observed attack activity by Lazarus (also known as Hidden Cobra) targeting Japanese organisations. Different types of malware are used during and after the intrusion. This article introduces one of the types of malware used after the intrusion.

Backdooring Android Apps for Dummies

blog.nviso.eu/2020/08/31/backdooring-android-apps-for-dummies/ In this post, we’ll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you.

Critical Slack Bug Allows Access to Private Channels, Conversations

threatpost.com/critical-slack-bug-access-private-channels-conversations/158795/ A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full remote control over the Slack desktop app with a successful exploit and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration, according to a security report. The bug (rated between nine and 10 on the CvSS vulnerability-severity scale), was disclosed on Friday, and involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable.

Finding The Original Maldoc

isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ How can one find back the original maldoc? By using a unique identifier as search term. In the cleaned maldoc, the PROJECT stream was still present. As I explained in previous diary entry, the VBA project is password protected. The password is stored as a salted SHA1, encoded, and set as the value of DPB. This value of DPB is unique to the maldoc, and that is the identifier I used to search through VirusTotal’s database.

Stolen Fortnite Accounts Earn Hackers Millions Per Year

threatpost.com/stolen-fortnite-accounts-earn-hackers-millions/158796/ More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone. The value of a hacked Fortnite account is centralized around a character’s in-game “skin” (essentially a digital costume), researchers said. Players of the game can purchase these in-game accessories using Fortnite’s currency, called V-Bucks. Some of the skins are rare and worth a lot of money; for instance, the “Recon Expert” skin is one of the most valuable, averaging roughly $2, 500 per account.

You might be interested in …

Daily NCSC-FI news followup 2020-04-13

How to protect yourself from cyberattacks that exploit Covid-19 www.pandasecurity.com/mediacenter/business/cyberattacks-exploit-covid-19/ The current coronavirus COVID-19 pandemic is changing the business landscape. The most immediate change that has been seen in many countries is the sudden increase in the amount of people working from home. Because of this change, the attack surface has increased significantly, forcing companies […]

Read More

Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise […]

Read More

Daily NCSC-FI news followup 2021-08-10

Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/ Today is Microsoft’s August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. Microsoft has fixed 44 vulnerabilities (51 including Microsoft […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.