Daily NCSC-FI news followup 2020-08-31

Bluetoothin turvallinen käyttö älylaitteissa

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/bluetoothin-turvallinen-kaytto-alylaitteissa Suomen korona-altistuksia jäljittävä sovellus auttaa katkaisemaan tartuntaketjuja ja hillitsemään viruksen leviämistä. Jäljittäminen perustuu Bluetooth Low Energy (BLE) -tekniikkaan: laitteet tunnistavat olevansa toisen laitteen lähellä BLE-signaalien voimakkuuden perusteella. Tässä artikkelissa korjaamme oletuksia ja vastaamme kysymyksiin, jotka liittyvät Bluetoothin käytön tietoturvariskeihin.

Cisco warns of actively exploited bug in carrier-grade routers

www.bleepingcomputer.com/news/security/cisco-warns-of-actively-exploited-bug-in-carrier-grade-routers/ Cisco warned over the weekend that threat actors are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability in the company’s Cisco IOS XR software that runs on carrier-grade routers. Cisco’s IOS XR Network OS is deployed on multiple router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. Cisco hasn’t yet released software updates to address this actively exploited security flaw but the company provides mitigation in a security advisory published over the weekend.

Hackers are backdooring QNAP NAS devices with 3-year old RCE bug

www.bleepingcomputer.com/news/security/hackers-are-backdooring-qnap-nas-devices-with-3-year-old-rce-bug/ Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. According to a report published today by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices’ firmware.. also:

blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/

Varo Whatsapp-huijausta! Viestiin vastaaminen voi johtaa tilin kaappaamiseen

www.tivi.fi/uutiset/tv/761d6bf2-105b-4da9-88ac-ef15940a9f14 Rikolliset yrittävät kalastella Whatsapp-tilien vahvistuskoodeja Suomessa.

Malware Used by Lazarus after Network Intrusion

blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html JPCERT/CC has observed attack activity by Lazarus (also known as Hidden Cobra) targeting Japanese organisations. Different types of malware are used during and after the intrusion. This article introduces one of the types of malware used after the intrusion.

Backdooring Android Apps for Dummies

blog.nviso.eu/2020/08/31/backdooring-android-apps-for-dummies/ In this post, we’ll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you.

Critical Slack Bug Allows Access to Private Channels, Conversations

threatpost.com/critical-slack-bug-access-private-channels-conversations/158795/ A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full remote control over the Slack desktop app with a successful exploit and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration, according to a security report. The bug (rated between nine and 10 on the CvSS vulnerability-severity scale), was disclosed on Friday, and involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable.

Finding The Original Maldoc

isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/ How can one find back the original maldoc? By using a unique identifier as search term. In the cleaned maldoc, the PROJECT stream was still present. As I explained in previous diary entry, the VBA project is password protected. The password is stored as a salted SHA1, encoded, and set as the value of DPB. This value of DPB is unique to the maldoc, and that is the identifier I used to search through VirusTotal’s database.

Stolen Fortnite Accounts Earn Hackers Millions Per Year

threatpost.com/stolen-fortnite-accounts-earn-hackers-millions/158796/ More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone. The value of a hacked Fortnite account is centralized around a character’s in-game “skin” (essentially a digital costume), researchers said. Players of the game can purchase these in-game accessories using Fortnite’s currency, called V-Bucks. Some of the skins are rare and worth a lot of money; for instance, the “Recon Expert” skin is one of the most valuable, averaging roughly $2, 500 per account.

You might be interested in …

Daily NCSC-FI news followup 2020-10-13

Windows Update can be abused to execute malicious programs www.bleepingcomputer.com/news/security/windows-update-can-be-abused-to-execute-malicious-programs/ MDSec researcher David Middlehurst discovered that Windows Update client (wuauclt) can also be used by attackers to execute malicious code on Windows 10 systems. Middlehurst also found a sample using it in the wild. Microsoft October Patch Tuesday fixes 87 bugs, six publicly disclosed www.bleepingcomputer.com/news/security/microsoft-october-patch-tuesday-fixes-87-bugs-six-publicly-disclosed/ […]

Read More

Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet. Google offers up […]

Read More

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.