Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also

www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix-pulse-secure-and-exchange-bugs/

Magecart Attack Impacts More Than 10K Online Shoppers

threatpost.com/magecart-campaign-10k-online-shoppers/159216/ Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Postin nimissä liikkeellä huijausviestejä älä reagoi, älä klikkaa yllättäviä linkkejä, katso myös Poliisin ohjeet (päivitetty 14.9.)

www.posti.com/media/mediauutiset/2020/postin-nimissa-liikkeella-huijausviesteja–ala-reagoi-ala-klikkaa-yllattavia-linkkeja-katso-myos-poliisin-ohjeet/ Erilaisia huijausviestejä on liikkeellä yhä enemmän, myös Postin nimissä. Uusimmat huijausviestit näyttävät monelta osin hyvin erehdyttävästi aidoilta. Viesteissä voi olla myös Postin logo. Posti tekee tiivistä yhteistyötä Poliisin kanssa huijausviestien vastaisessa työssä.

Huijaus Tokmannin nimissä näin suomalaisten kotiosoitteita kerätään

www.is.fi/digitoday/tietoturva/art-2000006635306.html Facebookissa tehtävät huijaukset jatkuvat. Ihmisiä harhautetaan Tokmannin nimissä luovuttamaan yhteystietonsa.

New BlindSide attack uses speculative execution to bypass ASLR

www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/ New BlindSide technique abuses the CPU’s internal performance-boosting feature to bypass OS security protection.

Personal data from Experian on 40% of South Africa’s population has been bundled onto a file-sharing website

www.theregister.com/2020/09/14/south_africa_experian_data_breach_wesendit/ August breach hadn’t been cleared up at all and regulators are furious

Helping organisations – and researchers – to manage vulnerability disclosure

www.ncsc.gov.uk/blog-post/helping-to-manage-vulnerability-disclosure Ollie N explains the thinking behind the NCSCs new Vulnerability Disclosure Toolkit, which is now available to download.

Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency

www.zdnet.com/article/vast-majority-of-cyber-attacks-on-cloud-servers-aim-to-mine-cryptocurrency/ Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.

A “DFUR-ent” Perspective on Threat Modeling and Application Log Forensic Analysis

www.fireeye.com/blog/threat-research/2020/09/dfur-ent-perspective-on-threat-modeling-and-application-log-forensic-analysis.html Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let’s face it, finding evil in application logs can be difficult and overwhelming for a few reasons.

COVID cybercrime: 10 disturbing statistics to keep you awake tonight

www.zdnet.com/article/ten-disturbing-coronavirus-related-cybercrime-statistics-to-keep-you-awake-tonight/ Nine out of 10 coronavirus domains are scams. Half a million Zoom accounts are for sale on the Dark Web. Brute-force attacks are up 400%. And there’s more. So much more.

Valtionhallinnon toimijoiden kyberturvallisuustaidot testissä JAMKin harjoituksessa

www.epressi.com/tiedotteet/teknologia/valtionhallinnon-toimijoiden-kyberturvallisuustaidot-testissa-jamkin-harjoituksessa.html Jyväskylän ammattikorkeakoulun (JAMK) kyberturvallisuuden tutkimus-, kehitys- ja koulutuskeskus JYVSECTEC (Jyväskylä Security Technology) järjestää kansallisen kyberturvallisuusharjoituksen (KYHA20vh) 28.9.-2.10.2020.

Ransomware: This essential step could help you make it through an attack

www.zdnet.com/article/ransomware-this-essential-step-could-help-you-make-it-through-an-attack/ New advice from the National Cyber Security Centre urges businesses to have an incident response plan in place – even if they think they’re unlikely to fall victim to hackers.

After 12 Years, Malwares puzzling Nuisance Worm Conficker Refuses To Die

www.forbes.com/sites/johndunn/2020/09/14/after-12-years-malwares-puzzling-nuisance-worm-conficker-refuses-to-die/ What ranks as historys most successful malware? Depending on who you ask, the names that come up are usually destructive spectaculars such as NotPetya and WannaCry from 2017 or perhaps the panic-inducing SQL Slammer work from 14 years earlier.. It all depends what you mean by successful, of course, but my choice would be Conficker (aka downadup), a sophisticated 2008 Windows worm that threatened mayhem before disappearing not long after before anyone could fathom its true purpose.

Creating patched binaries for pentesting purposes

isc.sans.edu/forums/diary/Creating+patched+binaries+for+pentesting+purposes/26560/

You might be interested in …

Daily NCSC-FI news followup 2019-09-02

Google White Hat Hackers Say Thousands of iPhones Have Been Hacked for Years www.pandasecurity.com/mediacenter/news/google-iphones-hacked/ Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Googles Project Zero team, a division of […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2020-01-18

Microsoft Issues Mitigation for Actively Exploited IE Zero-Day www.bleepingcomputer.com/news/security/microsoft-issues-mitigation-for-actively-exploited-ie-zero-day/ Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.. Redmond’s advisory says that the company is aware of “limited targeted attacks” targeting this vulnerability. Kriittinen nollapäivähaavoittuvuus Internet Explorerissa (CVE-2020-0674) www.kyberturvallisuuskeskus.fi/fi/kriittinen-nollapaivahaavoittuvuus-internet-explorerissa-cve-2020-0674 Microsoft on julkaissut tiedotteen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.