Daily NCSC-FI news followup 2020-10-16

Microsoft issues out-of-band Windows security updates for RCE bugs

www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/ Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library.

Alert: Risk of SharePoint vulnerability to UK organisations

www.ncsc.gov.uk/news/sharepoint-vulnerability-uk-organisations The NCSC is raising awareness of a new remote code execution vulnerability (CVE-2020-16952) affecting Microsoft SharePoint. Successful exploitation of this vulnerability would allow an attacker to run arbitrary code and carry out security actions in the context of the local administrator on affected installations of SharePoint server.

800,000 SonicWall VPNs vulnerable to new remote code execution bug

www.zdnet.com/article/800000-sonicwall-vpns-vulnerable-to-new-remote-code-execution-bug/ Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday.

Critical Magento Holes Open Online Shops to Code Execution

threatpost.com/critical-magento-holes-online-shops-code-execution/160181/ Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

thehackernews.com/2020/10/linux-Bluetooth-hacking.html Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy

threatpost.com/biden-campaign-staffers-targeted-in-cyberattack-leveraging-anti-virus-lure-dropbox-ploy/160234/ Googles Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Bidens presidential campaign.

Carnival Corp. Ransomware Attack Affects Three Cruise Lines

threatpost.com/carnival-corp-ransomware-attack-cruise/160134/ Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.

NPM nukes NodeJS malware opening Windows, Linux reverse shells

www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/ NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data.

Microsoft now lets you disable insecure JScript in Internet Explorer

www.bleepingcomputer.com/news/security/microsoft-now-lets-you-disable-insecure-jscript-in-internet-explorer/ Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates.

Fancy Bear Imposters Are on a Hacking Extortion Spree

www.wired.com/story/ddos-extortion-hacking-fancy-bear-lazarus-group/ On Wednesday, the web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28.. The communications threaten that if the target doesnt send a set number of bitcointypically equivalent to tens or even hundreds of thousands of dollarsthe group will launch powerful distributed denial of service attacks against the victim

Lazarus Bear Armada (LBA) DDoS Extortion Attack Campaign October 2020


Time to remove Nano Adblocker and Defender from your browsers (except Firefox)


IAmTheKing and the SlothfulMedia malware family


You might be interested in …

Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet. Google offers up […]

Read More

Daily NCSC-FI news followup 2020-07-20

Cybersecurity basics more important then ever in the new normal of remote work says Salesforce Chief Trust Officer www.zdnet.com/article/cybersecurity-basics-more-important-then-ever-in-the-new-normal-of-remote-work-says-salesforce-chief-trust-officer/ Jim Alkove, Chief Trust Officer at Salesforce, talks security in the new normal of remote work, cybersecurity best practices, and how security jobs can be a way to increase diversity in IT. BadPower attack corrupts fast […]

Read More

Daily NCSC-FI news followup 2021-01-26

Poliisi tutkii jälleen huijauksia Mieheltä vietiin lähes 300 000 euroa poliisi.fi/-/poliisi-tutkii-jalleen-huijauksia-miehelta-vietiin-lahes-300-000-euroa Helsingin poliisi tutkii kahta erillistä tapausta, joissa uhreilta huijattiin puhelimitse ja sähköpostitse rahaa. Also: www.is.fi/digitoday/art-2000007763427.html CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.