Daily NCSC-FI news followup 2020-10-16

Microsoft issues out-of-band Windows security updates for RCE bugs

www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/ Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library.

Alert: Risk of SharePoint vulnerability to UK organisations

www.ncsc.gov.uk/news/sharepoint-vulnerability-uk-organisations The NCSC is raising awareness of a new remote code execution vulnerability (CVE-2020-16952) affecting Microsoft SharePoint. Successful exploitation of this vulnerability would allow an attacker to run arbitrary code and carry out security actions in the context of the local administrator on affected installations of SharePoint server.

800,000 SonicWall VPNs vulnerable to new remote code execution bug

www.zdnet.com/article/800000-sonicwall-vpns-vulnerable-to-new-remote-code-execution-bug/ Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday.

Critical Magento Holes Open Online Shops to Code Execution

threatpost.com/critical-magento-holes-online-shops-code-execution/160181/ Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

thehackernews.com/2020/10/linux-Bluetooth-hacking.html Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy

threatpost.com/biden-campaign-staffers-targeted-in-cyberattack-leveraging-anti-virus-lure-dropbox-ploy/160234/ Googles Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Bidens presidential campaign.

Carnival Corp. Ransomware Attack Affects Three Cruise Lines

threatpost.com/carnival-corp-ransomware-attack-cruise/160134/ Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.

NPM nukes NodeJS malware opening Windows, Linux reverse shells

www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/ NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data.

Microsoft now lets you disable insecure JScript in Internet Explorer

www.bleepingcomputer.com/news/security/microsoft-now-lets-you-disable-insecure-jscript-in-internet-explorer/ Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates.

Fancy Bear Imposters Are on a Hacking Extortion Spree

www.wired.com/story/ddos-extortion-hacking-fancy-bear-lazarus-group/ On Wednesday, the web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28.. The communications threaten that if the target doesnt send a set number of bitcointypically equivalent to tens or even hundreds of thousands of dollarsthe group will launch powerful distributed denial of service attacks against the victim

Lazarus Bear Armada (LBA) DDoS Extortion Attack Campaign October 2020


Time to remove Nano Adblocker and Defender from your browsers (except Firefox)


IAmTheKing and the SlothfulMedia malware family


You might be interested in …

Daily NCSC-FI news followup 2020-04-13

How to protect yourself from cyberattacks that exploit Covid-19 www.pandasecurity.com/mediacenter/business/cyberattacks-exploit-covid-19/ The current coronavirus COVID-19 pandemic is changing the business landscape. The most immediate change that has been seen in many countries is the sudden increase in the amount of people working from home. Because of this change, the attack surface has increased significantly, forcing companies […]

Read More

Daily NCSC-FI news followup 2020-01-31

How Do You Measure the Success of Your Patch Management Efforts? securityintelligence.com/posts/how-do-you-measure-the-success-of-your-patch-management-efforts/ If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in […]

Read More

Daily NCSC-FI news followup 2020-10-20

Ruotsi rajaa kiinalaisyhtiöiden tekniikan pois 5G-verkostaan turvallisuuspoliisin ja puolustusvoimien suosituksesta yle.fi/uutiset/3-11603515 Ruotsi on päättänyt estää Huawein ja ZTE:n tekniikan käyttämisen maan 5G-verkkoa rakennettaessa. Kyseessä ovat kiinalaiset yhtiöt.. katso myös www.is.fi/digitoday/mobiili/art-2000006675870.html NSA: Top 25 vulnerabilities actively abused by Chinese hackers www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/ The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.