Daily NCSC-FI news followup 2020-11-06

Update Your iOS Devices Now 3 Actively Exploited 0-Days Discovered

thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. Lisäksi:

support.apple.com/en-us/HT201222. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/06/apple-releases-security-updates-multiple-products. Lisäksi: threatpost.com/apple-patches-bugs-zero-days/161010/. Lisäksi:

www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild. Lisäksi:

arstechnica.com/information-technology/2020/11/apple-patches-ios-against-3-actively-exploited-0days-found-by-google/. Lisäksi:

www.theregister.com/2020/11/05/apple_drops_patches_to_fix/. Lisäksi:


Sairaalatkaan eivät ole turvassa lunnashaittaohjelmilta: potilasturvallisuutta harjoitellaan pian oikeankaltaisessa ympäristössä Jyväskylässä

www.epressi.com/tiedotteet/terveys/sairaalatkaan-eivat-ole-turvassa-lunnashaittaohjelmilta-potilasturvallisuutta-harjoitellaan-pian-oikeankaltaisessa-ymparistossa-jyvaskylassa.html Jyväskylän ammattikorkeakoulun (JAMK) IT-instituutissa luodaan parhaillaan digitaalisen terveydenhuollon ympäristöä kyberturvallisuusharjoittelua varten. Ympäristössä syksyllä 2021 pidettävän ensimmäisen terveydenhuollon kyberturvallisuusharjoituksen teemana ovat potilasturvallisuus ja potilaiden henkilötietojen tietosuoja sairaalaympäristössä.

Bitcoin: $1bn seized from Silk Road account by US government

www.bbc.com/news/technology-54833130 More than $1bn (£772m) in Bitcoin linked to the notorious Silk Road website has been seized by the US Department of Justice (DoJ). Lisäksi:


Rediscovering Limitations of Stateful Firewalls: “NAT Slipstreaming” ? Implications, Detections and Mitigations

isc.sans.edu/diary/rss/26766 A recent {rediscovered} technique (NAT Slipstreaming) to allow an attacker remotely access any TCP/UDP service bound to a victim’s machine, thus bypassing the victim’s Network Address Translation (NAT)/firewall implementation was detailed by Samy Kamkar. Samy had also shared a similar technique termed “NAT Pinning” back in 2010.

Brazil’s court system under massive RansomExx ransomware attack

www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/ Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. Lisäksi:

securelist.com/ransomexx-trojan-attacks-linux-systems/99279/. Lisäksi:

www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/. Lisäksi:


Gitpaste-12 Worm Targets Linux Servers, IoT Devices

threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/ The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things (IoT) devices (that are based on ARM and MIPS CPUs). Lisäksi:


This hacking group is using previously unknown tools to target defence contractors

www.zdnet.com/article/this-hacking-group-is-using-previously-unknown-tools-to-target-defence-contractors/ Researchers at McAfee first detailed Operation North Star earlier this year, but further analysis of reveals additional tactics and techniques of the campaign which has almost identical elements to Hidden Cobra AKA The Lazarus Group a hacking operation which the US government and others say is working out of North Korea on behalf of the government in Pyongyang

Tech support scammer dialed random number and Australian Police’s cybercrime squad answered

www.theregister.com/2020/11/06/sa_police_support_scam_intercept/ A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for.

Kuluttaja-asiamies saanut Vastaamon tietomurron jälkeen huolestuneita yhteydenottoja nettiostoihin tarjottava luotto voi olla tietosuojariski

yle.fi/uutiset/3-11631588 Kuluttaja-asiamiehelle on tullut Vastaamon tietomurron jälkeen kysymyksiä henkilötunnuksen käytöstä ja identiteettivarkauksista verkkokauppaostoksista, kertoo ryhmäpäällikkö Paula Hannula Kilpailu- ja kuluttajavirastosta (KKV).

You might be interested in …

Daily NCSC-FI news followup 2020-10-16

Microsoft issues out-of-band Windows security updates for RCE bugs www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/ Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library. Alert: Risk of SharePoint vulnerability to UK organisations www.ncsc.gov.uk/news/sharepoint-vulnerability-uk-organisations The NCSC is raising awareness of a new remote […]

Read More

Daily NCSC-FI news followup 2020-09-21

JAMK kartoitti kyberharjoitusympäristöjä: Euroopassa tietoverkkohyökkäyksiä vastaan harjoitellaan aktiivisesti www.epressi.com/tiedotteet/tietoturva/jamk-kartoitti-kyberharjoitusymparistoja-euroopassa-tietoverkkohyokkayksia-vastaan-harjoitellaan-aktiivisesti.html Jyväskylän ammattikorkeakoulussa (JAMK) on selvitetty eurooppalaisia kyberturvallisuusympäristöjä ja niiden ominaisuuksia. Laaja selvitys on Euroopassa ensimmäinen laatuaan. Raportoituja eurooppalaisia kyberturvallisuusharjoitusympäristöjä (cyber range) löytyi selvityksessä kolmekymmentäyhdeksän. Suomalaisia harjoitusympäristöjä raportointiin maakohtaisesti eniten, yhteensä seitsemän. Slightly broken overlay phishing isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/ At the Internet Storm Center, we often receive examples of […]

Read More

Daily NCSC-FI news followup 2020-10-30

Attacks exploiting Netlogon vulnerability (CVE-2020-1472) msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/ Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.