Daily NCSC-FI news followup 2020-11-06

Update Your iOS Devices Now 3 Actively Exploited 0-Days Discovered

thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. Lisäksi:

support.apple.com/en-us/HT201222. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/06/apple-releases-security-updates-multiple-products. Lisäksi: threatpost.com/apple-patches-bugs-zero-days/161010/. Lisäksi:

www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild. Lisäksi:

arstechnica.com/information-technology/2020/11/apple-patches-ios-against-3-actively-exploited-0days-found-by-google/. Lisäksi:

www.theregister.com/2020/11/05/apple_drops_patches_to_fix/. Lisäksi:

www.bleepingcomputer.com/news/security/apple-patches-three-actively-exploited-ios-zero-days/

Sairaalatkaan eivät ole turvassa lunnashaittaohjelmilta: potilasturvallisuutta harjoitellaan pian oikeankaltaisessa ympäristössä Jyväskylässä

www.epressi.com/tiedotteet/terveys/sairaalatkaan-eivat-ole-turvassa-lunnashaittaohjelmilta-potilasturvallisuutta-harjoitellaan-pian-oikeankaltaisessa-ymparistossa-jyvaskylassa.html Jyväskylän ammattikorkeakoulun (JAMK) IT-instituutissa luodaan parhaillaan digitaalisen terveydenhuollon ympäristöä kyberturvallisuusharjoittelua varten. Ympäristössä syksyllä 2021 pidettävän ensimmäisen terveydenhuollon kyberturvallisuusharjoituksen teemana ovat potilasturvallisuus ja potilaiden henkilötietojen tietosuoja sairaalaympäristössä.

Bitcoin: $1bn seized from Silk Road account by US government

www.bbc.com/news/technology-54833130 More than $1bn (£772m) in Bitcoin linked to the notorious Silk Road website has been seized by the US Department of Justice (DoJ). Lisäksi:

www.vice.com/en/article/akdgz8/us-feds-seize-1-billion-in-bitcoin-from-wallet-linked-to-silk-road

Rediscovering Limitations of Stateful Firewalls: “NAT Slipstreaming” ? Implications, Detections and Mitigations

isc.sans.edu/diary/rss/26766 A recent {rediscovered} technique (NAT Slipstreaming) to allow an attacker remotely access any TCP/UDP service bound to a victim’s machine, thus bypassing the victim’s Network Address Translation (NAT)/firewall implementation was detailed by Samy Kamkar. Samy had also shared a similar technique termed “NAT Pinning” back in 2010.

Brazil’s court system under massive RansomExx ransomware attack

www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/ Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. Lisäksi:

securelist.com/ransomexx-trojan-attacks-linux-systems/99279/. Lisäksi:

www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/. Lisäksi:

www.bleepingcomputer.com/news/security/ransomexx-ransomware-also-encrypts-linux-systems/

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/ The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things (IoT) devices (that are based on ARM and MIPS CPUs). Lisäksi:

www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/

This hacking group is using previously unknown tools to target defence contractors

www.zdnet.com/article/this-hacking-group-is-using-previously-unknown-tools-to-target-defence-contractors/ Researchers at McAfee first detailed Operation North Star earlier this year, but further analysis of reveals additional tactics and techniques of the campaign which has almost identical elements to Hidden Cobra AKA The Lazarus Group a hacking operation which the US government and others say is working out of North Korea on behalf of the government in Pyongyang

Tech support scammer dialed random number and Australian Police’s cybercrime squad answered

www.theregister.com/2020/11/06/sa_police_support_scam_intercept/ A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for.

Kuluttaja-asiamies saanut Vastaamon tietomurron jälkeen huolestuneita yhteydenottoja nettiostoihin tarjottava luotto voi olla tietosuojariski

yle.fi/uutiset/3-11631588 Kuluttaja-asiamiehelle on tullut Vastaamon tietomurron jälkeen kysymyksiä henkilötunnuksen käytöstä ja identiteettivarkauksista verkkokauppaostoksista, kertoo ryhmäpäällikkö Paula Hannula Kilpailu- ja kuluttajavirastosta (KKV).

You might be interested in …

Daily NCSC-FI news followup 2021-05-23

Bizarro banking malware targets 70 banks in Europe and South America www.bleepingcomputer.com/news/security/bizarro-banking-malware-targets-70-banks-in-europe-and-south-america/ The malware spreads through phishing emails that are typically disguised as official tax-related messages informing of outstanding obligations. The malware can terminate online banking sessions and force the user to re-enter the account credentials, while also transferring those credentials to the attackers. There […]

Read More

Daily NCSC-FI news followup 2019-12-02

Meet PyXie: A Nefarious New Python RAT threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT were calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. […]

Read More

Daily NCSC-FI news followup 2021-03-13

Protecting on-premises Exchange Servers against recent attacks www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/ For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although larger organizations with on-premises Exchange […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.