Daily NCSC-FI news followup 2020-11-06

Update Your iOS Devices Now 3 Actively Exploited 0-Days Discovered

thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. Lisäksi:

support.apple.com/en-us/HT201222. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/06/apple-releases-security-updates-multiple-products. Lisäksi: threatpost.com/apple-patches-bugs-zero-days/161010/. Lisäksi:

www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild. Lisäksi:

arstechnica.com/information-technology/2020/11/apple-patches-ios-against-3-actively-exploited-0days-found-by-google/. Lisäksi:

www.theregister.com/2020/11/05/apple_drops_patches_to_fix/. Lisäksi:

www.bleepingcomputer.com/news/security/apple-patches-three-actively-exploited-ios-zero-days/

Sairaalatkaan eivät ole turvassa lunnashaittaohjelmilta: potilasturvallisuutta harjoitellaan pian oikeankaltaisessa ympäristössä Jyväskylässä

www.epressi.com/tiedotteet/terveys/sairaalatkaan-eivat-ole-turvassa-lunnashaittaohjelmilta-potilasturvallisuutta-harjoitellaan-pian-oikeankaltaisessa-ymparistossa-jyvaskylassa.html Jyväskylän ammattikorkeakoulun (JAMK) IT-instituutissa luodaan parhaillaan digitaalisen terveydenhuollon ympäristöä kyberturvallisuusharjoittelua varten. Ympäristössä syksyllä 2021 pidettävän ensimmäisen terveydenhuollon kyberturvallisuusharjoituksen teemana ovat potilasturvallisuus ja potilaiden henkilötietojen tietosuoja sairaalaympäristössä.

Bitcoin: $1bn seized from Silk Road account by US government

www.bbc.com/news/technology-54833130 More than $1bn (£772m) in Bitcoin linked to the notorious Silk Road website has been seized by the US Department of Justice (DoJ). Lisäksi:

www.vice.com/en/article/akdgz8/us-feds-seize-1-billion-in-bitcoin-from-wallet-linked-to-silk-road

Rediscovering Limitations of Stateful Firewalls: “NAT Slipstreaming” ? Implications, Detections and Mitigations

isc.sans.edu/diary/rss/26766 A recent {rediscovered} technique (NAT Slipstreaming) to allow an attacker remotely access any TCP/UDP service bound to a victim’s machine, thus bypassing the victim’s Network Address Translation (NAT)/firewall implementation was detailed by Samy Kamkar. Samy had also shared a similar technique termed “NAT Pinning” back in 2010.

Brazil’s court system under massive RansomExx ransomware attack

www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/ Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. Lisäksi:

securelist.com/ransomexx-trojan-attacks-linux-systems/99279/. Lisäksi:

www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/. Lisäksi:

www.bleepingcomputer.com/news/security/ransomexx-ransomware-also-encrypts-linux-systems/

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/ The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things (IoT) devices (that are based on ARM and MIPS CPUs). Lisäksi:

www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/

This hacking group is using previously unknown tools to target defence contractors

www.zdnet.com/article/this-hacking-group-is-using-previously-unknown-tools-to-target-defence-contractors/ Researchers at McAfee first detailed Operation North Star earlier this year, but further analysis of reveals additional tactics and techniques of the campaign which has almost identical elements to Hidden Cobra AKA The Lazarus Group a hacking operation which the US government and others say is working out of North Korea on behalf of the government in Pyongyang

Tech support scammer dialed random number and Australian Police’s cybercrime squad answered

www.theregister.com/2020/11/06/sa_police_support_scam_intercept/ A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for.

Kuluttaja-asiamies saanut Vastaamon tietomurron jälkeen huolestuneita yhteydenottoja nettiostoihin tarjottava luotto voi olla tietosuojariski

yle.fi/uutiset/3-11631588 Kuluttaja-asiamiehelle on tullut Vastaamon tietomurron jälkeen kysymyksiä henkilötunnuksen käytöstä ja identiteettivarkauksista verkkokauppaostoksista, kertoo ryhmäpäällikkö Paula Hannula Kilpailu- ja kuluttajavirastosta (KKV).

You might be interested in …

Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi: www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/ Recently fixed Windows zero-day actively exploited since mid-2020 www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ […]

Read More

Daily NCSC-FI news followup 2020-04-16

Linksys asks users to reset passwords after hackers hijacked home routers last month www.zdnet.com/article/linksys-asks-users-to-reset-passwords-after-hackers-hijacked-home-routers-last-month/ Linksys locks Smart WiFi cloud accounts and asks users to reset passwords after hackers hijacked routers to redirect traffic to malware sites. Continued Threat Actor Exploitation Post Pulse Secure VPN Patching www.us-cert.gov/ncas/alerts/aa20-107a This Alert provides an update to Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.