Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser

thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi:

chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi:

www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/

DNS cache poisoning, the Internet attack from 2008, is back from the dead – A newly found side channel in a widely used protocol lets attackers spoof domains

arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ Now Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. Lisäksi:

www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/. Lisäksi: dl.acm.org/doi/pdf/10.1145/3372297.3417280

Nvidia Warns Windows Gamers of GeForce NOW Flaw

threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/ Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.

The rise of stalkerware

www.pandasecurity.com/en/mediacenter/mobile-news/rise-stalkerware/ Ever since governments began enforcing lockdowns as a way to contain the spread of the COVID-19 virus, experts have been warning about the dangers of malware. Hackers have been targeting home computers as a way to break into company networks and steal data or embezzle money.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

blog.malwarebytes.com/ransomware/2020/11/regretlocker-new-ransomware-can-encrypt-windows-virtual-hard-disks/ Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.. Lisäksi:

blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced

Forget RussiaIranian Hackers Behind Malicious New Cyber Attacks, Warns New Report

www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/ The latest warning from the research team at Check Point, published today, is a timely reminder that the shifting sands of the cyber landscape will be a serious issue for president-elect Biden. Check Point has now attributed the Pay2Key attacks to an Iranian threat actor. And this is a major surprise. As the firm’s Lotem Finkelsteen explains, “we usually associate with ransomware operators with Russian speaking hacking groupsthis is very uncommon to see it related to Iranian hackers.”

Kyberisku 12 ruotsalaisfirmaan kiristys jatkunut jo viikon

www.is.fi/digitoday/tietoturva/art-2000007614374.html Ruotsin yleisradioyhtiön Sveriges Radion tietojen mukaan ruotsalaisyrityksiin on kohdistunut jo viikon ajan kyberhyökkäys. Hyökkäys alkoi viime perjantaina, kun 12 ruotsalaisyhtiötä altistui kiristysohjelmille. Lisäksi:

sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7598006

ICS Threat Activity on the Rise in Manufacturing Sector

www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ Dragos is pleased to announce the release of the Manufacturing Sector Cyber Threat Perspective, a comprehensive analysis of recent observations of ICS-targeting threats to manufacturing organizations along with practical defensive recommendations. This article touches on highlights from the November 2020 report, which is available for download in its entirety here. Lisäksi:

threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/

Microsoft urges users to stop using phone-based multi-factor authentication

www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

Onko EU kieltämässä pikaviestien kryptauksen?

www.tivi.fi/uutiset/tv/18f37587-ef7f-4a9c-9b87-36027744b4a7 Euroopan unioni on mahdollisesti suunnittelemassa asetusta, joka kieltäisi pikaviestipalveluita käyttämästä molemminpuolista viestin kryptausta. Julkisuuteen vuotaneessa asiakirjassa ehdotusta perustellaan esimerkiksi rikollisuuden ja terrorismin ehkäisemisellä. Lisäksi:

apnews.com/article/technology-data-privacy-europe-fdf47545b487f545ba9f48e38d379a94

The alleged decompiled source code of Cobalt Strike toolkit leaked online

securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons, ” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. Lisäksi:

www.bleepingcomputer.com/news/security/alleged-source-code-of-cobalt-strike-toolkit-shared-online/

CRAT wants to plunder your endpoints

blog.talosintelligence.com/2020/11/crat-and-plugins.html In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector. Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

You might be interested in …

Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain […]

Read More

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Read More

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.