Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser

thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi:

chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi:

www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/

DNS cache poisoning, the Internet attack from 2008, is back from the dead – A newly found side channel in a widely used protocol lets attackers spoof domains

arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ Now Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. Lisäksi:

www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/. Lisäksi: dl.acm.org/doi/pdf/10.1145/3372297.3417280

Nvidia Warns Windows Gamers of GeForce NOW Flaw

threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/ Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.

The rise of stalkerware

www.pandasecurity.com/en/mediacenter/mobile-news/rise-stalkerware/ Ever since governments began enforcing lockdowns as a way to contain the spread of the COVID-19 virus, experts have been warning about the dangers of malware. Hackers have been targeting home computers as a way to break into company networks and steal data or embezzle money.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

blog.malwarebytes.com/ransomware/2020/11/regretlocker-new-ransomware-can-encrypt-windows-virtual-hard-disks/ Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.. Lisäksi:


Forget RussiaIranian Hackers Behind Malicious New Cyber Attacks, Warns New Report

www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/ The latest warning from the research team at Check Point, published today, is a timely reminder that the shifting sands of the cyber landscape will be a serious issue for president-elect Biden. Check Point has now attributed the Pay2Key attacks to an Iranian threat actor. And this is a major surprise. As the firm’s Lotem Finkelsteen explains, “we usually associate with ransomware operators with Russian speaking hacking groupsthis is very uncommon to see it related to Iranian hackers.”

Kyberisku 12 ruotsalaisfirmaan kiristys jatkunut jo viikon

www.is.fi/digitoday/tietoturva/art-2000007614374.html Ruotsin yleisradioyhtiön Sveriges Radion tietojen mukaan ruotsalaisyrityksiin on kohdistunut jo viikon ajan kyberhyökkäys. Hyökkäys alkoi viime perjantaina, kun 12 ruotsalaisyhtiötä altistui kiristysohjelmille. Lisäksi:


ICS Threat Activity on the Rise in Manufacturing Sector

www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ Dragos is pleased to announce the release of the Manufacturing Sector Cyber Threat Perspective, a comprehensive analysis of recent observations of ICS-targeting threats to manufacturing organizations along with practical defensive recommendations. This article touches on highlights from the November 2020 report, which is available for download in its entirety here. Lisäksi:


Microsoft urges users to stop using phone-based multi-factor authentication

www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

Onko EU kieltämässä pikaviestien kryptauksen?

www.tivi.fi/uutiset/tv/18f37587-ef7f-4a9c-9b87-36027744b4a7 Euroopan unioni on mahdollisesti suunnittelemassa asetusta, joka kieltäisi pikaviestipalveluita käyttämästä molemminpuolista viestin kryptausta. Julkisuuteen vuotaneessa asiakirjassa ehdotusta perustellaan esimerkiksi rikollisuuden ja terrorismin ehkäisemisellä. Lisäksi:


The alleged decompiled source code of Cobalt Strike toolkit leaked online

securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons, ” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. Lisäksi:


CRAT wants to plunder your endpoints

blog.talosintelligence.com/2020/11/crat-and-plugins.html In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector. Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

You might be interested in …

Daily NCSC-FI news followup 2022-01-21

Haittaohjelma lietsoo pelkoa ei lähde edes Windowsin uudelleenasennuksella www.tivi.fi/uutiset/tv/521b1ca1-ab6f-4b27-8cbf-d0ec229cd3ca MoonBounce-niminen haittaohjelma on tehty toimimaan tietokoneen uefi-laiteohjelmistossa, joka vastaa tietokoneen käynnistämisestä. Haittaohjelma asentuu emolevyn flash-muistiin tietokoneen kovalevyn sijaan. Siksi käyttöjärjestelmän uudelleenasennus tai kovalevyn vaihto eivät poista haittaohjelmaa. Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui? yle.fi/uutiset/3-12268002?origin=rss Valtionyhtiö Cinia kiertää […]

Read More

Daily NCSC-FI news followup 2021-09-02

UK VoIP telco receives ‘colossal ransom demand’, reveals REvil cybercrooks suspected of ‘organised’ DDoS attacks on UK VoIP companies www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/ In a statement, chair of Comms Council UK Eli Katz told us: “Comms Council UK is aware of the Denial of Service attacks currently targeting IP-based communications service providers in the UK and that a […]

Read More

Daily NCSC-FI news followup 2019-06-12

Kyberhyökkääjä iski Lahden kaupungin verkkoon haittaohjelma ehti saastuttaa tietokoneita yle.fi/uutiset/3-10827423 Lahden kaupungin verkkoon ja työasemiin kohdistui kyberhyökkäys tiistaina iltapäivällä. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Haittaohjelma on tunnistettu, ja virustorjuntaohjelmisto eristää sen tartunnan saaneissa koneissa, , kertoo kaupunki tiedotteessaan. Operaattorin palomuureissa on havaittu haittaohjelmaan liittyviä yhteysavauksia ja verkkoliikennettä, joka on estetty.. Myös: […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.