Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser

thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi:

chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi:

www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/

DNS cache poisoning, the Internet attack from 2008, is back from the dead – A newly found side channel in a widely used protocol lets attackers spoof domains

arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ Now Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. Lisäksi:

www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/. Lisäksi: dl.acm.org/doi/pdf/10.1145/3372297.3417280

Nvidia Warns Windows Gamers of GeForce NOW Flaw

threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/ Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.

The rise of stalkerware

www.pandasecurity.com/en/mediacenter/mobile-news/rise-stalkerware/ Ever since governments began enforcing lockdowns as a way to contain the spread of the COVID-19 virus, experts have been warning about the dangers of malware. Hackers have been targeting home computers as a way to break into company networks and steal data or embezzle money.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

blog.malwarebytes.com/ransomware/2020/11/regretlocker-new-ransomware-can-encrypt-windows-virtual-hard-disks/ Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.. Lisäksi:


Forget RussiaIranian Hackers Behind Malicious New Cyber Attacks, Warns New Report

www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/ The latest warning from the research team at Check Point, published today, is a timely reminder that the shifting sands of the cyber landscape will be a serious issue for president-elect Biden. Check Point has now attributed the Pay2Key attacks to an Iranian threat actor. And this is a major surprise. As the firm’s Lotem Finkelsteen explains, “we usually associate with ransomware operators with Russian speaking hacking groupsthis is very uncommon to see it related to Iranian hackers.”

Kyberisku 12 ruotsalaisfirmaan kiristys jatkunut jo viikon

www.is.fi/digitoday/tietoturva/art-2000007614374.html Ruotsin yleisradioyhtiön Sveriges Radion tietojen mukaan ruotsalaisyrityksiin on kohdistunut jo viikon ajan kyberhyökkäys. Hyökkäys alkoi viime perjantaina, kun 12 ruotsalaisyhtiötä altistui kiristysohjelmille. Lisäksi:


ICS Threat Activity on the Rise in Manufacturing Sector

www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ Dragos is pleased to announce the release of the Manufacturing Sector Cyber Threat Perspective, a comprehensive analysis of recent observations of ICS-targeting threats to manufacturing organizations along with practical defensive recommendations. This article touches on highlights from the November 2020 report, which is available for download in its entirety here. Lisäksi:


Microsoft urges users to stop using phone-based multi-factor authentication

www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

Onko EU kieltämässä pikaviestien kryptauksen?

www.tivi.fi/uutiset/tv/18f37587-ef7f-4a9c-9b87-36027744b4a7 Euroopan unioni on mahdollisesti suunnittelemassa asetusta, joka kieltäisi pikaviestipalveluita käyttämästä molemminpuolista viestin kryptausta. Julkisuuteen vuotaneessa asiakirjassa ehdotusta perustellaan esimerkiksi rikollisuuden ja terrorismin ehkäisemisellä. Lisäksi:


The alleged decompiled source code of Cobalt Strike toolkit leaked online

securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons, ” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. Lisäksi:


CRAT wants to plunder your endpoints

blog.talosintelligence.com/2020/11/crat-and-plugins.html In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector. Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

You might be interested in …

Daily NCSC-FI news followup 2019-06-22

NASA hacked because of unauthorized Raspberry Pi connected to its networkA: www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/ A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of data related to Mars missions. The point of entry was a Raspberry Pi device that […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.