Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser

thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi:

chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi:

www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/

DNS cache poisoning, the Internet attack from 2008, is back from the dead – A newly found side channel in a widely used protocol lets attackers spoof domains

arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ Now Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. Lisäksi:

www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/. Lisäksi: dl.acm.org/doi/pdf/10.1145/3372297.3417280

Nvidia Warns Windows Gamers of GeForce NOW Flaw

threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/ Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.

The rise of stalkerware

www.pandasecurity.com/en/mediacenter/mobile-news/rise-stalkerware/ Ever since governments began enforcing lockdowns as a way to contain the spread of the COVID-19 virus, experts have been warning about the dangers of malware. Hackers have been targeting home computers as a way to break into company networks and steal data or embezzle money.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

blog.malwarebytes.com/ransomware/2020/11/regretlocker-new-ransomware-can-encrypt-windows-virtual-hard-disks/ Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.. Lisäksi:


Forget RussiaIranian Hackers Behind Malicious New Cyber Attacks, Warns New Report

www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/ The latest warning from the research team at Check Point, published today, is a timely reminder that the shifting sands of the cyber landscape will be a serious issue for president-elect Biden. Check Point has now attributed the Pay2Key attacks to an Iranian threat actor. And this is a major surprise. As the firm’s Lotem Finkelsteen explains, “we usually associate with ransomware operators with Russian speaking hacking groupsthis is very uncommon to see it related to Iranian hackers.”

Kyberisku 12 ruotsalaisfirmaan kiristys jatkunut jo viikon

www.is.fi/digitoday/tietoturva/art-2000007614374.html Ruotsin yleisradioyhtiön Sveriges Radion tietojen mukaan ruotsalaisyrityksiin on kohdistunut jo viikon ajan kyberhyökkäys. Hyökkäys alkoi viime perjantaina, kun 12 ruotsalaisyhtiötä altistui kiristysohjelmille. Lisäksi:


ICS Threat Activity on the Rise in Manufacturing Sector

www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ Dragos is pleased to announce the release of the Manufacturing Sector Cyber Threat Perspective, a comprehensive analysis of recent observations of ICS-targeting threats to manufacturing organizations along with practical defensive recommendations. This article touches on highlights from the November 2020 report, which is available for download in its entirety here. Lisäksi:


Microsoft urges users to stop using phone-based multi-factor authentication

www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

Onko EU kieltämässä pikaviestien kryptauksen?

www.tivi.fi/uutiset/tv/18f37587-ef7f-4a9c-9b87-36027744b4a7 Euroopan unioni on mahdollisesti suunnittelemassa asetusta, joka kieltäisi pikaviestipalveluita käyttämästä molemminpuolista viestin kryptausta. Julkisuuteen vuotaneessa asiakirjassa ehdotusta perustellaan esimerkiksi rikollisuuden ja terrorismin ehkäisemisellä. Lisäksi:


The alleged decompiled source code of Cobalt Strike toolkit leaked online

securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons, ” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. Lisäksi:


CRAT wants to plunder your endpoints

blog.talosintelligence.com/2020/11/crat-and-plugins.html In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector. Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

You might be interested in …

Daily NCSC-FI news followup 2020-10-23

Inhimillinen virhe, haittaohjelma vai jotakin muuta? Kysyimme asiantuntijalta, miten Vastaamon järkyttävä tietomurto oli mahdollinen yle.fi/uutiset/3-11611051 Vuodon taustalla voi olla inhimillinen virhe ylläpidossa, joka on mahdollistanut tietomurron. Silloin järjestelmän ylläpitäjä olisi esimerkiksi paljastanut järjestelmästä sellaisia osia, joiden avulla hyökkääjä on voinut ohittaa suojauksia. Se ei kuitenkaan ole ainoa vaihtoehto, Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen erityisasiantuntija Perttu Halonen […]

Read More

Daily NCSC-FI news followup 2021-01-05

Käsikirja tukemaan terveydenhuollon kyberturvallisuutta Suomessa myös koronakriisin aikaisia vaikutuksia käsitelty www.epressi.com/tiedotteet/terveys/kasikirja-tukemaan-terveydenhuollon-kyberturvallisuutta-suomessa-myos-koronakriisin-aikaisia-vaikutuksia-kasitelty.html Jyväskylän ammattikorkeakoulu (JAMK) on julkaissut käsikirjan kyberhäiriöiden hallintaan terveydenhuollon toimijoille. Julkaisu auttaa eri kokoisia terveydenhuollon organisaatioita kehittämään kyberhäiriöiden hallinnan prosesseja ja toimintaohjeita. SolarWinds: The more we learn, the worse it looks www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/ While you’ve been distracted by the holidays, coronavirus, and politics, the more […]

Read More

Daily NCSC-FI news followup 2020-08-21

Outlook mail issues phishing dont fall for this scam! nakedsecurity.sophos.com/2020/08/21/outlook-mail-issues-phishing-dont-fall-for-this-scam/ Heres a phish that our own security team received themselves. Apart from some slightly clumsy wording (but when was the last time you received an email about a technical matter that was plainly written in perfect English?) and a tiny error of grammar, we thought […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.