Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser

thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi:

chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi:

www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/

DNS cache poisoning, the Internet attack from 2008, is back from the dead – A newly found side channel in a widely used protocol lets attackers spoof domains

arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ Now Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. Lisäksi:

www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/. Lisäksi: dl.acm.org/doi/pdf/10.1145/3372297.3417280

Nvidia Warns Windows Gamers of GeForce NOW Flaw

threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/ Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices.

The rise of stalkerware

www.pandasecurity.com/en/mediacenter/mobile-news/rise-stalkerware/ Ever since governments began enforcing lockdowns as a way to contain the spread of the COVID-19 virus, experts have been warning about the dangers of malware. Hackers have been targeting home computers as a way to break into company networks and steal data or embezzle money.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

blog.malwarebytes.com/ransomware/2020/11/regretlocker-new-ransomware-can-encrypt-windows-virtual-hard-disks/ Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Uncovered: APT ‘Hackers For Hire’ Target Financial, Entertainment Firms

thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.. Lisäksi:

blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced

Forget RussiaIranian Hackers Behind Malicious New Cyber Attacks, Warns New Report

www.forbes.com/sites/zakdoffman/2020/11/12/forget-russia-iranian-hackers-behind-malicuous-new-cyber-attacks-warns-new-report/ The latest warning from the research team at Check Point, published today, is a timely reminder that the shifting sands of the cyber landscape will be a serious issue for president-elect Biden. Check Point has now attributed the Pay2Key attacks to an Iranian threat actor. And this is a major surprise. As the firm’s Lotem Finkelsteen explains, “we usually associate with ransomware operators with Russian speaking hacking groupsthis is very uncommon to see it related to Iranian hackers.”

Kyberisku 12 ruotsalaisfirmaan kiristys jatkunut jo viikon

www.is.fi/digitoday/tietoturva/art-2000007614374.html Ruotsin yleisradioyhtiön Sveriges Radion tietojen mukaan ruotsalaisyrityksiin on kohdistunut jo viikon ajan kyberhyökkäys. Hyökkäys alkoi viime perjantaina, kun 12 ruotsalaisyhtiötä altistui kiristysohjelmille. Lisäksi:

sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7598006

ICS Threat Activity on the Rise in Manufacturing Sector

www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ Dragos is pleased to announce the release of the Manufacturing Sector Cyber Threat Perspective, a comprehensive analysis of recent observations of ICS-targeting threats to manufacturing organizations along with practical defensive recommendations. This article touches on highlights from the November 2020 report, which is available for download in its entirety here. Lisäksi:

threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/

Microsoft urges users to stop using phone-based multi-factor authentication

www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

Onko EU kieltämässä pikaviestien kryptauksen?

www.tivi.fi/uutiset/tv/18f37587-ef7f-4a9c-9b87-36027744b4a7 Euroopan unioni on mahdollisesti suunnittelemassa asetusta, joka kieltäisi pikaviestipalveluita käyttämästä molemminpuolista viestin kryptausta. Julkisuuteen vuotaneessa asiakirjassa ehdotusta perustellaan esimerkiksi rikollisuuden ja terrorismin ehkäisemisellä. Lisäksi:

apnews.com/article/technology-data-privacy-europe-fdf47545b487f545ba9f48e38d379a94

The alleged decompiled source code of Cobalt Strike toolkit leaked online

securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy payloads, dubbed “beacons, ” on compromised devices to remotely create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system. Lisäksi:

www.bleepingcomputer.com/news/security/alleged-source-code-of-cobalt-strike-toolkit-shared-online/

CRAT wants to plunder your endpoints

blog.talosintelligence.com/2020/11/crat-and-plugins.html In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector. Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

You might be interested in …

Daily NCSC-FI news followup 2019-07-11

(10.7.) Kemin tietoliikenneverkossa päällä pitkä vikatilanne ongelmia erityisesti terveyspalveluissa, kun potilastietoihin ei päästä käsiksi www.kaleva.fi/uutiset/pohjois-suomi/kemin-tietoliikenneverkossa-paalla-pitka-vikatilanne-ongelmia-erityisesti-terveyspalveluissa-kun-potilastietoihin-ei-paasta-kasiksi/823324/ Myös: www.radiopooki.fi/uutiset/lappi/a-181258 (Kemin tietoverkkoviat korjattu). Myös: www.kaleva.fi/uutiset/pohjois-suomi/kemin-kaupungin-tietoliikenneverkko-toimii-jalleen-normaalisti/823346/. Myös: www.kaleva.fi/uutiset/pohjois-suomi/kemia-riivanneen-tietoliikenneverkon-hairion-syy-saatiin-selvitettya/823367/. (Kemin kaupungin tiedote): www.kemi.fi/ajankohtaista/2019/07/11/kemin-kaupungin-tietoliikenneverkon-hairion-syy-ei-ollut-ulkopuolinen-hairinta/ Vulnerable GE anesthesia machines can be manipulated by attackers www.helpnetsecurity.com/2019/07/10/vulnerable-ge-anesthesia-machines/ A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers […]

Read More

Daily NCSC-FI news followup 2020-02-01

Exercise Crossed Swords 2020 Reached New Levels of Multinational and Interdisciplinary Cooperation ccdcoe.org/news/2020/exercise-crossed-swords-2020-reached-new-levels-of-multinational-and-interdisciplinary-cooperation/ The 6th iteration of the annual cyber exercise Crossed Swords in Riga, Latvia, brought together more than 120 technical experts, Cyber Commands´ members, Special Forces operators and military police. Organized jointly by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and […]

Read More

Daily NCSC-FI news followup 2019-08-31

VLAN as an additional security layer www.kaspersky.com/blog/vlan-security/28253/ Every company has employees who handle large volumes of external e-mail. HR officers, PR managers, and salespeople are a few common examples. In addition to their regular mail, they receive a lot of spam, phishing messages, and malicious attachments. Moreover, the nature of their work requires them to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.