Daily NCSC-FI news followup 2020-12-08

Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide

www.forescout.com/research-labs/amnesia33/ Read also:

www.wired.com/story/amnesia33-iot-vulnerabilitiesmay-never-get-fixed/,

www.kb.cert.org/vuls/id/815128,

us-cert.cisa.gov/ics/advisories/icsa-20-343-01. As well as:

www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices/ and threatpost.com/amnesia33-tcp-ip-flaws-iot-devices/161928/. And: us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

www.zdnet.com/article/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/ Fixes for 22 remote code execution vulnerabilities included in this month’s patches. Read also: isc.sans.edu/diary/rss/26860 and

msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/. As well as:

www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4592449-and-kb4592438-released/ and

www.bleepingcomputer.com/news/security/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/. And: threatpost.com/microsoft-patch-tuesday-holidays/162041/

Kalastelusivujen anatomiaa Box-tiedostonjakopalvelua jäljittelevä kampanja

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kalastelusivujen-anatomiaa-box-tiedostonjakopalvelua-jaljitteleva-kampanja Erilaiset kalastelukampanjat voivat levitä nopeasti. Kampanjoissa rikolliset yrittävät saada haltuunsa eri organisaatioiden käyttäjätunnuksia ja salasanoja. Rikollisten käyttämät kalastelusivut hyödyntävät erilaisia tapoja saadakseen käyttäjän syöttämään omat tunnuksensa. Käymme läpi yhden kalastelukampanjan toimintaperiaatteita.

Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft

threatpost.com/europol-covid-19-vaccine-rollout-fraud-theft/161968/ European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The warning comes after Europol discovered a Mexico-based operation pushing fake influenza vaccines on the cybercrime underground in October. It said it is likely that these same actors will see another opportunity with the rollout of a COVID-19 vaccine.

Vishing criminals let rip with two scams at once

nakedsecurity.sophos.com/2020/12/08/vishing-criminals-let-rip-with-two-scams-at-once/ Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime.

Cybersecurity 101: Protect your privacy from hackers, spies, and the government

www.zdnet.com/article/online-security-101-how-to-protect-your-privacy-from-hackers-spies-and-the-government/#ftag=RSSbaffb68 Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Digital Transformation Drives Investment in Operational Technology (OT) Cybersecurity

www.dragos.com/blog/industry-news/dragos-record-breaking-ot-cybersecurity-investment/ As digital transformation initiatives accelerate globally, industrial organizations and enterprises that depend upon industrial processes to propel their core business collectively stand at a cyber risk crossroads.

Pure frustration: What happens when someone uses your email address to sign up for PayPal, car hire, doctors, security systems and more

www.theregister.com/2020/12/08/pure_frustration_what_happens_when/ Many companies have no mechanism to deal with a common problem: when users open accounts using someone else’s email address, either by accident or design. “I have had a barrage of account creation requests that will fail… also a large number of invoices, warranty emails and so on for purchases, from furniture to electronics, ” a reader informed us.

Phishing Campaign Targets 200M Microsoft 365 Accounts

www.darkreading.com/threat-intelligence/phishing-campaign-targets-200m-microsoft-365-accounts/d/d-id/1339637?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom. Read also:

threatpost.com/spearphishing-attack-spoofs-microsoft-office-365/162001/

Iran to issue license for national bug bounty program to clean up its code base

www.theregister.com/2020/12/08/iran_bug_bounty_program/ A government announcement links to a document named “bug bounty-final eddition” in English. The Register has passed that document through a pair of online translation services and it calls for suppliers willing to bid for a licence to operate a bug bounty program.

Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare’s protocol proposals to protect privacy

www.theregister.com/2020/12/08/cloudflare_privacy_protocols/ Web infrastructure company Cloudflare is pushing for the adoption of new internet protocols it says will enable a “privacy-respecting internet”. Read also:

techcrunch.com/2020/12/08/cloudflare-and-apple-design-a-new-privacy-friendly-internet-protocol/

When is a remote-code-execution bug in Teams not an RCE? When Microsoft says it isn’t, flaw finder discovers

www.theregister.com/2020/12/07/microsoft_teams_rce_flaw/ At some point since August, Microsoft quietly fixed a cross-site scripting (XSS) bug in its Teams web app that opened the door to a serious remote-code-execution (RCE) vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app. The security researcher who identified the issue suggests Microsoft should have done more to acknowledge the risk, noting that Microsoft didn’t bother to publish details or obtain Common Vulnerabilities and Exposures (CVE) identifiers for the flaws because Teams gets automatically updated. Read also:

github.com/oskarsve/ms-teams-rce and

thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html

Free’ Cyberpunk 2077 Downloads Lead to Data Harvesting

threatpost.com/free-cyberpunk-2077-downloads/161963/ According to researchers at Kaspersky, a series of websites have gone live in a range of languages, all with URLs containing keywords like “PC”, “games” and “download.” And they all offer free purported downloads for the game. Read also:

www.kaspersky.com/blog/cyberpunk-2077-scam/37907/

GE puts default password in radiology devices, leaving healthcare networks exposed

arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/ Fixing the critical vulnerability isn’t straightforward and comes with its own risks. Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. Read also:

www.zdnet.com/article/account-with-default-creds-found-in-100-ge-medical-device-models/ and

threatpost.com/critical-unpatched-bug-ge-radiological-devices/162012/. As well as:

www.bleepingcomputer.com/news/security/severe-mdhexray-bug-affects-100-plus-ge-healthcare-imaging-systems/ and us-cert.cisa.gov/ics/advisories/icsma-20-343-01

Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

www.zdnet.com/article/norway-says-russian-hacking-group-apt28-is-behind-august-2020-parliament-hack/ Russian hackers breached the Norway’s Parliament email accounts in August this year. Read also:

www.bleepingcomputer.com/news/security/norway-russian-apt28-state-hackers-likely-behind-parliament-attack/

Hacker opens 2, 732 PickPoint package lockers across Moscow

www.zdnet.com/article/hacker-opens-2732-pickpoint-package-lockers-across-moscow/ PickPoint says this is the world’s first targeted cyberattack against a post-gateway network.

The COVID-19 pandemic has directly and indirectly affected not only global economies and societies, but spammer behaviour. As the virus spread exponentially worldwide, spam calls started to decrease around March

truecaller.blog/2020/12/08/truecaller-insights-top-20-countries-affected-by-spam-calls-in-2020-2/ Given Truecaller’s analysis doesn’t contain data points from the spammer’s perspective, it is difficult to attribute this to any one factor. However, the beginning of quarantines and curfews, which limited access to certain equipment and technologies, certainly had a role in this. With society paused’, even the scammers took a break. October, with a record high in terms of spam calls, was 22.4% higher than the pre-lockdown period. Read also:

techcrunch.com/2020/12/07/spam-calls-grew-18-this-year-despite-the-global-pandemic/

U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers

www.wsj.com/articles/u-s-cyber-firm-fireeye-says-it-was-breached-by-nation-state-hackers-11607461408?mod=djemalertNEWS The cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers

WARNING Critical Remote Hacking Flaws Affect D-Link VPN Routers

thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattackseven if they are secured with a strong password. Read also:

www.bleepingcomputer.com/news/security/d-link-vpn-routers-get-patch-for-remote-command-injection-bugs/

Oikeus mursi salatun sähköpostin suojauksen Saksassa palvelua käytti myös Vastaamo-kiristäjä

www.is.fi/digitoday/tietoturva/art-2000007668670.html Käyttäjien viestit päästä päähän salaava ja niitä sitten salattuna säilyttävä sähköpostipalvelu Tutanota joutuu tuomaan palveluunsa takaoven, joka päästää viranomaiset käsiksi joihinkin viesteihin. Heise-teknologiajulkaisun mukaan asiasta päätti Kölnin alueoikeus, jonka mukaan Tutanotan on lisättävä toiminto jolla poliisi pääsee katsomaan yksittäisiä sähköpostilaatikoita ja lukemaan posteja selväkielisinä. Lue myös:

www.theregister.com/2020/12/08/tutanota_backdoor_court_order/

BTC-e founder sentenced to five years in prison for laundering ransomware funds

www.zdnet.com/article/btc-e-founder-sentenced-to-five-years-in-prison-for-laundering-ransomware-funds/ French prosecutors weren’t able to prove that Vinnik was also involved in the distribution of the Locky ransomware.

Lightning does strike twice: If you get hacked once, you’ll probably be attacked again within a year

www.zdnet.com/article/lightning-does-strikes-twice-if-you-get-hacked-once-youll-probably-be-attacked-again-within-a-year/ Businesses might feel that if they’re targeted cyber criminals once, it won’t happen again – but analysis of incidents shows that more often than not, attackers come back looking for more.

What Is Third-Party Intelligence?

www.recordedfuture.com/third-party-intelligence-definition/

All Kubernetes versions affected by unpatched MiTM vulnerability

www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/ The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.

Recovering passwords from pixelized screenshots

www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema Pixelization is used in many areas to obfuscate information in images. I’ve seen companies pixelize passwords in internal documents. No tools were available for recovering a password from such an image, so I created one. This article covers the algorithm and similar research on depixelization. Read also:

www.forbes.com/sites/barrycollins/2020/12/07/huge-security-alert-as-free-tool-reveals-pixelized-passwords/ and github.com/beurtschipper/Depix

Data Encryption: Simplifying Enterprise Key Management

securityintelligence.com/posts/data-encryption-simplifying-enterprise-key-management/ Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2020 Cost of a Data Breach report, the use of encryption is a top factor in reducing that cost. But, encrypted data is only as safe as the encryption keys.

Microsoft issues guidance for DNS cache poisoning vulnerability

www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/ Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing (also known as DNS cache poisoning) attacks. Read also:

msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200013

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

threatpost.com/adobe-windows-macos-critical-severity-flaws/162007/ Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.

You might be interested in …

Daily NCSC-FI news followup 2020-02-07

Backing up is no panacea when blackmailers publish stolen data www.kaspersky.com/blog/ransomware-data-disclosure/32410/ Backing up data has been one of the most effective, though labor-intensive, safeguards against encrypting ransomware so far. Now, malefactors seem to have caught up with those who rely on backups. The creators of several ransomware programs, confronted with victims refusing to pay the […]

Read More

Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB […]

Read More

Daily NCSC-FI news followup 2020-11-10

With Great Power comes Great Leakage platypusattack.com/ With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor’s power consumption to infer data and extract cryptographic keys. Lisäksi: www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus. Lisäksi: arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/. Lisäksi: www.theregister.com/2020/11/10/intel_sgx_side_channel/ Microsoft Releases November 2020 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.