Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide
www.forescout.com/research-labs/amnesia33/ Read also:
us-cert.cisa.gov/ics/advisories/icsa-20-343-01. As well as:
www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices/ and threatpost.com/amnesia33-tcp-ip-flaws-iot-devices/161928/. And: us-cert.cisa.gov/ics/advisories/icsa-20-343-01
Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities
www.zdnet.com/article/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/ Fixes for 22 remote code execution vulnerabilities included in this month’s patches. Read also: isc.sans.edu/diary/rss/26860 and
Kalastelusivujen anatomiaa Box-tiedostonjakopalvelua jäljittelevä kampanja
www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kalastelusivujen-anatomiaa-box-tiedostonjakopalvelua-jaljitteleva-kampanja Erilaiset kalastelukampanjat voivat levitä nopeasti. Kampanjoissa rikolliset yrittävät saada haltuunsa eri organisaatioiden käyttäjätunnuksia ja salasanoja. Rikollisten käyttämät kalastelusivut hyödyntävät erilaisia tapoja saadakseen käyttäjän syöttämään omat tunnuksensa. Käymme läpi yhden kalastelukampanjan toimintaperiaatteita.
Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft
threatpost.com/europol-covid-19-vaccine-rollout-fraud-theft/161968/ European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The warning comes after Europol discovered a Mexico-based operation pushing fake influenza vaccines on the cybercrime underground in October. It said it is likely that these same actors will see another opportunity with the rollout of a COVID-19 vaccine.
Vishing criminals let rip with two scams at once
nakedsecurity.sophos.com/2020/12/08/vishing-criminals-let-rip-with-two-scams-at-once/ Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime.
Cybersecurity 101: Protect your privacy from hackers, spies, and the government
www.zdnet.com/article/online-security-101-how-to-protect-your-privacy-from-hackers-spies-and-the-government/#ftag=RSSbaffb68 Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
Digital Transformation Drives Investment in Operational Technology (OT) Cybersecurity
www.dragos.com/blog/industry-news/dragos-record-breaking-ot-cybersecurity-investment/ As digital transformation initiatives accelerate globally, industrial organizations and enterprises that depend upon industrial processes to propel their core business collectively stand at a cyber risk crossroads.
Pure frustration: What happens when someone uses your email address to sign up for PayPal, car hire, doctors, security systems and more
www.theregister.com/2020/12/08/pure_frustration_what_happens_when/ Many companies have no mechanism to deal with a common problem: when users open accounts using someone else’s email address, either by accident or design. “I have had a barrage of account creation requests that will fail… also a large number of invoices, warranty emails and so on for purchases, from furniture to electronics, ” a reader informed us.
Phishing Campaign Targets 200M Microsoft 365 Accounts
www.darkreading.com/threat-intelligence/phishing-campaign-targets-200m-microsoft-365-accounts/d/d-id/1339637?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom. Read also:
Iran to issue license for national bug bounty program to clean up its code base
www.theregister.com/2020/12/08/iran_bug_bounty_program/ A government announcement links to a document named “bug bounty-final eddition” in English. The Register has passed that document through a pair of online translation services and it calls for suppliers willing to bid for a licence to operate a bug bounty program.
Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare’s protocol proposals to protect privacy
www.theregister.com/2020/12/08/cloudflare_privacy_protocols/ Web infrastructure company Cloudflare is pushing for the adoption of new internet protocols it says will enable a “privacy-respecting internet”. Read also:
When is a remote-code-execution bug in Teams not an RCE? When Microsoft says it isn’t, flaw finder discovers
www.theregister.com/2020/12/07/microsoft_teams_rce_flaw/ At some point since August, Microsoft quietly fixed a cross-site scripting (XSS) bug in its Teams web app that opened the door to a serious remote-code-execution (RCE) vulnerability in the Linux, macOS, and Windows desktop versions of its Teams collaboration app. The security researcher who identified the issue suggests Microsoft should have done more to acknowledge the risk, noting that Microsoft didn’t bother to publish details or obtain Common Vulnerabilities and Exposures (CVE) identifiers for the flaws because Teams gets automatically updated. Read also:
Free’ Cyberpunk 2077 Downloads Lead to Data Harvesting
threatpost.com/free-cyberpunk-2077-downloads/161963/ According to researchers at Kaspersky, a series of websites have gone live in a range of languages, all with URLs containing keywords like “PC”, “games” and “download.” And they all offer free purported downloads for the game. Read also:
GE puts default password in radiology devices, leaving healthcare networks exposed
arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/ Fixing the critical vulnerability isn’t straightforward and comes with its own risks. Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. Read also:
Norway says Russian hacking group APT28 is behind August 2020 Parliament hack
www.zdnet.com/article/norway-says-russian-hacking-group-apt28-is-behind-august-2020-parliament-hack/ Russian hackers breached the Norway’s Parliament email accounts in August this year. Read also:
Hacker opens 2, 732 PickPoint package lockers across Moscow
www.zdnet.com/article/hacker-opens-2732-pickpoint-package-lockers-across-moscow/ PickPoint says this is the world’s first targeted cyberattack against a post-gateway network.
The COVID-19 pandemic has directly and indirectly affected not only global economies and societies, but spammer behaviour. As the virus spread exponentially worldwide, spam calls started to decrease around March
truecaller.blog/2020/12/08/truecaller-insights-top-20-countries-affected-by-spam-calls-in-2020-2/ Given Truecaller’s analysis doesn’t contain data points from the spammer’s perspective, it is difficult to attribute this to any one factor. However, the beginning of quarantines and curfews, which limited access to certain equipment and technologies, certainly had a role in this. With society paused’, even the scammers took a break. October, with a record high in terms of spam calls, was 22.4% higher than the pre-lockdown period. Read also:
U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers
www.wsj.com/articles/u-s-cyber-firm-fireeye-says-it-was-breached-by-nation-state-hackers-11607461408?mod=djemalertNEWS The cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers
WARNING Critical Remote Hacking Flaws Affect D-Link VPN Routers
thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattackseven if they are secured with a strong password. Read also:
Oikeus mursi salatun sähköpostin suojauksen Saksassa palvelua käytti myös Vastaamo-kiristäjä
www.is.fi/digitoday/tietoturva/art-2000007668670.html Käyttäjien viestit päästä päähän salaava ja niitä sitten salattuna säilyttävä sähköpostipalvelu Tutanota joutuu tuomaan palveluunsa takaoven, joka päästää viranomaiset käsiksi joihinkin viesteihin. Heise-teknologiajulkaisun mukaan asiasta päätti Kölnin alueoikeus, jonka mukaan Tutanotan on lisättävä toiminto jolla poliisi pääsee katsomaan yksittäisiä sähköpostilaatikoita ja lukemaan posteja selväkielisinä. Lue myös:
BTC-e founder sentenced to five years in prison for laundering ransomware funds
www.zdnet.com/article/btc-e-founder-sentenced-to-five-years-in-prison-for-laundering-ransomware-funds/ French prosecutors weren’t able to prove that Vinnik was also involved in the distribution of the Locky ransomware.
Lightning does strike twice: If you get hacked once, you’ll probably be attacked again within a year
www.zdnet.com/article/lightning-does-strikes-twice-if-you-get-hacked-once-youll-probably-be-attacked-again-within-a-year/ Businesses might feel that if they’re targeted cyber criminals once, it won’t happen again – but analysis of incidents shows that more often than not, attackers come back looking for more.
What Is Third-Party Intelligence?
All Kubernetes versions affected by unpatched MiTM vulnerability
www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/ The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.
Recovering passwords from pixelized screenshots
www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema Pixelization is used in many areas to obfuscate information in images. I’ve seen companies pixelize passwords in internal documents. No tools were available for recovering a password from such an image, so I created one. This article covers the algorithm and similar research on depixelization. Read also:
Data Encryption: Simplifying Enterprise Key Management
securityintelligence.com/posts/data-encryption-simplifying-enterprise-key-management/ Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2020 Cost of a Data Breach report, the use of encryption is a top factor in reducing that cost. But, encrypted data is only as safe as the encryption keys.
Microsoft issues guidance for DNS cache poisoning vulnerability
www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/ Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing (also known as DNS cache poisoning) attacks. Read also:
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
threatpost.com/adobe-windows-macos-critical-severity-flaws/162007/ Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.