Daily NCSC-FI news followup 2020-12-12

Adobe releases final Flash Player update, warns of 2021 kill switch

www.bleepingcomputer.com/news/software/adobe-releases-final-flash-player-update-warns-of-2021-kill-switch/ After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years. Starting in January 2021, all browser developers will remove Adobe Flash entirely from their browser or have already done so. Once it is removed, there will be no way to install Adobe Flash Player again.

Microsoft Office security updates fix critical SharePoint RCE bugs

www.bleepingcomputer.com/news/security/microsoft-office-security-updates-fix-critical-sharepoint-rce-bugs/ The highlights of this month’s Microsoft Office security updates are without a doubt the two RCE security bugs affecting Microsoft SharePoint. While the first one tracked as CVE-2020-17121 requires attackers to have basic user privileges for exploitation, the second one tracked as CVE-2020-17118 can be exploited remotely without authentication. For successfully exploiting CVE-2020-17118 in low complexity attacks, attackers are also required to trick targets into opening maliciously crafted Office files. Based on the information provided by Microsoft in the security advisory, CVE-2020-17118 proof-of-concept exploit code is also available (although probably shared privately)

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-to-reset-admin-account-passwords/ A patch has been released earlier this week but many WordPress sites remained unpatched – as usual. The zero-day was used in attacks over the past weeks and was patched on Monday. It impacts Easy WP SMTP, a plugin that lets site owners configure the SMTP settings for their website’s outgoing emails. also:

blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/

Following FireEye Hack, Ensure These 16 Bugs Are Patched

www.bankinfosecurity.com/blogs/following-fireeye-hack-ensure-these-16-bugs-are-patched-p-2977 “The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as Cobalt Strike and Metasploit, ” FireEye says. “Some of the tools are publicly available tools modified to evade basic security detection mechanisms. Other tools and frameworks were developed in-house for our red team.”

FBI confirms Zodiac Killer’s 340 cipher solved by trio of amateur math and software codebreakers

www.theregister.com/2020/12/12/zodiac_killers_cipher_solved/ A team of code breakers has solved a cipher attributed to the Zodiac Killer, a serial murderer known for a Northern California killing spree in the late 1960s who has still not been identified or apprehended.

You might be interested in …

Daily NCSC-FI news followup 2020-08-25

DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown labs.ripe.net/Members/daniel_kopp/ddos-hide-and-seek In this article, we investigated booter-based DDoS attacks in the wild and the impact of an FBI takedown targeting fifteen booter websites in December 2018. We investigated and compared attack properties of multiple booter services by launching DDoS attacks against our own […]

Read More

Daily NCSC-FI news followup 2019-06-21

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount www.wired.com/story/iran-hackers-us-phishing-tensions/ WHEN TWO COUNTRIES begin to threaten war in 2019, it’s a safe bet that they’ve already been hacking each other’s networks. Right on schedule, three different cybersecurity firms now say they’ve watched Iran’s hackers try to gain access to a wide array of US […]

Read More

Daily NCSC-FI news followup 2019-12-22

Florida man jailed for over five years after cyberstalking schoolmate, posting threats www.zdnet.com/article/man-jailed-for-over-five-years-after-cyberstalking-schoolmate-posting-threats/ One Day, Three Credit Card Data Breach Notifications www.bleepingcomputer.com/news/security/one-day-three-credit-card-data-breach-notifications/ On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.