Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Forbes:

www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/. ZDNet:

www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/. The Guardian:

www.theguardian.com/media/2020/dec/20/citizen-lab-nso-dozens-of-aljazeera-journalists-allegedly-hacked-using-israeli-firm-spyware

FireEye: SolarWinds Hack ‘Genuinely Impacted’ 50 Victims

www.databreachtoday.com/fireeye-solarwinds-hack-genuinely-impacted-50-victims-a-15637 “The reality is: The blast radius for this, I kind of explain it with a funnel. It’s true that over 300, 000 companies use SolarWinds, but you come down from that total number down to about 18, 000 or so companies that actually had the backdoor or malicious code in a network, ” Mandia said in an interview with CBS news program “Face the Nation” on Sunday. “And then you come down to the next part. It’s probably only about 50 organizations or companies, somewhere in that zone, that are genuinely impacted by the threat actor.”. Related Securelist:

securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

VMware latest to confirm breach in SolarWinds hacking campaign

www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/ “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation, ” the company said in a statement. VMware:

www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html

US seizes domains used for COVID-19 vaccine phishing attacks

www.bleepingcomputer.com/news/security/us-seizes-domains-used-for-covid-19-vaccine-phishing-attacks/ The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. Over 275, 000 Americans have reported financial losses of more than $211 million following COVID-19-related scams since the start of this year according to the US Federal Trade Commission (FTC).

European Commission Proposes Bold Steps on Cybersecurity

blog.paloaltonetworks.com/2020/12/policy-european-commission-cybersecurity/ European Commission’s released on 16 December of a set of proposals related to cybersecurity, including a new cybersecurity strategy and a proposal for revision of the Directive on Security of Network and Information Systems (NIS 2).

EU Unveils Revamp of Cybersecurity Rules Days After European Medicines Agency (EMA) Hack

www.securityweek.com/eu-unveils-revamp-cybersecurity-rules-days-after-hack The plans include an “EU-wide Cyber Shield” linking national security authorities that would use artificial intelligence and machine learning to detect early signs of attacks, a cyber unit to respond to incidents and threats, and beefing up cooperation between countries and with organizations like NATO.

Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework

www.enisa.europa.eu/news/enisa-news/launch-of-new-ad-hoc-working-group-on-european-cybersecurity-skills-framework The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.

Hacker publishes stolen email and mailing addresses of 270, 000 Ledger cryptocurrency wallet users

hotforsecurity.bitdefender.com/blog/hacker-publishes-stolen-email-and-mailing-addresses-of-270000-ledger-cryptocurrency-wallet-users-24940.html

You might be interested in …

Daily NCSC-FI news followup 2021-06-22

Poistimme Android-haittaohjelmia koskevan varoituksen www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/poistimme-android-haittaohjelmia-koskevan-varoituksen Poistimme 4.6. annetun Android-haittaohjelmia koskevan varoituksen. Kesäkuun alkupuolella erittäin aktiivisena tapahtunut haittaohjelman levityskampanja on nyt rauhoittunut ja ilmoitusmäärät haittaohjelmaa levittävistä tekstiviesteistä ovat laskeneet merkittävästi. City of Liege, Belgium hit by ransomware therecord.media/city-of-liege-belgium-hit-by-ransomware/ Liege, the third biggest city in Belgium, has suffered today a ransomware attack that has disrupted the municipality’s […]

Read More

About the NCSC-FI daily news summary

The National Cyber Security Center of Finland provides a number of awesome services. One of those services is a news follow-up, which consists of the duty officers wading throught the masses of infosec news appearing every day and hand-picks the most important and significant ones. These are combined to an email digest, that is sent […]

Read More

Daily NCSC-FI news followup 2020-09-29

Koronavilkku päivittyi ja esittää tärkeän kysymyksen avattaessa vastaa siihen myöntävästi www.is.fi/digitoday/mobiili/art-2000006652361.html Jokaisen tulisi päivittää Koronavilkku ja avata sovellus kertaalleen. Sovellus ei enää päivityksen jälkeen voi vaipua sen toimintaa häiritsevään horrostilaan. These hackers have spent months hiding out in company networks undetected www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/ A state-sponsored hacking group been creeping around networks for almost a year as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.