Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Forbes:

www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/. ZDNet:

www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/. The Guardian:

www.theguardian.com/media/2020/dec/20/citizen-lab-nso-dozens-of-aljazeera-journalists-allegedly-hacked-using-israeli-firm-spyware

FireEye: SolarWinds Hack ‘Genuinely Impacted’ 50 Victims

www.databreachtoday.com/fireeye-solarwinds-hack-genuinely-impacted-50-victims-a-15637 “The reality is: The blast radius for this, I kind of explain it with a funnel. It’s true that over 300, 000 companies use SolarWinds, but you come down from that total number down to about 18, 000 or so companies that actually had the backdoor or malicious code in a network, ” Mandia said in an interview with CBS news program “Face the Nation” on Sunday. “And then you come down to the next part. It’s probably only about 50 organizations or companies, somewhere in that zone, that are genuinely impacted by the threat actor.”. Related Securelist:

securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

VMware latest to confirm breach in SolarWinds hacking campaign

www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/ “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation, ” the company said in a statement. VMware:

www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html

US seizes domains used for COVID-19 vaccine phishing attacks

www.bleepingcomputer.com/news/security/us-seizes-domains-used-for-covid-19-vaccine-phishing-attacks/ The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. Over 275, 000 Americans have reported financial losses of more than $211 million following COVID-19-related scams since the start of this year according to the US Federal Trade Commission (FTC).

European Commission Proposes Bold Steps on Cybersecurity

blog.paloaltonetworks.com/2020/12/policy-european-commission-cybersecurity/ European Commission’s released on 16 December of a set of proposals related to cybersecurity, including a new cybersecurity strategy and a proposal for revision of the Directive on Security of Network and Information Systems (NIS 2).

EU Unveils Revamp of Cybersecurity Rules Days After European Medicines Agency (EMA) Hack

www.securityweek.com/eu-unveils-revamp-cybersecurity-rules-days-after-hack The plans include an “EU-wide Cyber Shield” linking national security authorities that would use artificial intelligence and machine learning to detect early signs of attacks, a cyber unit to respond to incidents and threats, and beefing up cooperation between countries and with organizations like NATO.

Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework

www.enisa.europa.eu/news/enisa-news/launch-of-new-ad-hoc-working-group-on-european-cybersecurity-skills-framework The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.

Hacker publishes stolen email and mailing addresses of 270, 000 Ledger cryptocurrency wallet users

hotforsecurity.bitdefender.com/blog/hacker-publishes-stolen-email-and-mailing-addresses-of-270000-ledger-cryptocurrency-wallet-users-24940.html

You might be interested in …

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2019-06-15

Exim email servers are now under attack www.zdnet.com/article/exim-email-servers-are-now-under-attack/ At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Myös: www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability ThreatList: Ransomware Trojans Picking Up Steam in 2019 threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/ The report outlined popular trends in the malware […]

Read More

Daily NCSC-FI news followup 2020-10-23

Inhimillinen virhe, haittaohjelma vai jotakin muuta? Kysyimme asiantuntijalta, miten Vastaamon järkyttävä tietomurto oli mahdollinen yle.fi/uutiset/3-11611051 Vuodon taustalla voi olla inhimillinen virhe ylläpidossa, joka on mahdollistanut tietomurron. Silloin järjestelmän ylläpitäjä olisi esimerkiksi paljastanut järjestelmästä sellaisia osia, joiden avulla hyökkääjä on voinut ohittaa suojauksia. Se ei kuitenkaan ole ainoa vaihtoehto, Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen erityisasiantuntija Perttu Halonen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.