Daily NCSC-FI news followup 2020-12-21

Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked. The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11. Forbes:

www.forbes.com/sites/thomasbrewster/2020/12/20/apple-security-warning-zero-click-iphone-hacks-hit-36-al-jazeera-journalists/. ZDNet:

www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/. The Guardian:

www.theguardian.com/media/2020/dec/20/citizen-lab-nso-dozens-of-aljazeera-journalists-allegedly-hacked-using-israeli-firm-spyware

FireEye: SolarWinds Hack ‘Genuinely Impacted’ 50 Victims

www.databreachtoday.com/fireeye-solarwinds-hack-genuinely-impacted-50-victims-a-15637 “The reality is: The blast radius for this, I kind of explain it with a funnel. It’s true that over 300, 000 companies use SolarWinds, but you come down from that total number down to about 18, 000 or so companies that actually had the backdoor or malicious code in a network, ” Mandia said in an interview with CBS news program “Face the Nation” on Sunday. “And then you come down to the next part. It’s probably only about 50 organizations or companies, somewhere in that zone, that are genuinely impacted by the threat actor.”. Related Securelist:

securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

VMware latest to confirm breach in SolarWinds hacking campaign

www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/ “While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation, ” the company said in a statement. VMware:

www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html

US seizes domains used for COVID-19 vaccine phishing attacks

www.bleepingcomputer.com/news/security/us-seizes-domains-used-for-covid-19-vaccine-phishing-attacks/ The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. Over 275, 000 Americans have reported financial losses of more than $211 million following COVID-19-related scams since the start of this year according to the US Federal Trade Commission (FTC).

European Commission Proposes Bold Steps on Cybersecurity

blog.paloaltonetworks.com/2020/12/policy-european-commission-cybersecurity/ European Commission’s released on 16 December of a set of proposals related to cybersecurity, including a new cybersecurity strategy and a proposal for revision of the Directive on Security of Network and Information Systems (NIS 2).

EU Unveils Revamp of Cybersecurity Rules Days After European Medicines Agency (EMA) Hack

www.securityweek.com/eu-unveils-revamp-cybersecurity-rules-days-after-hack The plans include an “EU-wide Cyber Shield” linking national security authorities that would use artificial intelligence and machine learning to detect early signs of attacks, a cyber unit to respond to incidents and threats, and beefing up cooperation between countries and with organizations like NATO.

Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework

www.enisa.europa.eu/news/enisa-news/launch-of-new-ad-hoc-working-group-on-european-cybersecurity-skills-framework The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.

Hacker publishes stolen email and mailing addresses of 270, 000 Ledger cryptocurrency wallet users

hotforsecurity.bitdefender.com/blog/hacker-publishes-stolen-email-and-mailing-addresses-of-270000-ledger-cryptocurrency-wallet-users-24940.html

You might be interested in …

Daily NCSC-FI news followup 2020-06-13

Fraudster gets maximum jail time for news site DDoS extortion www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/ Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500, 000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites. Microsoft […]

Read More

Daily NCSC-FI news followup 2019-10-18

KRP epäilee: Rikosliiga hankki suomalaisia henkilötunnuksia ja pankkitilejä kuin liukuhihnalta kansainvälisessä petossarjassa yle.fi/uutiset/3-11026054 KRP:n mukaan asianomistajille aiheutuneet vahingot ovat olleet tutkittavassa kokonaisuudessa yhteensä noin 725 000 euroa. APT trends report Q3 2019 securelist.com/apt-trends-report-q3-2019/94530/ UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors. www.infosecurity-magazine.com/news/uk-government-announces/ See also […]

Read More

Daily NCSC-FI news followup 2020-09-02

Suomalaisyhtiö löysi vakavan tietoturva-aukon WordPress-julkaisualustasta yle.fi/uutiset/3-11524279 Suomalaisyhtiö Seravo on löytänyt merkittävän tietoturva-aukon internetin WordPress-julkaisualustasta. Haavoittuvuus koskettaa maailmanlaajuisesti yli 700 000:ta sivua. Haavoittuvuuden paikkaava päivitys on jo julkaistu, ja Seravo kehottaakin kaikkia alustan käyttäjiä asentamaan päivityksen heti. also: arstechnica.com/information-technology/2020/09/hackers-are-exploiting-a-critical-flaw-affecting-350000-wordpress-sites/ Pelkäätkö Koronavilkkua? Vielä keväällä ammattihakkeri Benjamin Särkkä sanoi, ettei asentaisi koronasovellusta – 5 syytä miksi mieli on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.