Daily NCSC-FI news followup 2020-12-24

Windows zero-day with bad patch gets new public exploit code

www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.. The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate with publicly available proof-of-concept code.

Threat Advisory – DTLS Amplification Distributed Denial of Service Attack on Citrix ADC

support.citrix.com/article/CTX289674 Citrix is aware of a DDoS attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more prominent on connections with limited bandwidth. . see also

www.bleepingcomputer.com/news/security/citrix-confirms-ongoing-ddos-attack-impacting-netscaler-adcs/

FBI: Iran behind pro-Trump enemies of the people doxing site

www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/ Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.. Part of the operation was the creation of a website revealing personal information and photos of government officials and individuals in the private sector involved in the Presidential election.

Cyber Security Trends in 2021: Espionage Activities Increasingly Threatening

quointelligence.eu/2020/12/cyber-security-trends-in-2021/ The Cyber Threat Intelligence landscape in 2020 was defined by the COVID-19 pandemic, the continuing threat of ransomware attacks, as well as highly sophisticated espionage campaigns.

FreePBX developer Sangoma hit with Conti ransomware attack

www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/ Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online.

Why The Russian Breach Of The Government Affects You

www.forbes.com/sites/waynerash/2020/12/24/why-the-russian-breach-of-the-government-affects-you/ By now you know that the US Government had their networks and data systems breached in a massive attack by a Russian intelligence services group calling itself Cozy Bear.

Paljastuiko paketista uusi puhelin? Aloita tekemällä nämä asiat

www.is.fi/digitoday/mobiili/art-2000007702331.html Etenkin Android-puhelinten tietoturva on syytä pitää ajan tasalla. Käyttäjän mahdollisuudet tähän ovat rajalliset, mutta heti käyttöönoton yhteydessä tarkistaa, onko puhelimeen saatavilla heti kättelyssä tietoturvapäivitystä.

You might be interested in …

Daily NCSC-FI news followup 2020-08-26

Reverse Engineering and observing an IoT botnet www.gdatasoftware.com/blog/2020/08/36243-reverse-engineering-and-observing-an-iot-botnet IoT devices are everywhere around us and some of them are not up to date with todays security standard. A single light bulb exposed to the internet can offer an attacker a variety of possibilities to attack companies or households. The possibilities are endless. If we think […]

Read More

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai […]

Read More

Daily NCSC-FI news followup 2020-01-08

No, the US Army isnt drafting you for WWIII by text message www.theverge.com/2020/1/7/21055797/us-army-draft-ww3-scam-text-message-fake On Tuesday, the Army put out a news bulletin alerting the public of fraudulent text messages from people claiming to be recruiters. Some texts tell the person receiving them to head to their local recruiting office for immediate departure to Iran. Others […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.