Daily NCSC-FI news followup 2020-12-24

Windows zero-day with bad patch gets new public exploit code

www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.. The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate with publicly available proof-of-concept code.

Threat Advisory – DTLS Amplification Distributed Denial of Service Attack on Citrix ADC

support.citrix.com/article/CTX289674 Citrix is aware of a DDoS attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more prominent on connections with limited bandwidth. . see also


FBI: Iran behind pro-Trump enemies of the people doxing site

www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/ Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.. Part of the operation was the creation of a website revealing personal information and photos of government officials and individuals in the private sector involved in the Presidential election.

Cyber Security Trends in 2021: Espionage Activities Increasingly Threatening

quointelligence.eu/2020/12/cyber-security-trends-in-2021/ The Cyber Threat Intelligence landscape in 2020 was defined by the COVID-19 pandemic, the continuing threat of ransomware attacks, as well as highly sophisticated espionage campaigns.

FreePBX developer Sangoma hit with Conti ransomware attack

www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/ Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online.

Why The Russian Breach Of The Government Affects You

www.forbes.com/sites/waynerash/2020/12/24/why-the-russian-breach-of-the-government-affects-you/ By now you know that the US Government had their networks and data systems breached in a massive attack by a Russian intelligence services group calling itself Cozy Bear.

Paljastuiko paketista uusi puhelin? Aloita tekemällä nämä asiat

www.is.fi/digitoday/mobiili/art-2000007702331.html Etenkin Android-puhelinten tietoturva on syytä pitää ajan tasalla. Käyttäjän mahdollisuudet tähän ovat rajalliset, mutta heti käyttöönoton yhteydessä tarkistaa, onko puhelimeen saatavilla heti kättelyssä tietoturvapäivitystä.

You might be interested in …

Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2 arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents […]

Read More

Daily NCSC-FI news followup 2021-06-07

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments unit42.paloaltonetworks.com/siloscape/ In March 2021, I uncovered the first known malware targeting Windows containers, a development that is not surprising given the massive surge in cloud adoption over the past few years. I named the malware Siloscape (sounds like silo escape) because its primary goal […]

Read More

Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Discord […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.