Daily NCSC-FI news followup 2020-12-24

Windows zero-day with bad patch gets new public exploit code

www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.. The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate with publicly available proof-of-concept code.

Threat Advisory – DTLS Amplification Distributed Denial of Service Attack on Citrix ADC

support.citrix.com/article/CTX289674 Citrix is aware of a DDoS attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more prominent on connections with limited bandwidth. . see also

www.bleepingcomputer.com/news/security/citrix-confirms-ongoing-ddos-attack-impacting-netscaler-adcs/

FBI: Iran behind pro-Trump enemies of the people doxing site

www.bleepingcomputer.com/news/security/fbi-iran-behind-pro-trump-enemies-of-the-people-doxing-site/ Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.. Part of the operation was the creation of a website revealing personal information and photos of government officials and individuals in the private sector involved in the Presidential election.

Cyber Security Trends in 2021: Espionage Activities Increasingly Threatening

quointelligence.eu/2020/12/cyber-security-trends-in-2021/ The Cyber Threat Intelligence landscape in 2020 was defined by the COVID-19 pandemic, the continuing threat of ransomware attacks, as well as highly sophisticated espionage campaigns.

FreePBX developer Sangoma hit with Conti ransomware attack

www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/ Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online.

Why The Russian Breach Of The Government Affects You

www.forbes.com/sites/waynerash/2020/12/24/why-the-russian-breach-of-the-government-affects-you/ By now you know that the US Government had their networks and data systems breached in a massive attack by a Russian intelligence services group calling itself Cozy Bear.

Paljastuiko paketista uusi puhelin? Aloita tekemällä nämä asiat

www.is.fi/digitoday/mobiili/art-2000007702331.html Etenkin Android-puhelinten tietoturva on syytä pitää ajan tasalla. Käyttäjän mahdollisuudet tähän ovat rajalliset, mutta heti käyttöönoton yhteydessä tarkistaa, onko puhelimeen saatavilla heti kättelyssä tietoturvapäivitystä.

You might be interested in …

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Read More

Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by […]

Read More

Daily NCSC-FI news followup 2019-12-22

Florida man jailed for over five years after cyberstalking schoolmate, posting threats www.zdnet.com/article/man-jailed-for-over-five-years-after-cyberstalking-schoolmate-posting-threats/ One Day, Three Credit Card Data Breach Notifications www.bleepingcomputer.com/news/security/one-day-three-credit-card-data-breach-notifications/ On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.