Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products, ” the company exclusively told The Hacker News. Also:


Varo! Suomalaisten WhatsApp-tilejä kaapataan uusin keinoin tee tämä muutos heti

www.is.fi/digitoday/tietoturva/art-2000007758396.html WhatsApp-tilien vahvistuskoodeja ongitaan uusilla koukuilla. Käyttäjien tulee harkita vakavasti kaksivaiheista tunnistusta.

Huijarit iskivät Anne-Marin nettikaupan asiakkaisiin Instagram ja Facebook eivät tee mitään

www.is.fi/digitoday/tietoturva/art-2000007757220.html Väärät käyttäjätilit onnistuivat erehdyttämään ainakin yhden Ihanaiset-verkkokaupan asiakkaan.

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

thehackernews.com/2021/01/experts-detail-recent-remotely.html More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay.

DreamBus Botnet – Technical Analysis


Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)

www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine. A similar MSRPC relay first appeared in “Relaying NTLM authentication over RPC” by Sylvain Heiniger from Compass Security. In his blog, Sylvain describes how he was able to take advantage of an insecure authentication level on an MSRPC interface to achieve remote code execution via NTLM relay.

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

thehackernews.com/2021/01/beware-fully-functional-released-online.html Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2

The Week in Ransomware – January 22nd 2021 – Calm before the storm

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/ This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.

Threat Roundup for January 15 to January 22

blogs.cisco.com/security/talos/threat-roundup-0115-0122 Also:


Bonobos clothing store suffers a data breach, hacker leaks 70GB database


Malware found on laptops given out by government

www.bbc.com/news/technology-55749959 Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned.



As Bitcoin price surges, DDoS extortion gangs return in force

www.zdnet.com/article/as-bitcoin-price-surges-ddos-extortion-gangs-return-in-force/ Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.

FSB warns of US cyberattacks after Biden administration comments. Unclear if political trolling or actual fear. The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.


Toimittajalta: Usean päivän nettikatkos oli hyvä muistutus siitä, miten suuri osa maailman ihmisistä edelleen elää

yle.fi/uutiset/3-11750707 Uganda sulki internetin viideksi päiväksi presidentinvaalien aikana.

Why do we fall for SMS phishing scams so easily?

www.welivesecurity.com/2021/01/22/why-do-we-fall-sms-phishing-scams-so-easily/ There’s one thing in particular that fraudsters are good at manipulation. Also, they constantly reform their craft, adopting new techniques in order to tempt people to do what they would otherwise “hopefully” think twice about. Many of us have become accustomed to classic phishing emails, and more and more people share best practices and awareness advice.

Home alarm tech backdoored security cameras to spy on customers having sex


You might be interested in …

Daily NCSC-FI news followup 2019-11-30

How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if youve never used Disney+ or NordVPN. medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 New Chrome Password Stealer Sends Stolen Data to a MongoDB Database www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/ A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, […]

Read More

Daily NCSC-FI news followup 2019-08-17

Apples Lawsuit Against a Startup Shows How It Wants to Control the iPhone Hacking Market www.vice.com/en_us/article/d3a8jq/apple-corellium-lawsuit Apple sued Corellium, a company that makes virtual copies of iOS for researchers to practice hacking the iPhone on. NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down www.theregister.co.uk/2019/08/16/spying_reauthorization_coats/ In […]

Read More

Daily NCSC-FI news followup 2020-08-11

Viittä nuorta miestä epäillään tietomurroista yritysten verkkopalveluihin poliisin mukaan yksittäisiä tietomurtoja paljastui useita miljoonia yle.fi/uutiset/3-11487798 Poliisin esitutkinta kesti lähes kolme vuotta. Tutkinnassa oli jopa 10 miljoonaa yksittäistä tekoa. Lue myös: www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/esitutkinta_tietomurtojen_tehtailusta_valmistui_epaillyt_nuoret_miehet_tekoaikaan_alaikaisia_92557. Sekä: www.is.fi/digitoday/tietoturva/art-2000006598167.html NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.