Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products, ” the company exclusively told The Hacker News. Also:

www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability/210122173415410/

Varo! Suomalaisten WhatsApp-tilejä kaapataan uusin keinoin tee tämä muutos heti

www.is.fi/digitoday/tietoturva/art-2000007758396.html WhatsApp-tilien vahvistuskoodeja ongitaan uusilla koukuilla. Käyttäjien tulee harkita vakavasti kaksivaiheista tunnistusta.

Huijarit iskivät Anne-Marin nettikaupan asiakkaisiin Instagram ja Facebook eivät tee mitään

www.is.fi/digitoday/tietoturva/art-2000007757220.html Väärät käyttäjätilit onnistuivat erehdyttämään ainakin yhden Ihanaiset-verkkokaupan asiakkaan.

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

thehackernews.com/2021/01/experts-detail-recent-remotely.html More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay.

DreamBus Botnet – Technical Analysis

www.zscaler.com/blogs/security-research/dreambus-botnet-technical-analysis

Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)

www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine. A similar MSRPC relay first appeared in “Relaying NTLM authentication over RPC” by Sylvain Heiniger from Compass Security. In his blog, Sylvain describes how he was able to take advantage of an insecure authentication level on an MSRPC interface to achieve remote code execution via NTLM relay.

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

thehackernews.com/2021/01/beware-fully-functional-released-online.html Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2

The Week in Ransomware – January 22nd 2021 – Calm before the storm

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/ This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.

Threat Roundup for January 15 to January 22

blogs.cisco.com/security/talos/threat-roundup-0115-0122 Also:

blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html

Bonobos clothing store suffers a data breach, hacker leaks 70GB database

www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/

Malware found on laptops given out by government

www.bbc.com/news/technology-55749959 Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned.

www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Risk-Management/TRM-Guidelines-18-January-2021.pdf

www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/

As Bitcoin price surges, DDoS extortion gangs return in force

www.zdnet.com/article/as-bitcoin-price-surges-ddos-extortion-gangs-return-in-force/ Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.

FSB warns of US cyberattacks after Biden administration comments. Unclear if political trolling or actual fear. The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.

www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/

Toimittajalta: Usean päivän nettikatkos oli hyvä muistutus siitä, miten suuri osa maailman ihmisistä edelleen elää

yle.fi/uutiset/3-11750707 Uganda sulki internetin viideksi päiväksi presidentinvaalien aikana.

Why do we fall for SMS phishing scams so easily?

www.welivesecurity.com/2021/01/22/why-do-we-fall-sms-phishing-scams-so-easily/ There’s one thing in particular that fraudsters are good at manipulation. Also, they constantly reform their craft, adopting new techniques in order to tempt people to do what they would otherwise “hopefully” think twice about. Many of us have become accustomed to classic phishing emails, and more and more people share best practices and awareness advice.

Home alarm tech backdoored security cameras to spy on customers having sex

arstechnica.com/information-technology/2021/01/home-alarm-tech-backdoored-security-cameras-to-spy-on-customers-having-sex/

You might be interested in …

Daily NCSC-FI news followup 2020-12-09

Hackers steal Pfizer/BioNTech COVID-19 vaccine data in Europe, companies say www.reuters.com/article/us-ema-cyber/hackers-access-biontech-pfizer-covid-19-vaccine-data-in-cyberattack-on-eu-regulator-idUSKBN28J2Q7 The European Medicines Agency (EMA), responsible for assessing and approving medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.. The two companies said they had been informed by the EMA that […]

Read More

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More

Daily NCSC-FI news followup 2020-04-27

Ciscon USC-laitteet ovat vaarassa tuhoutua omin päin, mikäli ylläpitäjät eivät tilannetta ratkaise www.tivi.fi/uutiset/tv/be4dd0ae-92ab-4e18-8e9b-9d3a04adacb9 The Register kertoo, että 23:ssa Ciscon USC-malliston palvelimessa on ikävä vika. Ne nimittäin ottavat ja itsetuhoutuvat, kun niiden käyttöaika yltää 40 000 tuntiin. “Jos ssd-levy yltää 40 000 käyttötuntiin asti, levy muuttuu täysin käyttökelvottomaksi ja se on vaihdettava”, Cisco varoittaa asiakkaitaan. Lue […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.