Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products, ” the company exclusively told The Hacker News. Also:

www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability/210122173415410/

Varo! Suomalaisten WhatsApp-tilejä kaapataan uusin keinoin tee tämä muutos heti

www.is.fi/digitoday/tietoturva/art-2000007758396.html WhatsApp-tilien vahvistuskoodeja ongitaan uusilla koukuilla. Käyttäjien tulee harkita vakavasti kaksivaiheista tunnistusta.

Huijarit iskivät Anne-Marin nettikaupan asiakkaisiin Instagram ja Facebook eivät tee mitään

www.is.fi/digitoday/tietoturva/art-2000007757220.html Väärät käyttäjätilit onnistuivat erehdyttämään ainakin yhden Ihanaiset-verkkokaupan asiakkaan.

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

thehackernews.com/2021/01/experts-detail-recent-remotely.html More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay.

DreamBus Botnet – Technical Analysis

www.zscaler.com/blogs/security-research/dreambus-botnet-technical-analysis

Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)

www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine. A similar MSRPC relay first appeared in “Relaying NTLM authentication over RPC” by Sylvain Heiniger from Compass Security. In his blog, Sylvain describes how he was able to take advantage of an insecure authentication level on an MSRPC interface to achieve remote code execution via NTLM relay.

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

thehackernews.com/2021/01/beware-fully-functional-released-online.html Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2

The Week in Ransomware – January 22nd 2021 – Calm before the storm

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/ This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.

Threat Roundup for January 15 to January 22

blogs.cisco.com/security/talos/threat-roundup-0115-0122 Also:

blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html

Bonobos clothing store suffers a data breach, hacker leaks 70GB database

www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/

Malware found on laptops given out by government

www.bbc.com/news/technology-55749959 Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned.

www.mas.gov.sg/-/media/MAS/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Risk-Management/TRM-Guidelines-18-January-2021.pdf

www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/

As Bitcoin price surges, DDoS extortion gangs return in force

www.zdnet.com/article/as-bitcoin-price-surges-ddos-extortion-gangs-return-in-force/ Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.

FSB warns of US cyberattacks after Biden administration comments. Unclear if political trolling or actual fear. The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.

www.zdnet.com/article/fsb-warns-of-us-cyberattacks-after-biden-administration-comments/

Toimittajalta: Usean päivän nettikatkos oli hyvä muistutus siitä, miten suuri osa maailman ihmisistä edelleen elää

yle.fi/uutiset/3-11750707 Uganda sulki internetin viideksi päiväksi presidentinvaalien aikana.

Why do we fall for SMS phishing scams so easily?

www.welivesecurity.com/2021/01/22/why-do-we-fall-sms-phishing-scams-so-easily/ There’s one thing in particular that fraudsters are good at manipulation. Also, they constantly reform their craft, adopting new techniques in order to tempt people to do what they would otherwise “hopefully” think twice about. Many of us have become accustomed to classic phishing emails, and more and more people share best practices and awareness advice.

Home alarm tech backdoored security cameras to spy on customers having sex

arstechnica.com/information-technology/2021/01/home-alarm-tech-backdoored-security-cameras-to-spy-on-customers-having-sex/

You might be interested in …

Daily NCSC-FI news followup 2019-06-16

Kaikkien kuntien tietoturvassa olisi parantamisen varaa Lahteen kohdistuneessa kyberhyökkäyksessä tuhat tietokonetta saastui www.ess.fi/uutiset/kotimaa/art2548337 Lahden kyberhyökkäyksen kaltaista tapahtumaa oli osattu odottaa, toteaa Liikenne- ja viestintäviraston Traficomin johtava asiantuntija Kauto Huopio. Rikolliset etsivät jatkuvasti verkon haavoittuvuuksia ja iskevät heikkoon kohtaan heti sellaisen havaittuaan. Kyse voi olla tunneista. Telegram CEO Fingers China State Actors for DDoS Attack threatpost.com/telegram-ceo-china-ddos-attack/145654/ […]

Read More

Daily NCSC-FI news followup 2021-01-03

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud threatpost.com/2021-cybersecurity-trends/162629/ Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts. After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and […]

Read More

Daily NCSC-FI news followup 2020-11-27

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.