Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products, ” the company exclusively told The Hacker News. Also:


Varo! Suomalaisten WhatsApp-tilejä kaapataan uusin keinoin tee tämä muutos heti

www.is.fi/digitoday/tietoturva/art-2000007758396.html WhatsApp-tilien vahvistuskoodeja ongitaan uusilla koukuilla. Käyttäjien tulee harkita vakavasti kaksivaiheista tunnistusta.

Huijarit iskivät Anne-Marin nettikaupan asiakkaisiin Instagram ja Facebook eivät tee mitään

www.is.fi/digitoday/tietoturva/art-2000007757220.html Väärät käyttäjätilit onnistuivat erehdyttämään ainakin yhden Ihanaiset-verkkokaupan asiakkaan.

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

thehackernews.com/2021/01/experts-detail-recent-remotely.html More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay.

DreamBus Botnet – Technical Analysis


Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)

www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/ On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine. A similar MSRPC relay first appeared in “Relaying NTLM authentication over RPC” by Sylvain Heiniger from Compass Security. In his blog, Sylvain describes how he was able to take advantage of an insecure authentication level on an MSRPC interface to achieve remote code execution via NTLM relay.

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

thehackernews.com/2021/01/beware-fully-functional-released-online.html Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2

The Week in Ransomware – January 22nd 2021 – Calm before the storm

www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-22nd-2021-calm-before-the-storm/ This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.

Threat Roundup for January 15 to January 22

blogs.cisco.com/security/talos/threat-roundup-0115-0122 Also:


Bonobos clothing store suffers a data breach, hacker leaks 70GB database


Malware found on laptops given out by government

www.bbc.com/news/technology-55749959 Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned.



As Bitcoin price surges, DDoS extortion gangs return in force

www.zdnet.com/article/as-bitcoin-price-surges-ddos-extortion-gangs-return-in-force/ Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.

FSB warns of US cyberattacks after Biden administration comments. Unclear if political trolling or actual fear. The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.


Toimittajalta: Usean päivän nettikatkos oli hyvä muistutus siitä, miten suuri osa maailman ihmisistä edelleen elää

yle.fi/uutiset/3-11750707 Uganda sulki internetin viideksi päiväksi presidentinvaalien aikana.

Why do we fall for SMS phishing scams so easily?

www.welivesecurity.com/2021/01/22/why-do-we-fall-sms-phishing-scams-so-easily/ There’s one thing in particular that fraudsters are good at manipulation. Also, they constantly reform their craft, adopting new techniques in order to tempt people to do what they would otherwise “hopefully” think twice about. Many of us have become accustomed to classic phishing emails, and more and more people share best practices and awareness advice.

Home alarm tech backdoored security cameras to spy on customers having sex


You might be interested in …

Daily NCSC-FI news followup 2020-04-28

WordPress plugin bug lets hackers create rogue admin accounts www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/ WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw. The security vulnerability is a Cross-Site Request […]

Read More

Daily NCSC-FI news followup 2021-05-15

Irelands Health Services hit with $20 million ransomware demand www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/ Yesterday, a cybersecurity researcher shared a screenshot of a chat between Conti and Ireland’s HSE with BleepingComputer.. In the screenshot, the Conti gang claims to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700 GB […]

Read More

Daily NCSC-FI news followup 2019-07-04

Sodinokibi ransomware is now using a former Windows zero-day www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/ A ransomware strain named Sodinokibi (also Sodin or REvil) is using a former Windows zero-day vulnerability to elevate itself to admin access on infected hosts.. see also securelist.com/sodin-ransomware/91473/ Sodin ransomware enters through MSPs www.kaspersky.com/blog/sodin-msp-ransomware/27530/ At the end of March, when we wrote about a GandCrab […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.