Poliisi tutkii jälleen huijauksia Mieheltä vietiin lähes 300 000 euroa
poliisi.fi/-/poliisi-tutkii-jalleen-huijauksia-miehelta-vietiin-lahes-300-000-euroa Helsingin poliisi tutkii kahta erillistä tapausta, joissa uhreilta huijattiin puhelimitse ja sähköpostitse rahaa. Also:
www.is.fi/digitoday/art-2000007763427.html
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability. Also:
www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt. Also: www.sudo.ws/alerts/unescape_overflow.html
NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet
www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ The new variant attack could allow attackers to bypass NATs & Firewalls and reach any unmanaged device within the internal network from the Internet.
New campaign targeting security researchers
blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with. Also:
thehackernews.com/2021/01/n-korean-hackers-targeting-security.htmlh. Also:
www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/. Also: www.theregister.com/2021/01/26/norks_hack_researchers/. Also:
www.tivi.fi/uutiset/tv/29d4036c-f9fa-4479-bbdd-fd1bc711ef2d
CLAROTY FINDS CRITICAL FLAWS IN OPC PROTOCOL IMPLEMENTATIONS
www.claroty.com/2021/01/25/blog-research-critical-flaws-in-opc-protocol/ Three vendors: Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell have provided fixes for their respective products. Users of affected products are urged to determine whether they are vulnerable and update immediately to the latest versions. The Industrial Control System Cyber Emergency Response Team (ICS-CERT) has also published advisories, warning users of the affected products about the risks. Update and mitigation information is also available in the advisories. Also:
www.petermorin.com/new-significant-vulnerabilities-identified-in-the-opc-protocol/
Former LulzSec Hacker Releases VPN Zero-Day Used to Hack Hacking Team
www.vice.com/en/article/dy85nz/former-lulzsec-hacker-releases-vpn-zero-day-used-to-hack-hacking-team A security researcher has released an exploit for SonicWall VPNs that was originally found by Phineas Fisher in 2015. Also:
darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/. Also: www.cybersecurity-help.cz/blog/1892.html
Internet Protocol Next Header escape
medium.com/sensorfu/internet-protocol-next-header-escape-248ab1574e7c In IPv6 header it’s called “Next Header” and in IPv4 header it’s just “Protocol”. This eight bit value contains information about what kind of content we can expect after the IP header. Usual suspect being a value for all familiar TCP, UDP and ICMP. But there’s also other familiar protocols like GRE and L2TP, and parts of bigger systems like IPSec. This header field deserved a closer look since my business is to make sure networks don’t leak, and we design escape tests for that purpose. There are a total of 256 possibilities to try out and this is exactly what our new escape does.
Historic victory for privacy as dating app receives gigantic fine
www.forbrukerradet.no/news-in-english/historic-victory-for-privacy-as-dating-app-receives-gigantic-fine/ Today, the Norwegian Data Protection Authority issued an advance notification of a 100 million NOK ( 9 600000) fine to the dating app Grindr, as a result of a legal complaint filed by the Norwegian Consumer Council. Also:
www.nytimes.com/2021/01/25/business/grindr-gdpr-privacy-fine.html. Also:
www.tivi.fi/uutiset/tv/7dd991ab-4cd9-4c7e-904b-b45ce5b6829e
Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic
www.recordedfuture.com/opportunism-behind-cyberattacks-during-pandemic/ The opportunism of threat actors is primarily created by the socioeconomic conditions of the pandemic and is visible in the evolution of the themes used to target victims over the course of the pandemic. Threat actors have targeted the healthcare and vaccine “ecosystems” with a variety of tactics aimed at financial exploitation, intelligence gathering, and destruction. China and Russia each conducted coordinated and aggressive disinformation campaigns targeting Western democracies such as the United States and United Kingdom. Manipulating global audiences towards favoring their own systems of governance is a long-term strategic objective of both China and Russia. However, despite similar aims, their influence operations tactics vary based on unique tool sets and resources. China and Russia each used information operations to target vaccine developers and the COVID economy in Western nations to gain business and economic advantage over competitors. Also:
go.recordedfuture.com/hubfs/reports/cta-2021-0122.pdf
Beware of this active UK NHS COVID-19 vaccination phishing attack
www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/ The phishing email asks the recipient if they want to accept or decline the invitation to schedule their COVID-19 vaccination.
CYBER ATTACK AT PALFINGER GROUP
www.palfinger.ag/en/news/cyber-attack-at-palfinger-group_nag_832121 PALFINGER Group is currently the target of an ongoing global cyber attack. IT infrastructure is disrupted at the moment (including sending and receiving emails, ERP systems). A large proportion of the group’s worldwide locations are affected. It is not possible to estimate the precise extent and duration of the attack or its consequences at this time. Work is being carried out intensively on a solution. Also:
www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/. Also:
www.govinfosecurity.com/cyber-incident-knocks-construction-firm-palfinger-offline-a-15849. Also:
The latest research to uncover further targets came from Erik Hjelmvik, founder of network security company Netresec. Hjelmvik created a decoder to determine which domains were targeted by the so-called Sunburst malware used by the hackers
www.forbes.com/sites/thomasbrewster/2021/01/25/solarwinds-hacks-virginia-regulator-and-5-billion-cybersecurity-firm-confirmed-as-targets/ His tool shows which domains were targeted by the second stage of the attacks, in which the attackers tried to use a backdoor that had been installed in phase one. He was able to find new targets by looking at encoded lists of domains that were being targeted by one of the hackers’ servers – avsvmcloud[.]com.
Tesla claims a software engineer stole critical automated software from its WARP Drive system
electrek.co/2021/01/23/tesla-claims-software-engineer-stolen-critical-automated-software-warp-drive-system/ Tesla is suing a recently hired software engineer who the company claims has stolen critical automated software from its WARP Drive ERP system.
Google fixes severe Golang Windows RCE vulnerability
www.bleepingcomputer.com/news/security/google-fixes-severe-golang-windows-rce-vulnerability/
Fake Office 365 Used for Phishing Attacks on C-Suite Targets
www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html As of this writing, we found over 300 unique compromised URLs and 70 email addresses from eight compromised sites, including 40 legitimate emails of company CEOs, directors, owners, and founders, among other enterprise employee targets. We are now working with the respective authorities for further investigation. Also:
thehackernews.com/2021/01/targeted-phishing-attacks-target-high.html
Training Together to Fight Cybercrime: Improving Cooperation
www.enisa.europa.eu/news/enisa-news/training-together-to-fight-cybercrime-improving-cooperation The European Union Agency for Cybersecurity releases a new report and training material to support the cooperation among CSIRTs, Law Enforcement Agencies (LEAs) and their interaction with the judiciary.
Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack
www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/ Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.
Nefilim Ransomware Attack Uses “Ghost” Credentials
news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/ The company reached out to Rapid Response to get help with a Nefilim (also known as Nemty) ransomware attack in which more than 100 systems were impacted. Nefilim ransomware, like virtually all major ransomware, replaces the original files with encrypted versions, making recovery impossible without either the decryption key or a recent backup. Also:
www.zdnet.com/article/cybercriminals-use-deceased-staff-accounts-to-spread-nemty-ransomware/. Also: threatpost.com/nefilim-ransomware-ghost-account/163341/. Also:
ARM Exploitation Defeating NX By Invoking mprotect() Using ROP
medium.com/bugbountywriteup/arm-exploitation-defeating-nx-by-invoking-mprotect-using-rop-1450b6667c16 In this write-up, I will detail my walkthrough on exploiting a vulnerable HTTP web server with a non-executable stack using the return-to-libc attack.
CISA LAUNCHES CAMPAIGN TO REDUCE THE RISK OF RANSOMWARE
www.cisa.gov/news/2021/01/21/cisa-launches-campaign-reduce-risk-ransomware
TikTokin haavoittuvuus vaaransi käyttäjien yksityisiä tietoja Päivitä sovellus
www.epressi.com/tiedotteet/tietotekniikka/tiktokin-haavoittuvuus-vaaransi-kayttajien-yksityisia-tietoja-paivita-sovellus.html Check Point Research löysi nyt jo toisen kerran TikTokista tietoturva-aukkoja. Viimeksi se löysi tammikuussa 2020 TikTokista useita haavoittuvuuksia, jotka olisivat sallineet pääsyn käyttäjätileille. Tuolloin hyökkääjät olisivat voineet muokata käyttäjätilien sisältöä ja poimia niille tallennettuja luottamuksellisia, henkilökohtaisia tietoja.
RITICS: Securing cyber-physical systems
www.ncsc.gov.uk/blog-post/ritics-securing-cyber-physical-systems Discover the Research Institute in Trustworthy Inter-connected Cyber-physical Systems.
More trouble for WhatsApp: nasty new malware is spreading amongst chat app users
Man arrested after ‘sophisticated cyber attack’ at Leicestershire school
www.leicestermercury.co.uk/news/local-news/man-arrested-after-sophisticated-cyber-4917361 The alleged hack affected home computers and laptops being used by students for remote learning, with reports of hard drives being completely wiped. It is not believed any personal data was taken.
Report: Data Breach Exposed 323K Records Including Sensitive Court Files
www.websiteplanet.com/blog/court-records-leak-report/ On September 26th, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 323, 277 court related records. Upon further investigation we noticed that the records were all related to Cook County, Illinois, the second most populous county in the United States after Los Angeles County.
