Daily NCSC-FI news followup 2021-02-11

Vastaamon palvelimen portti 3306 oli auki nettiin 1, 5 vuotta ja kiristys alkoi jo 2018 julkisuuskatastrofia viivytettiin viimeiseen asti

www.is.fi/digitoday/tietoturva/art-2000007794906.html Vastaamon ensimmäisessä kiristysyrityksessä on saattanut olla kyse “roiskaisusta”, jossa tietomurtaja ei tiennyt, mitä hänellä oli käsissään. Vastaamon asiakastietokannan varastaminen johtui palvelimelle auki jätetystä tietoliikenneportista, joka oli auki 1, 5 vuoden ajan.

Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict

blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict The Lookout Threat Intelligence team has discovered two novel Android surveillanceware Hornbill and SunBird. We believe with high confidence that these surveillance tools are used by the advanced persistent threat group (APT) Confucius, which first appeared in 2013 as a state-sponsored, pro-India actor primarily pursuing Pakistani and other South Asian targets.

Military, Nuclear Entities Under Target By Novel Android Malware

threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/ The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

thehackernews.com/2021/02/iranian-hackers-utilize-screenconnect.html UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.

Breached water plant employees used the same TeamViewer password and no firewall

arstechnica.com/information-technology/2021/02/breached-water-plant-employees-used-the-same-teamviewer-password-and-no-firewall/ Shortcomings illustrate the lack of security rigor in critical infrastructure environments.

Brazilian authorities start probe as 102 million consumers are exposed in new leak

www.zdnet.com/article/brazilian-authorities-start-probe-as-102-million-consumers-are-exposed-in-new-leak/ The National Data Protection Authority is investigating the country’s second largest data protection incident of 2021. Brazil’s National Data Protection Authority (ANPD, in the Portuguese acronym) has informed today (11) that it has started an investigation into the country’s second largest data leak of the year.

Singtel, QIMR Berghofer report Accellion-related data breaches

www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/ Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software.

Hackers ask only $1, 500 for access to breached company networks

www.bleepingcomputer.com/news/security/hackers-ask-only-1-500-for-access-to-breached-company-networks/ The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market.

VMware very strongly suggests TPM for all servers in tightened vSphere security guide

www.theregister.com/2021/02/11/new_vsphere_7_security_guidance/ Upgrades to version 7.0 are going to require your full attention, especially if you’re fond of VGA output

Slackista paljastui ikävä bugi Android-käyttäjiä kehotetaan vaihtamaan salasanansa

www.tivi.fi/uutiset/tv/f3b922cf-481a-4437-9ed6-d9822ff5031b Slack on lähettänyt sähköpostia niille käyttäjille, joiden salasanat ovat mahdollisesti vaarantuneet. Viestisovellus Slackiin lipsahti vuodenvaihteessa bugi, jonka vuoksi joidenkin Android-käyttäjien salasanat varastoitiin kuukauden ajan (21.1221.1.) sovellukseen selkokielisinä. Teoriassa olisi siis mahdollista, että muut laitteeseen asennetut sovellukset olisivat voineet päästä käsiksi Slack-salasanoihin.

Microsoft releases emergency fix for Windows 10 WiFi crashes

www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-windows-10-wifi-crashes/ Microsoft has released an emergency KB5001028 out-of-band update to fix a bug causing Windows 10 to crash when connecting to WPA3 Wi-Fi networks.

Internet Explorer 11 zero-day vulnerability gets a free micropatch

www.bleepingcomputer.com/news/security/internet-explorer-11-zero-day-vulnerability-gets-a-free-micropatch/ An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

You might be interested in …

Daily NCSC-FI news followup 2020-03-29

Source code of Dharma ransomware pops up for sale on hacking forums www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/ The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend.. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative […]

Read More

Daily NCSC-FI news followup 2019-09-03

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming krebsonsecurity.com/2019/09/feds-allege-adconion-employees-hijacked-ip-addresses-for-spamming/ Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening […]

Read More

Daily NCSC-FI news followup 2019-09-11

Ryuk Related Malware Steals Confidential Military, Financial Files www.bleepingcomputer.com/news/security/ryuk-related-malware-steals-confidential-military-financial-files/ A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. Microsoft to Improve Office 365 Phishing Email Notifications www.bleepingcomputer.com/news/security/microsoft-to-improve-office-365-phishing-email-notifications/ Microsoft is currently working on enhancing the notification system for quarantined malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.