Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree

www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.”. In fact, DomainTools’ Slowik says the intrusions instead appear to have been carried out simply by exploiting internet-facing servers running Centreon’s software inside the victims’ networks.

North Korea may have hacked into Pfizer servers looking for COVID data

arstechnica.com/gadgets/2021/02/north-korea-may-have-hacked-into-pfizer-servers-looking-for-covid-data/ South Korea’s NIS warned lawmakers of Russian and North Korean hacking activity.

Beware of COVID19 vaccine scams and misinformation

www.welivesecurity.com/2021/02/16/beware-covid19-vaccine-scams-misinformation/ The vaccination push provides a vital shot in the arm for the worlds battle against the pandemic, but it’s also a topic ripe for exploitation by fraudsters and purveyors of misinformation

Kia Motors America experiences massive IT outage across the US

www.bleepingcomputer.com/news/security/kia-motors-america-experiences-massive-it-outage-across-the-us/ Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.. One Twitter user shared that they could not pick up their car due to a ransomware attack taking down Kia’s systems.

Malvertisers exploited browser zero-day to redirect users to scams

www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/ The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.

Misconfigured Baby Monitors Allow Unauthorized Viewing

threatpost.com/baby-monitors-unauthorized-viewing/163982/ Hundreds of thousands of individuals are potentially affected by this vulnerability.. The issue exists in the manufacturers implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. Its possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.

How DNS-over-HTTPS (DoH) has Changed the Threat Landscape For Companies

quointelligence.eu/2021/02/dns-over-https-doh/ DNS-over-HTTPS (DoH) protocol is now offered and in some instances standard, in major Internet browsers. DoH provides the benefit of communicating DNS information over a secure HTTPS connection in an encrypted manner. . The protocol offers increased privacy for home-users but presents new challenges for enterprise networks and new opportunities for malicious actors. In order to prevent evolving threats from malware authors, organizations should stay updated and follow the latest security recommendations.

Supply chain attacks are on the rise: Check your software build pipeline security

www.zdnet.com/article/supply-chain-attacks-are-on-the-rise-check-your-software-build-pipeline-security/ Defending against supply chain attacks is more than trying to stop the theft of encryption keys to access protected cloud resources.

Recordhigh number of vulnerabilities reported in 2020

www.welivesecurity.com/2021/02/15/record-breaking-number-vulnerabilities-reported-2020/ High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior

LähiTapiola päästi hakkerit käymään konttorillaan turvakamerasta löytyi ikävä haavoittuvuus

www.tivi.fi/uutiset/tv/e46db25d-4b6f-459b-96b5-065bc4fced8f Järjestyksessään 11. Hack Day toteutettiin koronarajoitusten puitteissa.

This cybersecurity threat costs business millions. And it’s the one they often forget about

www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ Phishing emails that dupe users into sending cyber criminals wire transfers is by far the most lucrative form of cybercrime – here’s what you need to know.

DDoS attacks in Q4 2020

securelist.com/ddos-attacks-in-q4-2020/100650/

Introducing DNS Shotgun

en.blog.nic.cz/2021/02/16/introducing-dns-shotgun/ DNS Shotgun is a bechmarking tool specifically developed for realistic performance testing of DNS resolvers. Its goal is to simulate real clients and their behaviour, including timing of queries and realistic connection management, which are areas where traditional tools are lacking.

Bluetooth Overlay Skimmer That Blocks Chip

krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/ I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminals ability to read chip-based cards, forcing customers to swipe the stripe instead.

You might be interested in …

Daily NCSC-FI news followup 2020-08-14

NSA and FBI Cybersecurity Advisory – Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant […]

Read More

Daily NCSC-FI news followup 2020-12-23

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly […]

Read More

Daily NCSC-FI news followup 2020-05-12

Coronavirus cyber-attacks update: beware of the phish blog.checkpoint.com/2020/05/12/coronavirus-cyber-attacks-update-beware-of-the-phish/ While we all try to get used to the Covid-19 pandemics new normal in our work and home lives, this year has been a time of unprecedented opportunity for cyber-criminals. The global response to the pandemic, and our desire for the latest information about it, has supercharged […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.