Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree

www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.”. In fact, DomainTools’ Slowik says the intrusions instead appear to have been carried out simply by exploiting internet-facing servers running Centreon’s software inside the victims’ networks.

North Korea may have hacked into Pfizer servers looking for COVID data

arstechnica.com/gadgets/2021/02/north-korea-may-have-hacked-into-pfizer-servers-looking-for-covid-data/ South Korea’s NIS warned lawmakers of Russian and North Korean hacking activity.

Beware of COVID19 vaccine scams and misinformation

www.welivesecurity.com/2021/02/16/beware-covid19-vaccine-scams-misinformation/ The vaccination push provides a vital shot in the arm for the worlds battle against the pandemic, but it’s also a topic ripe for exploitation by fraudsters and purveyors of misinformation

Kia Motors America experiences massive IT outage across the US

www.bleepingcomputer.com/news/security/kia-motors-america-experiences-massive-it-outage-across-the-us/ Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.. One Twitter user shared that they could not pick up their car due to a ransomware attack taking down Kia’s systems.

Malvertisers exploited browser zero-day to redirect users to scams

www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/ The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.

Misconfigured Baby Monitors Allow Unauthorized Viewing

threatpost.com/baby-monitors-unauthorized-viewing/163982/ Hundreds of thousands of individuals are potentially affected by this vulnerability.. The issue exists in the manufacturers implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. Its possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.

How DNS-over-HTTPS (DoH) has Changed the Threat Landscape For Companies

quointelligence.eu/2021/02/dns-over-https-doh/ DNS-over-HTTPS (DoH) protocol is now offered and in some instances standard, in major Internet browsers. DoH provides the benefit of communicating DNS information over a secure HTTPS connection in an encrypted manner. . The protocol offers increased privacy for home-users but presents new challenges for enterprise networks and new opportunities for malicious actors. In order to prevent evolving threats from malware authors, organizations should stay updated and follow the latest security recommendations.

Supply chain attacks are on the rise: Check your software build pipeline security

www.zdnet.com/article/supply-chain-attacks-are-on-the-rise-check-your-software-build-pipeline-security/ Defending against supply chain attacks is more than trying to stop the theft of encryption keys to access protected cloud resources.

Recordhigh number of vulnerabilities reported in 2020

www.welivesecurity.com/2021/02/15/record-breaking-number-vulnerabilities-reported-2020/ High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior

LähiTapiola päästi hakkerit käymään konttorillaan turvakamerasta löytyi ikävä haavoittuvuus

www.tivi.fi/uutiset/tv/e46db25d-4b6f-459b-96b5-065bc4fced8f Järjestyksessään 11. Hack Day toteutettiin koronarajoitusten puitteissa.

This cybersecurity threat costs business millions. And it’s the one they often forget about

www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ Phishing emails that dupe users into sending cyber criminals wire transfers is by far the most lucrative form of cybercrime – here’s what you need to know.

DDoS attacks in Q4 2020


Introducing DNS Shotgun

en.blog.nic.cz/2021/02/16/introducing-dns-shotgun/ DNS Shotgun is a bechmarking tool specifically developed for realistic performance testing of DNS resolvers. Its goal is to simulate real clients and their behaviour, including timing of queries and realistic connection management, which are areas where traditional tools are lacking.

Bluetooth Overlay Skimmer That Blocks Chip

krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/ I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminals ability to read chip-based cards, forcing customers to swipe the stripe instead.

You might be interested in …

Daily NCSC-FI news followup 2020-02-12

Valentines & Chocolate Dont Always Equal Love blog.checkpoint.com/2020/02/12/valentines-chocolate-dont-always-equal-love/ With Valentines Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones. Meanwhile cyber criminals around the world also seem to be caught up in the spirit of this unique day. Over the past 2 years, Check Point […]

Read More

Daily NCSC-FI news followup 2020-10-24

Vastaamon asiakkaat ovat saaneet henkilökohtaisia kiristysviestejä, viesteissä vaaditaan 200-500 euron arvosta bitcoineja Poliisi: “Kiristysviestin vaatimuksiin ei tule suostua” www.hs.fi/kotimaa/art-2000006698803.html Jos uhri ei maksa, kiristäjä uhkaa julkaista hänen tietonsa sisältäen henkilötietojen lisäksi tarkan potilaskertomuksen, joka sisältää litteroituna terapeutin kanssa käydyt keskustelut. Myös: Vastaamon asiakkaat saavat nyt kiristysviestejä sähköposteihinsa viesteissä vaaditaan 200-500 euron arvosta bitcoineja – yle.fi/uutiset/3-11612183 […]

Read More

Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.