Daily NCSC-FI news followup 2021-02-25

Attackers scan for vulnerable VMware servers after PoC exploit release

www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/ After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. Lisäksi:

www.zdnet.com/article/more-than-6700-vmware-servers-exposed-online-and-vulnerable-to-major-new-bug

Health Website Leaks 8 Million COVID-19 Test Results

threatpost.com/health-website-leaks-covid-19-test/164274/ A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.

Dutch Research Council (NWO) confirms ransomware attack, data leak

www.bleepingcomputer.com/news/security/dutch-research-council-nwo-confirms-ransomware-attack-data-leak/ The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang.

Överbelastningsattack mot Bank-ID orsakade stora störningar

tekniksmart.se/overbelastningsattack-mot-bank-id-orsakade-stora-storningar/ En överbelastningsattack mot Bank-ID under tisdagskvällen gjorde att tjänsten delvis låg nere eller var mycket långsam för användarna. Attacken och störningarna bekräftades av Finansiell ID-Teknik till bland annat SVT Nyheter och TT.

North Korean hackers target defense industry with custom malware

www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/ A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.

Malicious Mozilla Firefox Extension Allows Gmail Takeover

threatpost.com/malicious-mozilla-firefox-gmail/164263/ A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Lisäksi:

www.zdnet.com/article/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on/. Lisäksi:

thehackernews.com/2021/02/chinese-hackers-using-firefox-extension.html

Google’s Password Checkup tool rolling out to Android devices

www.welivesecurity.com/2021/02/24/google-password-checkup-android-devices Google is extending its Password Checkup feature to Android in a bid to help people make their online accounts more secure. Originally introduced as an extension for the Google Chrome web browser two years ago, the tool was later integrated into Chrome for desktop before making its way into the browser’s versions for Android and iOS.

Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS

www.riscure.com/blog/samsung-investigation-part1 The goal of our investigation was to assess how strong Samsung’s TEE OS is and whether it can be compromised to obtain runtime control and extract all protected assets, allowing, e.g. decryption of user data. We did not consider a full exploit chain and instead focused on the TEE only, assuming an attacker already in control of the Android environment.

You might be interested in …

Daily NCSC-FI news followup 2020-04-25

Cybercrime Group Steals $1.3M from Banks www.darkreading.com/attacks-breaches/cybercrime-group-steals-$13m-from-banks-/d/d-id/1337646 Keywords: finanssi A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies. = Sextortion Campaigns Net Cybercriminals Nearly $500K in Five Months www.darkreading.com/threat-intelligence/sextortion-campaigns-net-cybercriminals-nearly-$500k-in-five-months/d/d-id/1337645 Tracking the cryptocurrency paid by victims finds that, even […]

Read More

Daily NCSC-FI news followup 2020-05-14

Spam campaign: Netwire RAT via paste.ee and MS Excel to German users www.gdatasoftware.com/blog/netwire-rat-via-pasteee-and-ms-excel G DATA discovered an email spam campaign in Germany that delivers NetWire RAT via PowerShell in Excel documents. The emails mimick the German courier, parcel and express mail service DHL. Sodinokibi drops greatest hits collection, and crime is the secret ingredient blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/ […]

Read More

Daily NCSC-FI news followup 2021-07-07

Out-of-Band (OOB) Security Update available for CVE-2021-34527 msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.. Lisäksi:https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. Lisäksi: msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527. Lisäksi: www.darkreading.com/endpoint/microsoft-releases-emergency-patch-for-printnightmare-flaw. Lisäksi: www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.