Daily NCSC-FI news followup 2021-02-27

Amazon Dismisses Claims Alexa Skills Can Bypass Security Vetting Process

threatpost.com/amazon-dismisses-claims-alexa-skills-can-bypass-security-vetting/164316/ Our analysis shows that while Amazon restricts access to user data for skills and has put forth a number of rules, there is still room for malicious actors to exploit or circumvent some of these rules, said researchers this week. This can enable an attacker to exploit the trust they have built with the system.

The state of stalkerware in 2020

securelist.com/the-state-of-stalkerware-in-2020/100875/ Kasperskys data shows that the scale of the stalkerware issue has not improved much in 2020 compared to the last year:. The number of people affected is still high. In total, 53,870 of our mobile users were affected globally by stalkerware in 2020. Keeping in mind the big picture, these numbers only include Kaspersky users, and the total global numbers will be higher.

Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak

edition.cnn.com/2021/02/26/politics/solarwinds123-password-intern/ The researcher who discovered the leaked password, Vinoth Kumar, previously told CNN that before the company corrected the issue in November 2019, the password had been accessible online since at least June 2018.. Emails between Kumar and SolarWinds showed that the leaked password allowed Kumar to log in and successfully deposit files on the company’s server. Using that tactic, Kumar warned the company, any hacker could upload malicious programs to SolarWinds.

An Exploration of JSON Interoperability Vulnerabilities

labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities As we’ve seen through attacks like HTTP request smuggling, discrepancies across parsers combined with multi-stage request processing can introduce serious vulnerabilities. In this research, I conducted a survey of 49 JSON parsers, cataloged their quirks, and present a variety of attack scenarios and Docker Compose labs to highlight their risks. Through our payment processing and user management . examples, we will explore how JSON parsing inconsistencies can mask serious business logic vulnerabilities in otherwise benign code.

Why You Should Stop Sending Texts From Your Android Messages App

www.forbes.com/sites/zakdoffman/2021/02/27/google-android-messages-update-apple-iphone-ipad-imessage-security-versus-sms-rcs-and-whatsapp-encryption/ Until Googles RCS offers end-to-end encryption by default and can provide that level of security for groups as well as 1:1 messaging, then its as much of a no-no as Facebook Messenger. And Samsungs alternative is exactly the same.

www.forbes.com/sites/thomasbrewster/2021/02/25/exclusive-hackers-break-into-biochemical-systems-at-oxford-uni-lab-studying-covid-19/ Oxford University confirmed on Thursday it had detected and isolated an incident at the Division of Structural Biology (known as Strubi) after Forbes disclosed that hackers were showing off access to a number of systems. These included machines used to prepare biochemical samples, though the university said it couldnt comment further on the scale of the breach. It has contacted the . National Cyber Security Center (NCSC), a branch of the British intelligence agency GCHQ, which will now investigate the attack.. The crew, according to [Hold Security’s Alex] Holden, is highly sophisticated and has been privately selling stolen data from a number of its victims, and has previously sold to advanced persistent threat groups, a term for nation-state-backed hackers. He noted that the hackers spoke Portuguese. Some of the groups other victims include Brazilian universities, Holden added, and they also . use ransomware to extort some victims.

Microsoft fixes Windows 10 drive corruption bug what you need to know

www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-drive-corruption-bug-what-you-need-to-know/ With this week’s release of Windows 10 Insider build 21322, Microsoft has included an undocumented fix that prevents the path from being accessed.

Google shares PoC exploit for critical Windows 10 Graphics RCE bug

www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/ Project Zero, Google’s 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component.. They reported the bug to the Microsoft Security Response Center in November. The company released security updates to address it on all vulnerable platforms on February 9, during this month’s Patch Tuesday.

You might be interested in …

Daily NCSC-FI news followup 2020-07-28

Älykelloissa käytettävät Garmin-sovellukset toimivat jälleen usean päivän jälkeen yhtiö myöntää olleensa kyberhyökkäyksen kohde yle.fi/uutiset/3-11467797 Muun muassa älykelloja valmistava Garmin myöntää olleensa kyberhyökkäyksen kohteena. Yhtiön mukaan sen sovellukset olivat maanantaina palaamassa jälleen toimintaan usean päiävän käyttökatkon jälkeen. Niiden pitäisi palautua normaaleiksi muutaman päivän kuluessa. Lisäksi www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/ ja www.tivi.fi/uutiset/tv/5beb6fe2-dc58-4e3b-9494-0ab3284c8ffd. ja www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/. Lisäksi arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ ja www.is.fi/digitoday/tietoturva/art-2000006584082.html ja www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services. […]

Read More

Daily NCSC-FI news followup 2020-09-14

Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity us-cert.cisa.gov/ncas/alerts/aa20-258a The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.. see also www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix-pulse-secure-and-exchange-bugs/ Magecart Attack […]

Read More

Daily NCSC-FI news followup 2020-01-09

Satasairaalassa jälleen tietoverkkokatkos, vika luultua pahempi myös perusturvassa ongelmia yle.fi/uutiset/3-11149405 Katkos alkoi torstaina aamupäivällä ja kesti noin 20 minuuttia. Satasairaalan tietohallintojohtaja Leena Ollonqvistin mukaan sairaalan it-osasto teki testiä, jolla estää viimeviikkoinen katkos. Testi aiheutti samankaltaisen luupin kuin viime viikolla. A lazy fix 20 years ago means the Y2K bug is taking down computers now www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.