Daily NCSC-FI news followup 2021-04-07

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own

www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/ During the first day of Pwn2Own 2021, contestants won $440, 000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

New Cring ransomware hits unpatched Fortinet VPN devices

www.bleepingcomputer.com/news/security/new-cring-ransomware-hits-unpatched-fortinet-vpn-devices/ A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks. Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was discovered by Amigo_A in January and spotted by the CSIRT team of Swiss telecommunications provider Swisscom.

Windows XP makes ransomware gangs work harder for their money

www.bleepingcomputer.com/news/security/windows-xp-makes-ransomware-gangs-work-harder-for-their-money/ A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. If an organization uses Windows XP and a ransomware attack encrypts the device, it now falls on the threat actors to support the operating system if they want to get paid.

New wormable Android malware poses as Netflix to hijack WhatsApp sessions

www.zdnet.com/article/new-android-malware-poses-as-netflix-to-hijack-whatsapp-sessions/ A new variant of Android malware has been discovered in an app on Google Play that entices users by promising free Netflix subscriptions.. On Wednesday, Check Point Research (CPR) said the “wormable” mobile malware was discovered in the Google Play Store, the official repository for Android apps. The malicious software, dubbed “FlixOnline, ” disguises itself as a legitimate Netflix application and appears to focus on targeting the WhatsApp messaging application.

SAP warns of malicious activity targeting unpatched systems

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/sap-warns-of-malicious-activity-targeting-unpatched-systems/ A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are “targeting and potentially exploiting unprotected mission-critical SAP applications”. Some of the vulnerabilities used were weaponised fewer than 72 hours after patches are released. In some cases, a newly deployed SAP instance could be compromised in just under a week if people aren’t patching.

Facebook Says It’s Your Fault That Hackers Got Half a Billion User Phone Numbers

www.vice.com/en/article/88awzp/facebook-says-its-your-fault-that-hackers-got-half-a-billion-user-phone-numbers A database containing the stolen phone numbers of more than half a billion Facebook users is being freely traded online. A blog post titled “The Facts on News Reports About Facebook Data, ” published Tuesday evening, is designed to silence the growing criticism the company is facing for failing to protect the phone numbers and other personal information of 533 million users after. a database containing that information was shared for free in low level hacking forums over the weekend, as first reported by Business Insider.

Update on PHP source code compromise: User database leak suspected

www.theregister.com/2021/04/07/update_on_php_source_code/ PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it. The code was initially committed in the name of Rasmus Lerdorf, creator of PHP, and after it was removed, recommitted under Popov’s name.

Google Forms and Telegram abused to collect phished credentials

www.bleepingcomputer.com/news/security/google-forms-and-telegram-abused-to-collect-phished-credentials/ Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.

Luotettavan näköinen porilainen pyöräkauppa paljastui huijaukseksi Aasiasta pyöritetty nettipetosvyyhti hyödyntää Suomen hyvää mainetta

yle.fi/uutiset/3-11836016 Tekijät pyrkivät pitämään yllä kuvaa rehellisestä liiketoiminnasta. Kymmenet sivustot ja nopea vastaaminen yhteydenottoihin kertovat teollisesta toimintatavasta. Kun mereen on laskettu monta koukkua, silloin tällöin nappaa. Ja jos edes osa asiakkaista menee lankaan ja lähettää rahat suoraan pankkitilille, vilunki kannattaa.

Pankkitunnuksesi yritetään kaapata varo yhteydenottoa: mieheltä katosi 300 000 euroa

www.iltalehti.fi/tietoturva/a/7fd7bac6-feed-49dc-8bfa-8ea50657e801 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus varoittaa verkkopankkitunnuksien kalastelukampanjasta. Rikolliset lähettävät suomalaisille sekä teksti- että sähköpostiviestejä, jotka on naamioitu pankeilta saapuneiksi. ltalehti kertoi tammikuussa, miten poliisi tutkii tapausta, jossa suomalaismieheltä oli huijattu Nordean nimissä lähes 300 000 euroa. Kyseinen mies oli saanut “Nordealta” sähköpostiviestin, jossa oli pyydetty allekirjoittamaan luottamuksellinen asiakirja. Todellisuudessa mies täytti pankkitietonsa kalastelusivustolle.

Android to Support Rust Programming Language to Prevent Memory Flaws

thehackernews.com/2021/04/android-to-support-rust-programming.html Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system.

iOS 14.5: How To Use Apple’s Stunning New iPhone Privacy Feature

www.forbes.com/sites/kateoflahertyuk/2021/04/07/ios-145-how-to-use-apples-stunning-new-iphone-privacy-feature/ It’s April and that can only mean one thing for iPhone and iPad users: The launch of iOS 14.5, with a barrage of great new features including the stunning privacy update that’s been months in the making. App Tracking Transparency (ATT) could effectively spell the end of the so-called identifier for advertisers (IDFA), a method used by apps to track you on your iPhone across apps and services. This is because in iOS 14.5, ATT introduces the requirement for apps to ask you if they want to track you across services.

Critical Auth Bypass Bug Found in VMware Data Center Security Product

thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.

You might be interested in …

Daily NCSC-FI news followup 2019-06-26

Security flaw in LTE networks can let hackers send false presidential alerts cyware.com/news/security-flaw-in-lte-networks-can-let-hackers-send-false-presidential-alerts-109ceabf A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts. New Silex malware is bricking IoT devices, has scary plans www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ A new […]

Read More

Daily NCSC-FI news followup 2021-10-21

Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks therecord.media/cybercrime-gang-sets-up-fake-company-to-hire-security-experts-to-aid-in-ransomware-attacks/ A cybercrime group known as FIN7 has created a fake security firm earlier this year, used it to hire security researchers, and then trick them into participating in ransomware attacks. Named Bastion Secure, the company claims to provide penetration […]

Read More

Daily NCSC-FI news followup 2020-07-11

Trump confirms US conducted cyberattack against Russia in 2018 edition.cnn.com/2020/07/10/politics/donald-trump-us-russia-cyberattack/index.html President Donald Trump, for the first time, confirmed the US conducted a covert cyberattack in 2018 against Russia’s Internet Research Agency. Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/ A California jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.