Daily NCSC-FI news followup 2021-04-14

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.. see also

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/

FBI blasts away web shells on US servers in wake of Exchange vulnerabilities

www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/ Feds turn into cyberfirefighters and hose down the web shell bonfire raging on hundreds of unpatched Exchange servers.

CISA gives federal agencies until Friday to patch Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-until-friday-to-patch-exchange-servers/ The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.

Threat Actors Targeting Cybersecurity Researchers

us-cert.cisa.gov/ncas/current-activity/2021/04/14/threat-actors-targeting-cybersecurity-researchers Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities.

100,000 Google Sites Used to Install SolarMarket RAT

threatpost.com/google-sites-solarmarket-rat/165396/ Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

An Update: The COVID-19 Vaccines Global Cold Chain Continues to Be a Target

securityintelligence.com/posts/covid-19-vaccine-global-cold-chain-security/ In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain an integral part of delivering and storing COVID-19 vaccines at safe temperatures was targeted by cyber adversaries.. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in 14 countries in Europe, North America, South America, Africa and Asia.

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/ Cyber criminals are targeting vulnerable [published in March] Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money.

Turun opetuksen verkkopalveluihin kohdistettu tietomurto pystyttiin estämään varotoimenpiteenä tulee vaihtaa salasana

yle.fi/uutiset/3-11883275 Turun kaupunki on tehnyt viikonloppuna ja maanantaina tapahtuneesta tietomurrosta rikosilmoituksen.. katso myös

www.turku.fi/uutinen/2021-04-14_tietomurto-opetuksen-verkkopalveluihin-turussa

Capcom: Ransomware gang used old VPN device to breach the network

www.bleepingcomputer.com/news/security/capcom-ransomware-gang-used-old-vpn-device-to-breach-the-network/ Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.

SMASH

www.vusec.net/projects/smash/ SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate the exploit chain.

The FBI wanted to unlock the San Bernardino shooters iPhone. It turned to a little-known Australian firm.

www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/ Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.

Nokia syrjäyttää Huawein suomalaisoperaattoreiden yhteisessä mobiiliverkossa Suomen Yhteisverkon operointi pois kiistellyltä kiinalaisyritykseltä

www.kauppalehti.fi/uutiset/nokia-syrjayttaa-huawein-suomalaisoperaattoreiden-yhteisessa-mobiiliverkossa-suomen-yhteisverkon-operointi-pois-kiistellylta-kiinalaisyritykselta/7fc42630-8d6e-4584-b67c-… Telian ja DNA:n yhteisesti omistama Suomen Yhteisverkko Oy on aloittanut uuden 5G-verkon rakentamisen laajentuvalle toimialueelleen Itä- ja Pohjois-Suomeen. Hiihtokeskusten verkot saavat samalla uutta tehoa ja verkko uuden operointi-isännän.

You might be interested in …

Daily NCSC-FI news followup 2020-07-10

Mitigating a 754 Million PPS DDoS Attack Automatically blog.cloudflare.com/mitigating-a-754-million-pps-ddos-attack-automatically/ On June 21, Cloudflare automatically mitigated a highly volumetric DDoS attack that peaked at 754 million packets per second. This DDoS campaign, the attack peaked at a mere 250 Gbps so it does not seem as the attacker intended to saturate our Internet links, perhaps because […]

Read More

Daily NCSC-FI news followup 2021-06-01

Ruotsi ja Norja vaativat Tanskalta selvitystä vakoiluväitteistä yle.fi/uutiset/3-11955732 Mediatietojen mukaan Tanskan puolustusministeri olisi tiennyt jo viime elokuussa, että Yhdysvaltain Kansallisen turvallisuuden virasto NSA on vakoillut Tanskan kautta useiden liittolaismaiden poliitikkoja ja virkamiehiä. Ruotsin ja Norjan puolustusministerit vaativat Tanskalta selvitystä mediatiedoista, joiden mukaan Yhdysvallat olisi vakoillut Tanskan kautta niiden poliitikkoja ja virkamiehiä, kertoo muun muassa Tanskan […]

Read More

Daily NCSC-FI news followup 2020-02-06

Protecting users from insecure downloads in Google Chrome security.googleblog.com/2020/02/protecting-users-from-insecure_6.html Today were announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, well start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.