Daily NCSC-FI news followup 2021-04-14

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.. see also

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/update-now-chrome-needs-patching-against-two-in-the-wild-exploits/

FBI blasts away web shells on US servers in wake of Exchange vulnerabilities

www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-servers-in-wake-of-exchange-vulnerabilities/ Feds turn into cyberfirefighters and hose down the web shell bonfire raging on hundreds of unpatched Exchange servers.

CISA gives federal agencies until Friday to patch Exchange servers

www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-until-friday-to-patch-exchange-servers/ The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.

Threat Actors Targeting Cybersecurity Researchers

us-cert.cisa.gov/ncas/current-activity/2021/04/14/threat-actors-targeting-cybersecurity-researchers Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities.

100,000 Google Sites Used to Install SolarMarket RAT

threatpost.com/google-sites-solarmarket-rat/165396/ Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

An Update: The COVID-19 Vaccines Global Cold Chain Continues to Be a Target

securityintelligence.com/posts/covid-19-vaccine-global-cold-chain-security/ In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain an integral part of delivering and storing COVID-19 vaccines at safe temperatures was targeted by cyber adversaries.. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in 14 countries in Europe, North America, South America, Africa and Asia.

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/ Cyber criminals are targeting vulnerable [published in March] Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money.

Turun opetuksen verkkopalveluihin kohdistettu tietomurto pystyttiin estämään varotoimenpiteenä tulee vaihtaa salasana

yle.fi/uutiset/3-11883275 Turun kaupunki on tehnyt viikonloppuna ja maanantaina tapahtuneesta tietomurrosta rikosilmoituksen.. katso myös

www.turku.fi/uutinen/2021-04-14_tietomurto-opetuksen-verkkopalveluihin-turussa

Capcom: Ransomware gang used old VPN device to breach the network

www.bleepingcomputer.com/news/security/capcom-ransomware-gang-used-old-vpn-device-to-breach-the-network/ Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.

SMASH

www.vusec.net/projects/smash/ SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate the exploit chain.

The FBI wanted to unlock the San Bernardino shooters iPhone. It turned to a little-known Australian firm.

www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/ Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.

Nokia syrjäyttää Huawein suomalaisoperaattoreiden yhteisessä mobiiliverkossa Suomen Yhteisverkon operointi pois kiistellyltä kiinalaisyritykseltä

www.kauppalehti.fi/uutiset/nokia-syrjayttaa-huawein-suomalaisoperaattoreiden-yhteisessa-mobiiliverkossa-suomen-yhteisverkon-operointi-pois-kiistellylta-kiinalaisyritykselta/7fc42630-8d6e-4584-b67c-… Telian ja DNA:n yhteisesti omistama Suomen Yhteisverkko Oy on aloittanut uuden 5G-verkon rakentamisen laajentuvalle toimialueelleen Itä- ja Pohjois-Suomeen. Hiihtokeskusten verkot saavat samalla uutta tehoa ja verkko uuden operointi-isännän.

You might be interested in …

Daily NCSC-FI news followup 2020-02-19

ISS: Security incident impacting parts of the IT environment www.fi.issworld.com/ On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident. Dharma […]

Read More

Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels. Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack […]

Read More

Daily NCSC-FI news followup 2019-10-14

Laajamittainen häiriö Nesteen IT-järjestelmissä www.neste.com/fi/tiedotteet-ja-uutiset/laajamittainen-hairio-nesteen-it-jarjestelmissa Nesteen IT-järjestelmissä on havaittu laajamittainen häiriö. Häiriö vaikuttaa Nesteen Suomen ja Baltian toimintoihin laajasti prosessi-, säiliö- ja terminaalialueella, ja aiheuttaa viivästyksiä tuotejakelussa. Häiriön syytä tutkitaan parhaillaan yhteistyössä palveluntarjoajien kanssa. Connecting the dots: Exposing the arsenal and methods of the Winnti Group www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ New ESET white paper released describing updates to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.