Daily NCSC-FI news followup 2021-04-17

Major BGP leak disrupts thousands of networks globally

www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.

Combating Sleeper Threats With MTTD

securityintelligence.com/articles/sleeper-threats-mean-time-to-detect/ During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019. Although these early versions did not contain the malicious backdoor (this was added in March 2020), it means attackers were able to remain hidden for a long time.

Biden Races to Shore Up Power Grid Against Hacks

threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.

Codecov discloses 2.5-month-long supply chain attack

therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/ Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools. The impacted product is named Bash Uploader and allows Codecov customers to submit code coverage reports to the company’s platform for analysis. Lisäksi:

arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/. Lisäksi: about.codecov.io/security-update/

Google’s Project Zero updates vulnerability disclosure rules to add patch cushion

therecord.media/googles-project-zero-updates-vulnerability-disclosure-rules-to-add-patch-cushion/ The Google Project Zero security team has updated its vulnerability disclosure guidelines today to add a cushion of 30 days to some security bug disclosures, so end-users have enough time to patch software and prevent attackers from weaponizing bugs.

BazarLoader Malware Abuses Slack, BaseCamp Clouds

threatpost.com/bazarloader-malware-slack-basecamp/165455/ Two cyberattack campaigns are making the rounds using unique social-engineering techniques. The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.

Swinburne University confirms over 5, 000 individuals affected in data breach

www.zdnet.com/article/swinburne-university-confirms-over-5000-individuals-affected-in-data-breach/ Swinburne University of Technology has confirmed personal information on staff, students, and external parties had inadvertently made its way into the wild. It said it was advised last month that information of around 5, 200 Swinburne staff and 100 Swinburne students was available on the internet.

iOS Kids Game Morphs into Underground Crypto Casino

threatpost.com/ios-kids-game-crypto-casino/165450/ A malicious Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money.

You might be interested in …

Daily NCSC-FI news followup 2021-02-04

Cybersecurity firm Stormshield hacked. Data (including source code) stolen grahamcluley.com/cybersecurity-firm-stormshield-hacked-data-including-source-code-stolen/ French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information. The company, which is a major provider to the French government, says that a hacker managed to steal data after gaining access to a portal used […]

Read More

Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. […]

Read More

Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/ Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.