Daily NCSC-FI news followup 2021-04-21

Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities

us-cert.cisa.gov/ncas/alerts/aa21-110a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actoror actorsbeginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Lisäksi:

threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/. Lisäksi:

www.zdnet.com/article/hackers-are-actively-targeting-flaws-in-these-vpn-devices-heres-what-you-need-to-do/. Lisäksi:

www.tivi.fi/uutiset/tv/5c98bcf2-6960-4941-9e88-1dd31cf9880f. Lisäksi:

arstechnica.com/gadgets/2021/04/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world/

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2021/04/20/cisa-issues-emergency-directive-pulse-connect-secure

FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram

blog.malwarebytes.com/privacy-2/2021/04/fbi-face-recognition-trawl-finds-capitol-rioter-via-his-girlfriends-instagram/ Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new.

Zero-day vulnerabilities in SonicWall email security are being actively exploited

www.zdnet.com/article/zero-day-vulnerabilities-in-sonicwall-email-security-are-being-exploited-in-the-wild/ SonicWall is urging customers to apply patches to resolve three zero-day vulnerabilities in its email security solution that are being actively exploited in the wild. Lisäksi:

www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html.

www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/. Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices. A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.

Russian intelligence agency SVR sets up dark web whistleblowing platform

therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/ The SVR, Russia’s main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/ For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspikethe brainchild behind the Signal messaging apphas turned the tables.

You might be interested in …

Daily NCSC-FI news followup 2020-10-11

Settings That Impact The Windows OS windowsir.blogspot.com/2020/10/settings-that-impact-windows-os.html There are a number of settings within Windows systems that can and do significantly impact the functionality of Windows, and as a result, can also impact what is available to a DFIR analyst. These settings very often manifest as modifications to Registry keys or values. These settings also […]

Read More

Daily NCSC-FI news followup 2021-09-01

Cryptophishing on the Luno exchange www.kaspersky.com/blog/cryptophishing-in-luno/41538/ Since the advent of cryptocurrency, scammers of every stripe have sought to get rich from stealing virtual coins. With cybercriminals duping both buyers of mining equipment and cryptoinvestors, we spotlight a scam targeting users of the Luno cryptoexchange. The Luno cryptocurrency exchange has been in existence since 2013, and […]

Read More

Daily NCSC-FI news followup 2019-08-16

New Bluetooth KNOB Attack Lets Attackers Manipulate Traffic www.bleepingcomputer.com/news/security/new-bluetooth-knob-attack-lets-attackers-manipulate-traffic/ A new Bluetooth vulnerability named “Key Negotiation Of Bluetooth attack” or “KNOB” has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices.. see also knobattack.com/ Ammottava aukko päästi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.