Daily NCSC-FI news followup 2021-04-21

Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities

us-cert.cisa.gov/ncas/alerts/aa21-110a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actoror actorsbeginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Lisäksi:

threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/. Lisäksi:

www.zdnet.com/article/hackers-are-actively-targeting-flaws-in-these-vpn-devices-heres-what-you-need-to-do/. Lisäksi:

www.tivi.fi/uutiset/tv/5c98bcf2-6960-4941-9e88-1dd31cf9880f. Lisäksi:

arstechnica.com/gadgets/2021/04/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world/

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2021/04/20/cisa-issues-emergency-directive-pulse-connect-secure

FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram

blog.malwarebytes.com/privacy-2/2021/04/fbi-face-recognition-trawl-finds-capitol-rioter-via-his-girlfriends-instagram/ Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new.

Zero-day vulnerabilities in SonicWall email security are being actively exploited

www.zdnet.com/article/zero-day-vulnerabilities-in-sonicwall-email-security-are-being-exploited-in-the-wild/ SonicWall is urging customers to apply patches to resolve three zero-day vulnerabilities in its email security solution that are being actively exploited in the wild. Lisäksi:

www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html.

www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/. Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices. A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.

Russian intelligence agency SVR sets up dark web whistleblowing platform

therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/ The SVR, Russia’s main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/ For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspikethe brainchild behind the Signal messaging apphas turned the tables.

You might be interested in …

Daily NCSC-FI news followup 2020-09-06

Ransomware attack halts Argentinian border crossing for four hours www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/ Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. The ransomware demanded $4 million and leaked data from the breach online. Visa warns of new Baka credit card JavaScript skimmer […]

Read More

Daily NCSC-FI news followup 2021-03-02

Vastaamon tietomurrosta seuraa jotain hyvääkin: suomalaisille uusi verkkopalvelu voit jo testata www.tivi.fi/uutiset/tv/fedd3f89-7853-4b68-b851-a9608706a533 Ensimmäisessä vaiheessa Suomi.fi-sivustolle kootaan identiteettivarkauksia ja tietomurtoa koskevat ohjeistukset ja palvelut helppokäyttöiseksi kansalaista toimimaan opastavaksi poluksi. Tämä kokonaisuus valmistuu huhtikuussa 2021 yhteistyössä hankkeessa mukana olevan verkoston kanssa.. Kevään aikana palveluun tuodaan myös mahdollisuus hallinnoida osaa Digi- ja väestötietovirastolle tehtävistä kielloista. Tällaisia ovat väestötietojärjestelmään […]

Read More

Daily NCSC-FI news followup 2019-09-04

Satori IoT Botnet Operator Pleads Guilty krebsonsecurity.com/2019/09/satori-iot-botnet-operator-pleads-guilty/ A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the Satori botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.