Daily NCSC-FI news followup 2021-04-21

Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities

us-cert.cisa.gov/ncas/alerts/aa21-110a The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actoror actorsbeginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Lisäksi:

threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/. Lisäksi:

www.zdnet.com/article/hackers-are-actively-targeting-flaws-in-these-vpn-devices-heres-what-you-need-to-do/. Lisäksi:

www.tivi.fi/uutiset/tv/5c98bcf2-6960-4941-9e88-1dd31cf9880f. Lisäksi:

arstechnica.com/gadgets/2021/04/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world/

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/ The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2021/04/20/cisa-issues-emergency-directive-pulse-connect-secure

FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram

blog.malwarebytes.com/privacy-2/2021/04/fbi-face-recognition-trawl-finds-capitol-rioter-via-his-girlfriends-instagram/ Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new.

Zero-day vulnerabilities in SonicWall email security are being actively exploited

www.zdnet.com/article/zero-day-vulnerabilities-in-sonicwall-email-security-are-being-exploited-in-the-wild/ SonicWall is urging customers to apply patches to resolve three zero-day vulnerabilities in its email security solution that are being actively exploited in the wild. Lisäksi:

www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html.

www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/. Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices. A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.

Russian intelligence agency SVR sets up dark web whistleblowing platform

therecord.media/russian-intelligence-agency-svr-sets-up-dark-web-whistleblowing-platform/ The SVR, Russia’s main intelligence service, has deployed a system similar to the SecureDrop whistleblowing platform to allow Russians living abroad to safely send anonymous tips via the Tor network about national security threats.

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

arstechnica.com/information-technology/2021/04/in-epic-hack-signal-developer-turns-the-tables-on-forensics-firm-cellebrite/ For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspikethe brainchild behind the Signal messaging apphas turned the tables.

You might be interested in …

Daily NCSC-FI news followup 2020-10-23

Inhimillinen virhe, haittaohjelma vai jotakin muuta? Kysyimme asiantuntijalta, miten Vastaamon järkyttävä tietomurto oli mahdollinen yle.fi/uutiset/3-11611051 Vuodon taustalla voi olla inhimillinen virhe ylläpidossa, joka on mahdollistanut tietomurron. Silloin järjestelmän ylläpitäjä olisi esimerkiksi paljastanut järjestelmästä sellaisia osia, joiden avulla hyökkääjä on voinut ohittaa suojauksia. Se ei kuitenkaan ole ainoa vaihtoehto, Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen erityisasiantuntija Perttu Halonen […]

Read More

Daily NCSC-FI news followup 2019-09-03

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming krebsonsecurity.com/2019/09/feds-allege-adconion-employees-hijacked-ip-addresses-for-spamming/ Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening […]

Read More

Daily NCSC-FI news followup 2019-11-04

Chrome bug squashed, QNAP NAS nasty hits, BlueKeep malware spreads, and more www.theregister.co.uk/2019/11/04/security_roundup_november1/ Including Spanish camgirl sites spill info, domain registrars hacked Happy Birthday, CVE! Naked Security nationalcybersecurity.com/happy-birthday-cve-naked-security/ It was October 1999. Macs had just got embedded Wi-Fi, Napster had launched, and Yahoo had purchased Geocities for $3.6bn. Something else happened that escaped most computer […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.