Daily NCSC-FI news followup 2021-04-29

Prime targets: Governments shouldn’t go it alone on cybersecurity

www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/ A year into the pandemic, ESET reveals new research into activities of the LuckyMouse APT group and considers how governments can rise to the cybersecurity challenges of the accelerated shift to digital

“BadAlloc” Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/ Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.

PHP Supply Chain Attack on Composer

blog.sonarsource.com/php-supply-chain-attack-on-composer In the PHP ecosystem, Composer is the major tool to manage and install software dependencies. It is used by development teams world-wide to ease the update process and to ensure that applications work effortless across environments and versions. During our security research, we discovered a critical vulnerability in the source code of Composer which is used by Packagist. It allowed us to execute arbitrary system commands on the Packagist.org server. In this blog post, we introduce the detected code vulnerabilities and how these were patched.

QNAP finds evidence of AgeLocker ransomware activity in the wild

www.bleepingcomputer.com/news/security/qnap-finds-evidence-of-agelocker-ransomware-activity-in-the-wild/ QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices following a massive Qlocker ransomware campaign earlier this month.

Ransomware gang leaks court and prisoner files from Illinois Attorney General Office

therecord.media/ransomware-gang-leaks-court-and-prisoner-files-from-illinois-attorney-general-office/ The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after negotiations have broken down and officials refused to pay a ransom demand, The Record has learned.

New ransomware task force wants more support for victims who don’t pay

therecord.media/new-ransomware-task-force-wants-wants-more-support-for-victims-who-dont-pay/ A new government and industry coalition on Thursday put its weight behind a number of aggressive measures aimed at curbing ransomware, including financially supporting victims who refuse to pay attackers and making it easier to track cryptocurrency payments. The group has been working over the last four months on an 80-page report released today that highlights the growing threat of ransomware and proposes a long list of actions that would reverse the trend that cybersecurity experts have been observing in recent years. also:


Incident Response Life Cycle Phases for Effective IR

www.secureworks.com/blog/incident-response-life-cycle-phases-for-effective-ir Incident Response frameworks highlight the importance of preparation and improvement for improved response outcomes

The Business of Fraud: Deepfakes, Fraud’s Next Frontier

www.recordedfuture.com/deepfakes-frauds-next-frontier/ Threat actors have begun to use dark web sources to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Furthermore, threat actors are using these sources, as well as many clearnet sources such as forums and messengers, to share tools, best practices, and advancements in deepfake techniques and technologies. As reported by Insikt Group’s Criminal and Underground Team throughout 2020, threat actors are developing customized deepfake products. PDF report: go.recordedfuture.com/hubfs/reports/cta-2021-0429.pdf

Suomalaistutkija päätti kokeilla onnistuuko hyökkäys Applen järjestelmiin no kyllähän se onnistui

www.tivi.fi/uutiset/tv/8cce5350-ebf3-4cff-ba40-1f5fe9a9911b Kyberturvallisuusyhtiö Nixun tietoturva-asiantuntija Aapo Oksman löysi haavoittuvuuden Applen iOS-käyttöjärjestelmästä ja sen App Store – -sovelluskaupan toiminnasta. Haavoittuvuus paikattiin hiljattain julkaistuissa iOS 14.5- ja iPadOS 14.5 -päivityksissä.

City fined for tracking its citizens via their phones

blog.malwarebytes.com/privacy-2/2021/04/city-fined-for-tracking-its-citizens-via-their-phones/ The Dutch information watchdogthe Autoriteit Persoonsgegevens (AP)has fined the city of Enschede for 600, 000 for tracking its citizens’ movements without permission. It is the first time that a Dutch government body has been fined by the AP. The investigation was set in motion after it received a complaint about tracking.

You might be interested in …

Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated […]

Read More

Daily NCSC-FI news followup 2020-04-11

How Apple and Google Are Enabling Covid-19 Contact-Tracing www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19/ The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy. The Challenge of Proximity Apps For COVID-19 Contact Tracing www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing Around the world, a diverse and growing chorus is calling for the use […]

Read More

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.