Daily NCSC-FI news followup 2021-05-06

Syväteknologiaa kehittävä Unikie kyberturvallisuusjärjestö FISCin jäseneksi: “Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton”


tsuNAME – New DNS bug allows attackers to DDoS authoritative DNS servers

www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/ “What makes TsuNAME particularly dangerous is that it can be exploited to carry out DDoS attacks against critical DNS infrastructure like large TLDs or ccTLDs, potentially affecting country-specific services”. “Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records, ” the researchers explain in their security advisory. tsuNAME:


Qualcomm vulnerability impacts nearly 40% of all mobile phones

www.bleepingcomputer.com/news/security/qualcomm-vulnerability-impacts-nearly-40-percent-of-all-mobile-phones/ Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips (SoCs) used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi. “If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, ” according to Check Point researchers. Check Point Research alerted Qualcomm who confirmed and fixed the issue. Check Point:

research.checkpoint.com/2021/security-probe-of-qualcomm-msm/. Forbes:


A student pirating software led to a full-blown Ryuk ransomware attack

www.bleepingcomputer.com/news/security/a-student-pirating-software-led-to-a-full-blown-ryuk-ransomware-attack/ A student’s attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.

China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation

www.recordedfuture.com/china-pla-unit-purchasing-antivirus-exploitation/ Insikt Group assesses that the purchase of foreign antivirus software by the PLA poses a high risk to the global antivirus software supply chain

Formerly unknown rootkit used to secretly control networks of regional organizations

securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/ A newly discovered rootkit that we dub Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The rootkit was found on networks of regional diplomatic organizations in Asia and Africa, detected on several instances dating back to October 2019 and May 2020, where the infection persisted in the targeted networks for several months after each deployment of the malware.

CISA: Analysis Report on FiveHands Ransomware

us-cert.cisa.gov/ncas/analysis-reports/ar21-126a Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization

Cloud-Native Businesses Struggle with Security

www.darkreading.com/cloud/cloud-native-businesses-struggle-with-security/d/d-id/1340940 Almost 60% of companies said they are more worried about security since moving to cloud-native technologies four times greater than those that said they worry less, according to a survey published last week by security firm Snyk.

You might be interested in …

Daily NCSC-FI news followup 2020-04-24

New Training: on orchestration of CSIRT Tools www.enisa.europa.eu/news/enisa-news/csirt-training-tools-new-orchestration The EU agency for Cybersecurity introduces new training materials to support Member States’ CSIRTs. ENISA puts great effort into supporting the development of EU Member States’ national incident response preparedness. To that purpose, ENISA updated its CSIRT training material aimed at improving the skills of CSIRT teams. […]

Read More

Daily NCSC-FI news followup 2020-05-07

A Deep Dive Into the Latest Maze Ransomware TTPs www.kroll.com/en/insights/publications/cyber/latest-maze-ransomware-ttps Kroll incident response (IR) practitioners worked on multiple Maze ransomware cases during the first quarter of 2020 and have new insights on the tactics, techniques and procedures (TTPs) of these actors and why organizations should revisit their IR plans. In our work with one client, […]

Read More

Daily NCSC-FI news followup 2020-01-26

Teenagers today. Can’t take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist www.theregister.co.uk/2020/01/25/security_roundup/ Also, Cisco, Citrix emit patches, US army advises using Signal Patching the Citrix ADC Bug Doesn’t Mean You Weren’t Hacked www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/ Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.