Syväteknologiaa kehittävä Unikie kyberturvallisuusjärjestö FISCin jäseneksi: “Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton”
tsuNAME – New DNS bug allows attackers to DDoS authoritative DNS servers
www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/ “What makes TsuNAME particularly dangerous is that it can be exploited to carry out DDoS attacks against critical DNS infrastructure like large TLDs or ccTLDs, potentially affecting country-specific services”. “Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records, ” the researchers explain in their security advisory. tsuNAME:
Qualcomm vulnerability impacts nearly 40% of all mobile phones
www.bleepingcomputer.com/news/security/qualcomm-vulnerability-impacts-nearly-40-percent-of-all-mobile-phones/ Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips (SoCs) used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi. “If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, ” according to Check Point researchers. Check Point Research alerted Qualcomm who confirmed and fixed the issue. Check Point:
A student pirating software led to a full-blown Ryuk ransomware attack
www.bleepingcomputer.com/news/security/a-student-pirating-software-led-to-a-full-blown-ryuk-ransomware-attack/ A student’s attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.
China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation
www.recordedfuture.com/china-pla-unit-purchasing-antivirus-exploitation/ Insikt Group assesses that the purchase of foreign antivirus software by the PLA poses a high risk to the global antivirus software supply chain
Formerly unknown rootkit used to secretly control networks of regional organizations
securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/ A newly discovered rootkit that we dub Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The rootkit was found on networks of regional diplomatic organizations in Asia and Africa, detected on several instances dating back to October 2019 and May 2020, where the infection persisted in the targeted networks for several months after each deployment of the malware.
CISA: Analysis Report on FiveHands Ransomware
us-cert.cisa.gov/ncas/analysis-reports/ar21-126a Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization
Cloud-Native Businesses Struggle with Security
www.darkreading.com/cloud/cloud-native-businesses-struggle-with-security/d/d-id/1340940 Almost 60% of companies said they are more worried about security since moving to cloud-native technologies four times greater than those that said they worry less, according to a survey published last week by security firm Snyk.