Daily NCSC-FI news followup 2021-05-06

Syväteknologiaa kehittävä Unikie kyberturvallisuusjärjestö FISCin jäseneksi: “Kaiken internet (IoE) ilman salattua tietoliikennettä on vastuuton”

www.epressi.com/tiedotteet/ohjelmistoteollisuus/syvateknologiaa-kehittava-unikie-kyberturvallisuusjarjesto-fiscin-jaseneksi-kaiken-internet-ioe-ilman-salattua-tietoliikennetta-on-vastuuton.html

tsuNAME – New DNS bug allows attackers to DDoS authoritative DNS servers

www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/ “What makes TsuNAME particularly dangerous is that it can be exploited to carry out DDoS attacks against critical DNS infrastructure like large TLDs or ccTLDs, potentially affecting country-specific services”. “Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records, ” the researchers explain in their security advisory. tsuNAME:

tsuname.io/

Qualcomm vulnerability impacts nearly 40% of all mobile phones

www.bleepingcomputer.com/news/security/qualcomm-vulnerability-impacts-nearly-40-percent-of-all-mobile-phones/ Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips (SoCs) used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi. “If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, ” according to Check Point researchers. Check Point Research alerted Qualcomm who confirmed and fixed the issue. Check Point:

research.checkpoint.com/2021/security-probe-of-qualcomm-msm/. Forbes:

www.forbes.com/sites/zakdoffman/2021/05/06/warning-for-samsung-galaxy-5g-android-users-with-qualcomm-flaw/

A student pirating software led to a full-blown Ryuk ransomware attack

www.bleepingcomputer.com/news/security/a-student-pirating-software-led-to-a-full-blown-ryuk-ransomware-attack/ A student’s attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.

China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation

www.recordedfuture.com/china-pla-unit-purchasing-antivirus-exploitation/ Insikt Group assesses that the purchase of foreign antivirus software by the PLA poses a high risk to the global antivirus software supply chain

Formerly unknown rootkit used to secretly control networks of regional organizations

securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/ A newly discovered rootkit that we dub Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The rootkit was found on networks of regional diplomatic organizations in Asia and Africa, detected on several instances dating back to October 2019 and May 2020, where the infection persisted in the targeted networks for several months after each deployment of the malware.

CISA: Analysis Report on FiveHands Ransomware

us-cert.cisa.gov/ncas/analysis-reports/ar21-126a Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization

Cloud-Native Businesses Struggle with Security

www.darkreading.com/cloud/cloud-native-businesses-struggle-with-security/d/d-id/1340940 Almost 60% of companies said they are more worried about security since moving to cloud-native technologies four times greater than those that said they worry less, according to a survey published last week by security firm Snyk.

You might be interested in …

Daily NCSC-FI news followup 2020-08-04

Google and Amazon overtake Apple as most imitated brands for phishing in Q2 2020 blog.checkpoint.com/2020/08/04/google-and-amazon-overtake-apple-as-most-imitated-brands-for-phishing-in-q2-2020/ When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: Because thats where the money is. The same logic applies to the question, Why are there so many phishing attacks? […]

Read More

Daily NCSC-FI news followup 2020-02-14

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies thehackernews.com/2020/02/united-states-china-huawei.html The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. North […]

Read More

Daily NCSC-FI news followup 2021-06-30

Public Windows PrintNightmare 0-day exploit allows domain takeover www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/ Another vulnerability, CVE-2021-1675 also regarding Print Spooler, was fixed in the Microsoft June update. Researchers from Chinese security company Sangfor, decided to release their writeup and demo exploit called PrintNightmareand believed to release information about the same issue. As it turns out PrintNightmare is not the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.