Daily NCSC-FI news followup 2021-05-11

Companies 5 Million Personal identifiable information records detected on an AWS service due to misconception of users

blog.checkpoint.com/2021/05/11/companies-5-million-personal-identifiable-information-records-detected-on-an-aws-service-due-to-misconception-of-users/ CPR was able to detect personal records in Amazon Web Services (AWS). By analyzing and enumerating public AWS Systems Manager (SSM) documents, CPR retrieved over five million personally identifiable information records and credit card transactions of companies, including a global sportswear manufacturer. AWS Systems Manager provides the ability to automate operational tasks across AWS resources by creating SSM documents. An SSM document defines the actions that Systems Manager performs on their managed instances. Due to an increased rate of cloud migrations and deployments, CPR analyzed SSM documents and found a trend of misconceptions on the parameters of what should be shared within such documents.

A Closer Look at the DarkSide Ransomware Gang

krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/ The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Heres a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.

Apple AirTag jailbroken already hacked in rickroll attack

nakedsecurity.sophos.com/2021/05/11/apple-airtag-jailbroken-already-hacked-in-rickroll-attack/ Apple recently announced a tracking device that it calls the AirTag, a new competitor in the smart label product category. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it. If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those. Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.

Adobe fixes Reader zero-day vulnerability exploited in the wild

www.bleepingcomputer.com/news/security/adobe-fixes-reader-zero-day-vulnerability-exploited-in-the-wild/ Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader. The updated applications include Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, dobe After Effects, Adobe Medium, and Adobe Animate.. Also:

threatpost.com/adobe-zero-day-bug-acrobat-reader/166044/

U.S. Intelligence Agencies Warn About 5G Network Weaknesses

thehackernews.com/2021/05/us-intelligence-agencies-warn-about-5g.html Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was published on Monday by the U.S. National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA).

15% of 2020 ransomware payments carried a sanctions violations risk

therecord.media/15-of-2020-ransomware-payments-carried-a-sanctions-violations-risk/ Around one in six ransomware payments in 2020 were made to ransomware gangs that had some sort of connection to a US-sanctioned entity. Payments to ransomware gangs such as Bitpaymer, DopplePaymer, WastedLocker, and Clop carried a sanction violations risk in 2020, said Chainalysis, a company specialized in analyzing blockchain transactions. Security researchers believe these four ransomware strains have been created or have worked together with a cybercrime cartel known as EvilCorp, sanctioned by the US Treasury Department in December 2019.

Fake Chrome App Anchors Rapidly Worming Smish Cyberattack

threatpost.com/fake-chrome-app-worming-smish-cyberattack/166038/ A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials. According to researchers at Pradeo, the attack starts with a basic smishing gambit: Targets receive an SMS text asking them to pay custom fees to release a package delivery. If they fall for it and click, a message comes up asking them to update the Chrome app.

Ransomware attack on healthcare admin company CaptureRx exposes multiple providers across United States

www.zdnet.com/article/ransomware-attack-on-healthcare-admin-company-capturerx-exposes-multiple-providers-across-united-states/ Multiple healthcare providers across the United States are reporting being impacted by a ransomware attack on CaptureRx, a San Antonio-based company providing drug-related administrative services. At least three healthcare-related institutions — including UPMC Cole and UPMC Wellsboro in Pennsylvania, Lourdes Hospital and Faxton St. Luke’s Healthcare in New York, Gifford Health Care in Randolph, Vermont and a number of Thrifty Drug Stores — have reportedly had the health information of customers or patients exposed and stolen in the breach.

Odotatko pakettia? Varo tällaista yhteydenottoa

www.iltalehti.fi/tietoturva/a/550a93b6-e3b0-4cca-bd0f-612625d4faf6 Postin sekä erilaisten lähettipalveluiden nimissä liikkuu monia erilaisia huijausviestejä. Nyt Digi- ja väestöviraston digitaalisen turvallisuuden johtoryhmän pääsihteeri, ICT-asiantuntija Kimmo Rousku on jakanut Twitter-tilillään varoituksen DHL:n nimissä liikkuvasta huijauksesta.. Rouskun mukaan kyseinen tietojenkalastelusivuston on edelleen toiminnassa. Sivustolla yritetään urkkia vastaanottajan tietoja. Rousku kertoo, että huijaussivusto on tunnistettavissa sen osoitteen temporary.link-päätteestä.

Öljyputken hakkerointi nostaa esiin kyberturvan merkityksen Öljyteollisuus jäljessä kyberhyökkäysten torjunnassa

www.kauppalehti.fi/uutiset/oljyputken-hakkerointi-nostaa-esiin-kyberturvan-merkityksen-oljyteollisuus-jaljessa-kyberhyokkaysten-torjunnassa/d65cf0ab-dc3f-4e41-9537-095a11e29841 Haavoittuvainen infrastruktuuri tarjoaa iskun paikkoja sekä rikollisille että vieraille valtioille. Yhdysvalloissa kyberhyökkäyksen kohteeksi joutunut öljyputki on aiheuttanut reaktioita markkinoilla ja huolta keskeisen infrastruktuurin toimintavarmuudesta. Polttoaineiden saatavuuden pelätään heikkenevän, mikäli lähes 9 000 kilometriä pitkän öljyputken sulku kestää alkuviikon yli. Ulkopoliittisen instituutin johtajan Mika Aaltolan mukaan sulun pitkittyminen voisi johtaa jopa öljyntuotannon rajoittamiseen Meksikonlahdella.

Recommendations Following the Colonial Pipeline Cyber Attack

www.dragos.com/blog/industry-news/recommendations-following-the-colonial-pipeline-cyber-attack/ On May 7th, public reporting emerged about Colonial Pipeline operations being impacted by a ransomware incident in their IT environment, and then operators temporarily halted OT operations as a precaution. Like any pipeline, Dragos would expect Colonial Pipeline to have so many dependencies between their control and SCADA systems into their business systems that it becomes hard to reasonably delineate and separate. With this in mind, out of an abundance of caution, halting operations becomes the safest choice.

Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days

www.bleepingcomputer.com/news/microsoft/microsoft-may-2021-patch-tuesday-fixes-55-flaws-3-zero-days/ Today is Microsoft’s May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. With today’s update, Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate. The three zero-day vulnerabilities patched today were publicly disclosed but not known to be used in attacks.. Also:

www.zdnet.com/article/microsofts-may-2021-patch-tuesday-55-flaws-fixed-four-critical/

Experts warn of a new Android banking trojan stealing users’ credentials

thehackernews.com/2021/05/experts-warn-of-new-android-banking.html Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users’ credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called “TeaBot” (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks. The first signs of TeaBot activity emerged in January.

You might be interested in …

Daily NCSC-FI news followup 2019-08-11

Over 40 Windows Hardware Drivers Vulnerable To Privilege Escalation www.bleepingcomputer.com/news/security/over-40-windows-hardware-drivers-vulnerable-to-privilege-escalation/ Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, […]

Read More

Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking […]

Read More

Daily NCSC-FI news followup 2021-08-28

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/ On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.