Daily NCSC-FI news followup 2021-06-29

Russian hackers had months-long access to Denmark’s central bank

www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/ Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.

The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight

yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/ Yoroi Malware ZLAB is reporting extensively on a large scale operation by an actor that has been active since 2019 and targeting Italian and European organizations.

REvil ransomware’s new Linux encryptor targets ESXi virtual machines

www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/ The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines.

Tesorion announces a free decryptor for Lorenz ransomware

www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/ Report from security researchers at Tesorion give some insight into encryption used by the Lorenz ransomware. Decryptor available for download from nomoreransom.org.

700 million LinkedIn records for sale on hacker forum

www.privacysharks.com/exclusive-700-million-linkedin-records-for-sale-on-hacker-forum-june-22nd-2021/ After 500 million LinkedIn users were affected by data scraping in April, it happened again. The information includes full names, gender, email addresses, phone numbers, and industry information.

NCSC UK – Device Security Guidance for public sector and large organisations

www.ncsc.gov.uk/blog-post/securing-your-devices-future National Cyber Security Centre UK has published “Device Security Guidance” for organisations on how to choose, configure and use devices securely

An unpatched security vulnerability affecting Google’s Compute Engine platform could be abused by an attacker to take over virtual machines over the network

thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html PoC available: github.com/irsl/gcp-dhcp-takeover-code-exec

Microsoft’s Halo game development servers breached by a security researcher

www.bleepingcomputer.com/news/security/microsofts-halo-dev-site-breached-using-dependency-hijacking/ Microsoft has had trouble with npm dependency confusion earlier this year, this time another researcher found out that the problem still exists because some packages have dependencies not present on npmjs-registry.

Remote code execution vulnerability in Microsoft Intune management extension

www.nixu.com/blog/remote-code-execution-vulnerability-microsoft-intune-managed-windows-devices Aapo Oksman, a Senior Security Specialist at Nixu Corporation, found a critical bug in the Microsoft Intune Management Extension (IME) that allows for a remote attacker in privileged network position to execute arbitrary code with system privileges on the Windows operating system enrolled into Intune running IME.

You might be interested in …

Daily NCSC-FI news followup 2020-04-14

Koronan ja 5g:n yhdistävä salaliittoteoria leviää nyt tukiasemat palavat Hollannissa www.is.fi/digitoday/mobiili/art-2000006474027.html Tuhopoltoiksi epäillyt tukiasemapalot levisivät Britanniasta Hollantiin. Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminalswith no conscience and empathyare continuously targeting healthcare organizations, research facilities, and other governmental […]

Read More

Daily NCSC-FI news followup 2019-12-20

267 miljoonan Facebook-käyttäjän tiedot päätyivät nettiin – älä silti hätäile www.is.fi/digitoday/tietoturva/art-2000006350462.html Vuoto ei kuitenkaan ole hälyttävin mahdollinen, vaikka koskeekin suurta määrää käyttäjiä. Tietueessa ei esimerkiksi ole salasanoja tai maksukortin tietoja. Lisäksi tiedot ovat enimmäkseen amerikkalaisilta käyttäjiltä.. Src: www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/ Supo: 5g-verkkotoimijat arvioitava ja poliittinen keskustelu käytävä www.is.fi/digitoday/tietoturva/art-2000006348909.html Cisco ASA DoS Bug Attacked in Wild blogs.cisco.com/security/talos/cisco-asa-dos-bug-attacked-in-wild Cisco […]

Read More

Daily NCSC-FI news followup 2021-09-14

Microsoft September 2021 Patch Tuesday: Remote code execution flaws in MSHTML, OMI fixed www.zdnet.com/article/microsoft-september-2021-patch-tuesday-remote-code-execution-flaws-in-mshtml-open-management-fixed/ This month’s round of security fixes tackles critical software issues including a zero-day flaw known to be exploited in the wild. Microsoft has released over 60 security fixes and updates resolving issues including a remote code execution (RCE) flaw in MSHTML […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.