Daily NCSC-FI news followup 2021-07-06

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

thehackernews.com/2021/07/kaseya-rules-out-supply-chain-attack.html While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack. It has since emerged that a never-before-seen security vulnerability (CVE-2021-30116) in the software was leveraged to push ransomware to Kaseya’s customers. Lisäksi:

www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident

Kaseya: Roughly 1, 500 businesses hit by REvil ransomware attack

www.bleepingcomputer.com/news/security/kaseya-roughly-1-500-businesses-hit-by-revil-ransomware-attack/ Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company’s VSA on-premises product. “Of the approximately 800, 000 to 1, 000, 000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1, 500 have been compromised.”. Lisäksi:

www.kaseya.com/potential-attack-on-kaseya-vsa/. Lisäksi:

threatpost.com/kaseya-patches-zero-day-exploits/167548/

Global ransomware attack affecting a service platform for small and medium-size segment in Sweden

www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2021/global-ransomware-attack-affecting-a-service-platform-for-small-and-medium-size-segment-in-sweden/ On late afternoon Friday 2nd of July, a service platform for a small and medium-size segment of customers was subject to a ransomware attack which was related to the global criminal attack towards Kaseya. The Kaseya software is used by a local TietoEVRY operation unit in Sweden and hence a limited number of customers have been affected. The impact on consumers and general public has been narrow, even if the impact to the affected customers business may be serious.

Tilausansaan liittyvistä yllätyskuluista voi reklamoida pankille

www.kkv.fi/ajankohtaista/Tiedotteet/2021/6.7.2021-tilausansaan-liittyvista-yllatyskuluista-voi-reklamoida-pankille/ Verkkokauppaan voi liittyä erilaisia ongelmatilanteita, kuten tilausansoja ja muita huijauksia. Kuluttaja-asiamies on yhdessä EU:n kuluttajaviranomaisten kanssa pyytänyt Visaa, Mastercardia ja American Expressiä muuttamaan järjestelmiään niin, että kuluttaja saa tilausansoihin liittyvistä toistuvista maksuista tiedon nykyistä selvemmin. Kuluttajat voivat reklamoida yllätyksenä tulevista maksuista pankille ja saada rahansa takaisin.

IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)

www.redtimmy.com/iot-ics-armageddon-hacking-devices-like-theres-no-tomorrow-part-1/ The truth is that hacking OT devices wasn’t challenging enough. Today, like five years ago, the security in the area is running 10/15 years behind the traditional IT sector. In a few words:

ZLD4.65 & 5.02 Firmware release

community.zyxel.com/en/discussion/11061/zld4-65-5-02-firmware-release Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it. The patches also include additional security enhancements based on users’ feedback and security researchers’ advice, which we strongly recommend users install immediately.

Pro-Trump social media site Gettr hacked

www.cnet.com/news/pro-trump-social-media-app-gettr-hacked/ A social media site launched last week by a senior adviser to former President Donald Trump was briefly hacked on Sunday, with account profiles being defaced with pro-Palestinian messages. Lisäksi:

www.bleepingcomputer.com/news/security/hacker-dumps-private-info-of-pro-trump-gettr-social-network-members/. Lisäksi:

therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/

Kaspersky Password Manager: All your passwords are belong to us

donjon.ledger.com/kaspersky-password-manager/ The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.

Website of Mongolian certificate authority served backdoored client installer

www.zdnet.com/article/website-of-mongolian-certificate-authority-backdoored-served-malware A Mongolian certification authority (CA) official website was harboring malware and facilitated downloads of a backdoored client to users.

Microsoft Office July updates fix Outlook crashes, performance issues

www.bleepingcomputer.com/news/microsoft/microsoft-office-july-updates-fix-outlook-crashes-performance-issues/ Microsoft released the July 2021 non-security Microsoft Office updates with improvements and fixes for crashes and issues affecting Windows Installer (MSI) editions of Office 2016 products.

Microsoft 365 to let SecOps lock hacked Active Directory accounts

www.bleepingcomputer.com/news/security/microsoft-365-to-let-secops-lock-hacked-active-directory-accounts/ Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user’s Active Directory account.

Western Digital Users Face Another RCE

threatpost.com/rce-0-day-western-digital-users/167547/ Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

You might be interested in …

Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. Russian Hacks on U.S. Voting System Wider Than Previously Known www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral […]

Read More

Daily NCSC-FI news followup 2021-01-28

Cybersecurity to the Rescue: Pseudonymisation for Personal Data Protection www.enisa.europa.eu/news/enisa-news/cybersecurity-to-the-rescue-pseudonymisation-for-personal-data-protection ENISA’s new report explores pseudonymisation techniques and use cases for healthcare and information sharing in cybersecurity Who’s Making All Those Scam Calls? www.nytimes.com/2021/01/27/magazine/scam-call-centers.html Malware Analysis Report (AR21-027A) – MAR-10319053-1.v1 – Supernova us-cert.cisa.gov/ncas/analysis-reports/ar21-027a ANNOUNCING PWN2OWN VANCOUVER 2021 www.zerodayinitiative.com/blog/2021/1/25/announcing-pwn2own-vancouver-2021 Introducing data breach guidance for individuals and families […]

Read More

Daily NCSC-FI news followup 2020-02-17

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/ Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.. Source: www.clearskysec.com/fox-kitten/ Austria: Cyber attack on the Foreign Ministry is over www.bmeia.gv.at/en/the-ministry/press/announcements/2020/02/cyber-attack-on-the-foreign-ministry-is-over/ After really intensive work and excellent cooperation between all […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.