Daily NCSC-FI news followup 2021-07-16

Valtionhallinnon VY-runkoverkossa oli laajamittainen häiriö

valtori.fi/-/valtionhallinnon-vy-runkoverkon-kayttajien-palveluissa-ongelmia Häiriö johtui Telian runkoverkossa olleesta kuitukaapelien rikkoontumisesta.

Microsoft Print Spooler Saga: Microsoft Defender for Identity now detects PrintNightmare attacks

www.bleepingcomputer.com/news/security/microsoft-defender-for-identity-now-detects-printnightmare-attacks/ Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers’ attempts to abuse this critical vulnerability.

Microsoft Print Spooler Saga: Microsoft: New Unpatched Bug in Windows Print Spooler

threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/ Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. The vulnerability (CVE-2021-1675) is the latest in a flurry of problems discovered in Windows Print Spooler, but seems slightly less dangerous, as it can only be exploited locally. It rates 7.8 out of 10 on the CVSS vulnerability-severity scale. Also:

nakedsecurity.sophos.com/2021/07/16/more-printnightmare-we-told-you-not-to-turn-the-print-spooler-back-on/

Google patches 8th Chrome zero-day exploited in the wild this year

www.bleepingcomputer.com/news/security/google-patches-8th-chrome-zero-day-exploited-in-the-wild-this-year/

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

threatpost.com/critical-juniper-bug-dos-rce-carrier/167869/ A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius (SBR) Carrier Edition lays open wireless carrier and fixed operator networks to tampering.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet

www.bleepingcomputer.com/news/security/cloudflare-fixes-cdn-code-execution-bug-affecting-127-percent-of-all-sites/ CDNJS serves millions of websites with over 4, 000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. If exploited, the vulnerability would lead to a complete compromise of CDNJS infrastructure. The researcher praised Cloudflare’s fast-paced incident response teams, who, within minutes of receiving the researcher’s report, rotated the leaked secrets and worked with him to study the PoC exploits. Vuln researcher:

blog.ryotak.me/post/cdnjs-remote-code-execution-en/

D-Link issues hotfix for hard-coded password router vulnerabilities

www.bleepingcomputer.com/news/security/d-link-issues-hotfix-for-hard-coded-password-router-vulnerabilities/ Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state. Additionally, it makes it possible to start a “hidden telnet service can be started without authentication by visiting

/start_telnet” and log into the test environment using a default password stored in unencrypted form on the router. Also:

blog.talosintelligence.com/2021/07/vuln-spotlight-d-link.html

You might be interested in …

Daily NCSC-FI news followup 2021-10-06

Actively exploited Apache 0-day also allows remote code execution www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/ Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. Attackers can […]

Read More

Daily NCSC-FI news followup 2021-06-10

Ministeri Harakka: Panostus kriittisten toimialojen tietoturvaan ja tietosuojaan on investointi tulevaisuuteen www.lvm.fi/-/ministeri-harakka-panostus-kriittisten-toimialojen-tietoturvaan-ja-tietosuojaan-on-investointi-tulevaisuuteen-1376154 Valtioneuvosto vahvisti 10. kesäkuuta 2021 periaatepäätöksen, jolla linjataan toimia yhteiskunnan kriittisten toimialojen tietoturvan ja tietosuojan tason parantamiseksi. Periaatepäätöksen linjaukset perustuvat asiaa selvittäneen poikkihallinnollisen työryhmän ehdotuksiin. Jättimäinen huijausaalto pyyhkii Suomea Varo tekstiviestejä! www.iltalehti.fi/tietoturva/a/ffdd91fc-4435-4ce8-ab6a-6a47d69bc1d4 Nyt Kyberturvallisuuskeskus varoittaa uusista huijausviesteistä, jotka liittyvät todennäköisesti samaan haittaohjelmaan. Kotimaisista […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.