Daily NCSC-FI news followup 2021-08-11

Microsoft korjasi kriittisiä tietoturva-aukkoja mutta jäikö yksi vakavimmista raolleen?

www.is.fi/digitoday/tietoturva/art-2000008185347.html Microsoft julkaisi tiistaina illalla joukon paikkauksia eri tuotteilleen, kuten Windowsille, Edge-selaimelle ja Office-toimisto-ohjelmistolle. 44 paikkauksen joukossa on kolme niin sanottua nollapäivän haavoittuvuutta. Se tarkoittaa haavoittuvuuksia, jotka tulivat yleiseen tietoon ennen Microsoftin korjausta. Nyt haavoittuvuuden pitäisi olla viimeinkin kunnolla paikattu. Mutta Bleeping Computer -sivuston mukaan näin ei välttämättä ole. Pian korjauksen ilmestyttyä yksi tutkija totesi, että hänen keinonsa korottaa käyttöoikeuksia Windowsissa aukon avulla toimii edelleen.

Microsoft fixes Windows Print Spooler PrintNightmare vulnerability

www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-print-spooler-printnightmare-vulnerability/ Update 8/10/21 4:02 PM EST: Unfortunately, soon after Microsoft released the security update, security researcher Benjamin Delpy confirmed that his packaged print driver PoC still works to gain elevated privileges.

Accenture says Lockbit ransomware attack caused ‘no impact’

www.zdnet.com/article/accenture-says-lockbit-ransomware-attack-caused-no-impact-on-operations-or-clients/ Billion-dollar tech services firm Accenture is downplaying an alleged ransomware attack that the Lockbit ransomware group announced on Tuesday night.. Accenture was listed on the group’s leak site next to a timer set to go off on Wednesday. The ransomware group added a note that said, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”. In a statement to ZDNet, an Accenture spokesperson downplayed the incident, saying it had little impact on the company’s operations.

Kaseya’s universal REvil decryption key leaked on a hacking forum

www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/ The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. It is not clear why the Kaseya decryptor was posted on a hacking forum, which is an unlikely place for a victim to post. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious “trusted third party” and began distributing it to affected customers. It is generally believed that Russian intelligence received the decryptor from the ransomware gang and shared it with US law enforcement as a gesture of goodwill.

The Affiliate’s Cookbook – A Firsthand Peek into the Operations and Tradecraft of Conti

www.fortinet.com/blog/threat-research/affiliates-cookbook-firsthand-peek-into-operations-and-tradecraft-of-conti?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-… The primary focus of the following analysis will be on the Conti support manual, titled “CobaltStrike Manuals_V2 Active Directory.”. It will touch on several interesting observations lifted from the manual. Although other files and documents were released, this support manual contains information for “affiliates” and offers a rare glimpse into the Ransomware-as-a-Service world.

Hacker steals $600 million from Poly Network in biggest ever cryptocurrency hack

therecord.media/hacker-steals-600-million-from-poly-network-in-biggest-cryptocurrency-hack-ever/ An unidentified hacker has stolen more than $600 million worth of cryptocurrency from Poly Network, a decentralized finance (DeFi) platform based in China. According to its website, Poly Network provides users the ability to trade cryptocurrency assets across different blockchains. Under the hood, the Poly Network executes these transactions using scripts called “contracts.”. On Thursday, August 10, an unidentified individual began moving funds from the Poly Network platform into cryptocurrency addresses under their control.

Authorities arrest 23 suspects in Europe for COVID-19 email fraud

therecord.media/authorities-arrest-23-suspects-in-europe-for-covid-19-email-fraud/ A series of raids carried out in the Netherlands, Romania, and Ireland on Tuesday resulted in the arrest of 23 individuals suspected of taking part in a “sophisticated fraud scheme” using compromised emails. The individuals being charged are believed to have defrauded companies in more than 20 countries out of approximately 1 million (about $1.2 million), Europol announced on Wednesday. The organized crime group had been in operation since at least 2017 and originally offered fictitious products, like wooden pellets, for sale online. It was composed primarily of nationals from various African countries residing in Europe.

5 reasons not to use work mail for personal matters

www.kaspersky.com/blog/5-reasons-not-to-use-corp-e-mail/41166/ 1. It makes profiling easier. 2. It facilitates spear-phishing. 3. It provides criminals with a smoke screen. 4. More mass phishing and malware in the inbox. 5. The eyes glaze over

Apple Drops iPhone Copyright Lawsuit Against Cyber Startup Corellium

www.forbes.com/sites/thomasbrewster/2021/08/11/apple-v-corellium-iphone-copyright-lawsuit-settles/ Just as the two-year-long legal tussle between Apple and a cybersecurity startup Corellium looked set to go to trial, the pair have settled out of court. Earlier this week, Apple and Corellium had filed papers with the court, showing whom they would be calling as witnesses for the upcoming trial. But late on Tuesday, a brief court update revealed a settlement had been reached. “Negotiations held. The case settled. Confidential binding term sheet signed by both parties and counsel, ” read the court docket. Neither Apple nor Corellium had responded to requests for comment.

You might be interested in …

Daily NCSC-FI news followup 2021-03-14

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone www.bleepingcomputer.com/news/security/new-poc-for-microsoft-exchange-bugs-puts-attacks-in-reach-of-anyone/ A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities. Will Dorman, a Vulnerability Analyst at the CERT/CC, tested the vulnerability on […]

Read More

Daily NCSC-FI news followup 2020-07-05

CVE-2020-5902 F5 BIG-IP Exploitation Attempt isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310 A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability CVE-2020-5902. Apple iOS 14 Alerts Reveal Reddit App Is Reading User Clipboard Data www.forbes.com/sites/daveywinder/2020/07/05/reddit-latest-to-get-caught-by-apple-ios-14-clipboard-data-copying-alerts-iphone-privacy/ Yesterday it was LinkedIn that was making the news after being exposed by Apple’s iOS 14 new privacy notification feature. The same developer that […]

Read More

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.