Daily NCSC-FI news followup 2021-08-28

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/ On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers. Weve notified the customers whose keys may have been affected during the researcher activity to regenerate their keys.

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called “intermittent encryption.”. Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences.

Parallels Offers Inconvenient Fix for High-Severity Bug

threatpost.com/parallels-inconvenient-fix/168997/ The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April. Parallels Desktop, now owned by private equity giant KKR, is used by seven million users, according to the company, and allows Mac users to run Windows, Linux and other operating systems on their macOS.

Cisco says it will not release software update for critical 0-day in EOL VPN routers

www.zdnet.com/article/cisco-not-planning-to-fix-critical-0-day-rce-vulnerability-in-eol-vpn-routers/ Cisco announced recently that it will not be releasing software updates for a vulnerability with its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. The vulnerability allows unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

Psykoterapiakeskus Vastaamon tietomurrosta saatuja tietoja on päätynyt avoimeen verkkoon

www.hs.fi/kotimaa/art-2000008224411.html Tiedot olivat jo aiemmin saatavilla niin kutsutun tor-verkon avulla. Asiasta on uutisoinut muun muassa Ilta-Sanomat ja Yle. Tor-verkon nimi viittaa verkon tekniikkaan salata liikenteen alkuperä kerroksittain. Tor reitittää käyttäjänsä verkkoliikenteen niin monen yhteyspisteen kautta, että liikenteen alkuperän päätteleminen on erittäin monimutkaista. NYT Vastaamon asiakkaiden tietoja löytyy siis myös niin kutsutun avoimen ja näkyvän verkon puolelta. Kuten tor-verkon puolella, tälläkin verkkosivulla on julkaistu hakukone, joka mahdollistaa laajojen hakujen tekemisen Vastaamon potilastietokannasta. Kyberturvallisuuskeskus havaitsi internetsivuston perjantaina iltapäivällä, kertoo keskuksen ylijohtaja Sauli Pahlman.. Vastaamon potilastietokantaan ohjannut verkkotunnus oli kadonnut verkosta lauantai-iltapäivään mennessä:


DOJ launches program to train prosecutors in cybersecurity topics

therecord.media/doj-launches-program-to-train-prosecutors-in-cybersecurity-topics/ The US Department of Justice announced a new fellowship program today designed to train a new generation of prosecutors and attorneys on cybersecurity issues, in order to better tackle national security threats and cybercrime. Named the Cyber Fellowship, the new program is one of the outcomes of a 120-day review of cybersecurity challenged the DOJ began in May this year following a series of major cyber-attacks against the US (i.e., Colonial Pipeline incident, Nobelium/Exchange zero-day attacks, SolarWinds supply-chain attack).

T-Mobile hack: Everything you need to know

www.zdnet.com/article/t-mobile-hack-everything-you-need-to-know/ T-Mobile, one of the biggest telecommunications companies in the US, was hacked nearly two weeks ago, exposing the sensitive information of more than 50 million current, former and prospective customers. Names, addresses, social security numbers, driver’s licenses and ID information for about 48 million people were accessed in the hack, which initially came to light on August 16. Here’s everything we know so far..

You might be interested in …

Daily NCSC-FI news followup 2021-01-14

Brand Phishing Report Q4 2020 blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/ According to Check Point Research´s (CPR) analysis, Microsoft still lead the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials. Shipping and retail, mainly led by email phishing on DHL and Amazon, are up to the […]

Read More

Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also: www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html Docker Hub images downloaded 20M times […]

Read More

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.