Daily NCSC-FI news followup 2021-08-28

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/ On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customers resources by using the accounts primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers. Weve notified the customers whose keys may have been affected during the researcher activity to regenerate their keys.

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called “intermittent encryption.”. Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences.

Parallels Offers Inconvenient Fix for High-Severity Bug

threatpost.com/parallels-inconvenient-fix/168997/ The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April. Parallels Desktop, now owned by private equity giant KKR, is used by seven million users, according to the company, and allows Mac users to run Windows, Linux and other operating systems on their macOS.

Cisco says it will not release software update for critical 0-day in EOL VPN routers

www.zdnet.com/article/cisco-not-planning-to-fix-critical-0-day-rce-vulnerability-in-eol-vpn-routers/ Cisco announced recently that it will not be releasing software updates for a vulnerability with its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. The vulnerability allows unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

Psykoterapiakeskus Vastaamon tietomurrosta saatuja tietoja on päätynyt avoimeen verkkoon

www.hs.fi/kotimaa/art-2000008224411.html Tiedot olivat jo aiemmin saatavilla niin kutsutun tor-verkon avulla. Asiasta on uutisoinut muun muassa Ilta-Sanomat ja Yle. Tor-verkon nimi viittaa verkon tekniikkaan salata liikenteen alkuperä kerroksittain. Tor reitittää käyttäjänsä verkkoliikenteen niin monen yhteyspisteen kautta, että liikenteen alkuperän päätteleminen on erittäin monimutkaista. NYT Vastaamon asiakkaiden tietoja löytyy siis myös niin kutsutun avoimen ja näkyvän verkon puolelta. Kuten tor-verkon puolella, tälläkin verkkosivulla on julkaistu hakukone, joka mahdollistaa laajojen hakujen tekemisen Vastaamon potilastietokannasta. Kyberturvallisuuskeskus havaitsi internetsivuston perjantaina iltapäivällä, kertoo keskuksen ylijohtaja Sauli Pahlman.. Vastaamon potilastietokantaan ohjannut verkkotunnus oli kadonnut verkosta lauantai-iltapäivään mennessä:


DOJ launches program to train prosecutors in cybersecurity topics

therecord.media/doj-launches-program-to-train-prosecutors-in-cybersecurity-topics/ The US Department of Justice announced a new fellowship program today designed to train a new generation of prosecutors and attorneys on cybersecurity issues, in order to better tackle national security threats and cybercrime. Named the Cyber Fellowship, the new program is one of the outcomes of a 120-day review of cybersecurity challenged the DOJ began in May this year following a series of major cyber-attacks against the US (i.e., Colonial Pipeline incident, Nobelium/Exchange zero-day attacks, SolarWinds supply-chain attack).

T-Mobile hack: Everything you need to know

www.zdnet.com/article/t-mobile-hack-everything-you-need-to-know/ T-Mobile, one of the biggest telecommunications companies in the US, was hacked nearly two weeks ago, exposing the sensitive information of more than 50 million current, former and prospective customers. Names, addresses, social security numbers, driver’s licenses and ID information for about 48 million people were accessed in the hack, which initially came to light on August 16. Here’s everything we know so far..

You might be interested in …

Daily NCSC-FI news followup 2020-07-14

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical! www.bleepingcomputer.com/news/microsoft/microsoft-july-2020-patch-tuesday-123-vulnerabilities-18-critical/ This Patch Tuesday is the second-largest update ever, with the largest one being issued in June 2020 with 129 fixes. 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers thehackernews.com/2020/07/windows-dns-server-hacking.html Microsoft patched today a new highly critical “wormable” vulnerability – – carrying a severity score […]

Read More

Daily NCSC-FI news followup 2020-06-25

As organizations get back to business, cyber criminals look for new angles to exploit blog.checkpoint.com/2020/06/25/as-organizations-get-back-to-business-cyber-criminals-look-for-new-angles-to-exploit/ Criminals are using COVID-19 training for employees as phishing bait. Non coronavirus-related headline news (including Black Lives Matter) being used in phishing scams. Weekly cyber-attacks increase 18% compared to May average. However, Covid-19 related cyber-attacks down 24% compared to May. […]

Read More

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.