Daily NCSC-FI news followup 2021-09-03

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role

finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html Bloomberg News investigation has filled in significant new details, including why Sunnyvale, California-based Juniper, a top maker of computer networking equipment, used the NSA algorithm in the first place, and who was behind the attack.. Pentagon tied some future contracts for Juniper specifically to the use of Dual Elliptic Curve, the employees said. The request prompted concern among some Juniper engineers, but ultimately the code was added to appease a large customer, the employees said.. Members of a hacking group linked to the Chinese government called APT 5 hijacked the NSA algorithm in 2012, according to two people involved with Junipers investigation and an internal document detailing its findings that Bloomberg reviewed. The hackers altered the algorithm so they could decipher encrypted data flowing through the virtual private network connections created by NetScreen . devices. They returned in 2014 and added a separate backdoor that allowed them to directly access NetScreen products, according to the people and the document.

Apple Delays iPhone Child Sexual Abuse Scanning After Uproar

www.forbes.com/sites/thomasbrewster/2021/09/03/apple-delays-iphone-child-sexual-abuse-scanning-after-uproar/ Apple has apparently been listening to its critics. On Friday, it announced it was going to delay a controversial technology that would scan users iPhone photos before they went up to the iCloud to check them for known child sexual abuse material (CSAM).

Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor

www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor Anomali Threat Research discovered six malicious Windows 11 Alpha-themed Word documents with Visual Basic macros being used to drop JavaScript payloads, including a Javascript backdoor.

Babuk ransomware’s full source code leaked on hacker forum

www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/ A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.

FBI: Spike in sextortion attacks cost victims $8 million this year

www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/ The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July.

RISK CONSIDERATIONS FOR MANAGED SERVICE PROVIDER CUSTOMERS

www.cisa.gov/publication/risk-considerations-msp-customers This CISA Insights provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.

More than 10% of Firebase databases are open and exposing data

therecord.media/more-than-10-of-firebase-databases-are-open-and-exposing-data/ In a research project conducted in July 2021 and published this week on Wednesday, cybersecurity firm Avast said it found nearly 19,300 Firebase databases from a grand total of 180,300 that were left exposed online without authentication.

New Zealand internet outage blamed on DDoS attack on nation’s third largest internet provider

www.theregister.com/2021/09/03/nz_outage/ Vocus the country’s third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre confirmed the cyberattack originated at one of its customers.

Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage

www.theregister.com/2021/09/03/how_to_be_a_ransomware/ Often he finds that the ransomware gang’s negotiating skills are quite weak. So part of his role is to make sure that the ransomware-flingers or their henchpersons don’t learn anything more during the negotiations than they already do about the company they’ve attacked and the data they’ve encrypted and/or stolen.

FTC bans ‘brazen’ stalkerware maker SpyFone, orders data deletion, alerts to victims

www.theregister.com/2021/09/02/ftc_spyfone_stalkerware/ America’s trade watchdog today banned stalkerware developer SpyFone and its CEO from the surveillance industry, effectively putting an end to its business.

You might be interested in …

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Daily NCSC-FI news followup 2021-05-17

Lukiolaiskolmikko huomasi tietoturva-aukon sähköisessä yo-kirjoitus­järjestelmässä: Oli iso yllätys, että saimme toimimaan näin ison hyökkäys­ketjun www.hs.fi/kotimaa/art-2000007980520.html TÄMÄN kevään ylioppilaskirjoitusten aikana maaliskuun loppupuolella Ylioppilastutkintolautakunta (YTL) sai vinkin, että sen Abitti-järjestelmässä on erittäin vakava tietoturva-aukko. Abitti on nykyisin sähköisissä ylioppilaskirjoituksissa käytettävä järjestelmä.. Alkuperäinen blogikirjoitus www.abitti.fi/blogi/2021/05/abitista-on-korjattu-kaksi-tietoturvahaavoittuvuutta/. Abitista on korjattu kaksi vakavaa tietoturva-aukkoa. Ensimmäinen, merkitykseltään vähäisempi haavoittuvuus koskee kokelaan tikkua. […]

Read More

Daily NCSC-FI news followup 2021-09-14

Microsoft September 2021 Patch Tuesday: Remote code execution flaws in MSHTML, OMI fixed www.zdnet.com/article/microsoft-september-2021-patch-tuesday-remote-code-execution-flaws-in-mshtml-open-management-fixed/ This month’s round of security fixes tackles critical software issues including a zero-day flaw known to be exploited in the wild. Microsoft has released over 60 security fixes and updates resolving issues including a remote code execution (RCE) flaw in MSHTML […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.