Daily NCSC-FI news followup 2021-09-08

Government still gauging impact of Wednesday’s denial-of-service attacks

www.stuff.co.nz/business/300402182/government-still-gauging-impact-of-wednesdays-denialofservice-attacks ANZ and Kiwibank appear to have made progress recovering from a cyber attack that made their online services inaccessible for many New Zealanders on Wednesday.

AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle

www.theregister.com/2021/09/08/att_alien_labs_warns_of/ Now, AT&T’s Alien Labs has shone more light on Chimaera – and says that not only has it been in active use since July but that it is “responsible for thousands of infections globally” across Windows, Linux, AWS, Docker, and Kubernetes targets – and all while avoiding detection from anti-virus and anti-malware tools.

Patch now? Why enterprise exploits are still partying like it’s 1999

www.theregister.com/2021/09/08/patch_now_why_enterprise_exploits/ Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report (CVE-1999-0517, impacting Simple Network Management Protocol) dated back to 1999. Which raises the question, why are threat actors being allowed to party like it’s, um… 1999?

Attacking Google Chrome’s Strict Site Isolation via Speculative Execution and Type Confusion

www.spookjs.com/ Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google’s attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.. More specifically, we show that an attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are autofilled. We further demonstrate that the attacker can retrieve data from Chrome extensions (such as credential managers) if a . user installs a malicous extension.. Also

therecord.media/new-cpu-side-channel-attack-takes-aim-at-chromes-site-isolation-feature/

Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.

www.fireeye.com/blog/threat-research/2021/09/pro-prc-influence-campaign-social-media-websites-forums.html The scope of activity, in terms of languages and platforms used, is far broader than previously understood. Most reporting has highlighted English and Chinese-language activity occurring on the social media giants Facebook, Twitter, and YouTube. However, we have now observed this pro-PRC activity taking place on 30 social media platforms and over 40 additional websites and niche forums, and in . additional languages including Russian, German, Spanish, Korean, and Japanese. . Accounts in the network have actively sought to physically mobilize protestors in the U.S. in response to the COVID-19 pandemic, though we have seen no indication that these attempts motivated any real-world activity.

You might be interested in …

Daily NCSC-FI news followup 2019-10-30

Major vulnerability patched in the EU’s eIDAS authentication system www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/ Vulnerability would have allowed attackers to pose as any EU citizen or business. SEC Consult researchers said they found that current versions of the eIDAS-Node package fail to validate certificates used in eIDAS operations, allowing attackers to fake the certificate of any other eIDAS citizen […]

Read More

Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination www.securityfocus.com/archive/1/542248 CISA Publishes 2020 Chemical Security Presentations www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others. Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese […]

Read More

Daily NCSC-FI news followup 2020-05-03

Koronavirustartuntoja jäljittävän sovelluksen testaaminen alkaa Suomessa samalla yhteiseurooppalaisen ratkaisun löytäminen näyttää yhä vaikeammalta yle.fi/uutiset/3-11332842 Koronavirustartuntojen jäljittävän puhelinsovelluksen testaaminen käynnistyy tässä kuussa Suomessa. Vaasan keskussairaalassa toteutettavassa pilottihankkeessa selvitetään, miten hyvin puhelimien Bluetooth-teknologia selviää lähikontaktien kartoituksesta. Sosiaali- ja terveysministeriö on arvioinut, että altistumisia jäljittävä sovellus voisi olla käytettävissä kesäkuussa. Levittääkö 5G-säteily koronavirusta ja onko se uhka lasten […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.