Daily NCSC-FI news followup 2021-09-09

GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI

www.bleepingcomputer.com/news/security/github-finds-7-code-execution-vulnerabilities-in-tar-and-npm-cli/ GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI.

Zoho patches actively exploited critical ADSelfService Plus bug

www.bleepingcomputer.com/news/security/zoho-patches-actively-exploited-critical-adselfservice-plus-bug/ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zohos ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.

Coordinated disclosure of vulnerability in Azure Container Instances Service

msrc-blog.microsoft.com/2021/09/08/coordinated-disclosure-of-vulnerability-in-azure-container-instances-service/ Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers . via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability.

Confluence vulnerability, a tale of catching active exploitation in the wild

sensorfleet.com/2021/09/07/confluence-vulnerability.html In this blog post I summarize how a simple test with a SensorFleet Sensor in partner infrastructure yielded the detection of exploitation of the Atlassian Confluence OGNL injection vulnerability (CVE-2021-26084).

Bounty.fi – From bounty hunters to bounty hunters!

bounty.fi/ This site contains links to materials that you can use to learn about bug bounties.

Dark web prices for stolen PayPal accounts up, credit cards down: report

www.comparitech.com/blog/vpn-privacy/dark-web-prices/ Comparitech researchers sifted through several illicit marketplaces on the dark web to find out how much our private information is worth. Where possible, well also examine how prices have changed over time.

Flowspec Bulletproof Services Enable Cybercrime Worldwide

www.riskiq.com/blog/external-threat-management/flowspec-bulletproof-hosting/ In our analysis of threat infrastructure spanning the global attack surface, we see bulletproof hosting providers continue to play an integral role in threat campaigns and provide essential services for cybercriminals. Flowspec, a bulletproof hosting provider that has been around since October 2018, is a one-stop-shop for threat groups, facilitating phishing campaigns, malware delivery, Magecart . skimmers, and large swaths of other malicious infrastructure.

2021 Threat Hunting Report

go.crowdstrike.com/rs/281-OBQ-266/images/Report2021ThreatHunting.pdf ECrime adversaries are moving with increasing speed in pursuit of their objectives. OverWatch observations show they are capable of moving laterally within a victim environment in an average of 1 hour and 32 minutes.. OverWatch has tracked a 60% increase in interactive intrusion activity in the past year. The threat of hands-on intrusion activity remains very real – OverWatch has observed and disrupted intrusions spanning all industry verticals and geographic regions. ECrime continues to dominate the threat landscape, making up 75% of interactive intrusion activity. . Targeted intrusion adversaries remain a prominent threat, particularly for the telecommunications industry.

Yandex is battling the largest DDoS in Russian Internet history

www.bleepingcomputer.com/news/security/yandex-is-battling-the-largest-ddos-in-russian-internet-history/ Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week.

Threat landscape for industrial automation systems in H1 2021

securelist.com/threat-landscape-for-industrial-automation-systems-in-h1-2021/104017/ Full report at


Over 60,000 parked domains were vulnerable to AWS hijacking

www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/ Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking.. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

The Catalog of Carceral Surveillance: Prison Gaming and AR/VR Services

www.eff.org/deeplinks/2021/09/carceral-surveillance-catalog-prison-gaming-and-arvr-services No matter how many rights are taken away from people in prison, no matter how brutally they are treated by the prison industrial complex, there is one right so fundamental, so essential, that even controversial prison telecommunications company Securus can’t bear to see it violated: the right to find new ways to extract money from prisoners and their families. In one of their newest patents, granted February of 2021, Securus describes their latest revolutionary technology. A tablet, which would be issued to individual inmates to allow them to make video calls, access information about their case, and give them the opportunity to pay money for temporary access to video games. Global Tel-Link primarily intends for this prison VR system to be used as a replacement for prison visitation so that inmates could interact with friends and family in a controlled and monitored virtual environment.

Uusi merenkulun kyberturvallisuus­ohjeistus varustamoille ja aluksille

shipowners.fi/wp-content/uploads/2021/09/WWW_Parhaat_ka%CC%88yta%CC%88nno%CC%88t_aluksille_SU.pdf Suomen Varustamot ry ja Huoltovarmuusorganisaatioon kuuluva Vesikuljetuspooli ovat julkaisseet kyberturvallisuuden parhaat käytännöt -ohjeistuksen varustamoille ja aluksille. Ohjeistus perustuu yhdessä tehtyyn laajaan merenkulun kyberturvallisuusselvitykseen.

Fortinet warns customers after hackers leak passwords for 87, 000 VPNs

therecord.media/fortinet-warns-customers-after-hackers-leak-passwords-for-87000-vpns/ Networking equipment vendor Fortinet has notified customers today that a cybercriminal gang has assembled a collection of access credentials for more than 87, 000 FortiGate SSL-VPN devices. “This incident is related to an old vulnerability resolved in May 2019, ” the company said in a blog post following an inquiry from The Record sent on Tuesday, when a small portion of this larger list was published on a private cybercrime forum hosted on the dark web, and later on the website of a ransomware gang, known to have close affiliations with the same forum. The researchers, who publicly admit to being “gray hats” but still did not want their names included in this article for legal reasons, said that from a list of 502, 677 credentials, belonging to around 22, 500 Fortinet VPNs, the vast majority (varying from 80% to 90%, depending on scan) did not work anymore, or the login screen was protected by a two-factor authentication system.

Dark Covenant: Connections Between the Russian State and Criminal Actors

www.recordedfuture.com/russian-state-connections-criminal-actors/ The intersection of individuals in the Russian cybercriminal world and officials in the Russian government, typically from the domestic law enforcement or intelligence services, is well established yet highly diffuse. The relationships in this ecosystem are based on spoken and unspoken agreements and comprise fluid associations. Recorded Future identified 3 types of links between the Russian intelligence services and the Russian criminal underground based on historical activity and associations, as well as recent ransomware attacks: direct links, indirect affiliations, and tacit agreement. Even in cases with discernible, direct links between cybercriminal threat actors and the Russian state, indirect affiliations suggest collaboration, and a lack of meaningful punitive actions shows either a tolerance for, or tacit approval of, these efforts.

You might be interested in …

Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also: www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html Docker Hub images downloaded 20M times […]

Read More

Daily NCSC-FI news followup 2019-12-13

G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike […]

Read More

Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.