Daily NCSC-FI news followup 2021-09-17

NSO Group iMessage Zero-Click Exploit Captured in the Wild

citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail.

Mitigating malware and ransomware attacks

www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks The guidance document helps private and public sector organisations deal with the effects of malware (which includes ransomware). It provides actions to help organisations prevent a malware infection, and also steps to take if you’re already infected.

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/ Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems. Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively leveraging the bug in campaigns ahead of a patch released by Microsoft this week.

Malware samples found trying to hack Windows from its Linux subsystem

therecord.media/malware-samples-found-trying-to-hack-windows-from-its-linux-subsystem/ Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples that were configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment. Researchers claim the samples are the first of their kind, albeit security experts have theorized as far back as 2017 that such attacks would be possible at one point.

OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/ Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month’s Patch Tuesday. The four security flaws (allowing privilege escalation and remote code execution) were found in the Open Management Infrastructure (OMI) software agent silently installed by Microsoft on more than half of all Azure instances.

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs

www.bleepingcomputer.com/news/microsoft/microsoft-asks-azure-linux-admins-to-manually-patch-omigod-bugs/ Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. The four security flaws (allowing remote code execution and privilege escalation) were found in the Open Management Infrastructure (OMI) software agent silently installed on more than half of Azure instances.

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

thehackernews.com/2021/09/malware-attack-on-aviation-sector.html A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.

Väärennettyjä rokotetodistuksia kaupitellaan viestisovellus Telegramissa suomalainen “todistus” 150:llä eurolla

yle.fi/uutiset/3-12101786 Viestisovellus Telegramiin on pesiytynyt väärennettyjen rokotetodistusten musta pörssi, ilmenee kansainvälisen tietoturvayhtiö Check Point Researchin tekemästä selvityksestä(siirryt toiseen palveluun). Selvityksen mukaan viestisovelluksessa kaupitellaan kaikkiaan 28:n maan koronarokotetodistuksia esittäviä väärennöksiä. Joukossa on monia EU-maita Suomi mukaan lukien. Suomen ja useimpien muidenkin EU-maiden väärennetyn rokotetodistuksen hinta on selvityksen mukaan 150 euroa.

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss – downthem / ampnode

krebsonsecurity.com/2021/09/trial-ends-in-guilty-verdict-for-ddos-for-hire-boss/ A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

Router protection for MikroTik users

www.kaspersky.com/blog/how-to-protect-mikrotik-from-meris-botnet/41972/ Recent large-scale DDoS attacks using a new botnet called Mris peaked at almost 22 million requests per second. According to Qrator research, MikroTik’s network devices generated a fair share of the botnet’s traffic. Having analyzed the situation, MikroTik experts found no new vulnerabilities in the company’s routers; however, old ones may still pose a threat. Therefore, to ensure your router has not joined the Mris botnet (or any other botnet, for that matter), you need to follow a few recommendations.

Jyväskylän ammattikorkeakoulun virtuaalisairaalassa harjoitellaan terveydenhuoltoalan toimijoiden kyberturvallisuusvalmiutta

www.epressi.com/tiedotteet/terveys/jyvaskylan-ammattikorkeakoulun-virtuaalisairaalassa-harjoitellaan-terveydenhuoltoalan-toimijoiden-kyberturvallisuusvalmiutta.html Terveydenhuollon työn luonne tekee alasta äärimmäisen herkän palveluiden häiriöille. Sairaalan tietojärjestelmiin tai tietoliikenneverkkoon kohdistuneen hyökkäyksen vuoksi toimenpiteet voivat viivästyä tai pysähtyä vaikuttaen haitallisesti potilasturvallisuuteen. Terveydenhuollon kansallisia toimijoita ja sairaanhoitopiirejä kokoontuu 21. – 23.9. Jyväskylän ammattikorkeakouluun harjoittelemaan ja kehittämään kyberturvallisuusvalmiuttaan Healthcare Cyber Range -hankkeen pilottiharjoitukseen.

Fake Walmart press release causes cryptocurrency price surge

www.bitdefender.com/blog/hotforsecurity/fake-walmart-press-release-causes-cryptocurrency-price-surge/ The cryptocurrency Litecoin soared in value earlier this week upon the news that supermarket giant Walmart would accept it as a form of payment at its retail stores across America. The only problem was… it simply wasn’t true.

Telegram emerges as new dark web for cyber criminals

arstechnica.com/information-technology/2021/09/telegram-emerges-as-new-dark-web-for-cyber-criminals/ Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

securelist.com/exploitation-of-the-cve-2021-40444-vulnerability-in-mshtml/104218/ Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens the document, MS Office will download and execute a malicious script. According to our data, the same attacks are still happening all over the world. We are currently seeing attempts to exploit the CVE-2021-40444 vulnerability targeting companies in the research and development sector, the energy sector and large industrial sectors, banking and medical technology development sectors, as well as telecommunications and the IT sector.

You might be interested in …

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Daily NCSC-FI news followup 2020-05-05

How Many Engineers Does It Take to Digitally Secure a Solar Panel? www.nist.gov/blogs/cybersecurity-insights/how-many-engineers-does-it-take-digitally-secure-solar-panel The headline for this blog post is not a trick question or the beginning of a bad joke. I asked this question maybe a bit facetiously when I met the National Cybersecurity Center of Excellence (NCCoE) energy sector team in late 2018. […]

Read More

Daily NCSC-FI news followup 2020-06-02

Varo tätä ilmiötä: huijarit tehtailevat oikeista konserttistriimeistä valetapahtumia, joiden avulla yritetään kalastaa luottokorttitietoja yle.fi/uutiset/3-11380829 Idea on yksinkertainen. Huijari luo aidon näköisen Facebook-eventin ja tarjoaa klikattavaksi linkkiä, jossa muka voisi ostaa lipun konserttistriimiin. Entä jos huomaa tulleensa huijatuksi? Miten toimia?. – Ihan ensimmäisenä ja aika nopeasti pitäisi ottaa yhteyttä pankkiin. Parhaassa tapauksessa sieltä pystytään vielä estämään […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.