Jyrki Kasvi eli kolme elämää
www.is.fi/digitoday/art-2000008410855.html Entinen kansanedustaja, tekniikan tohtori, teknologiavaikuttaja, kulttuuripersoona ja nörtti sanan kaikissa positiivisissa merkityksissä Jyrki Kasvi kuoli sairauden murtamana tiistaina 16.11.2021.
Netgear patches severe pre-auth RCE in 61 router and modem models
therecord.media/netgear-deals-with-its-fifth-wave-of-severe-rce-bugs-this-year/ Networking equipment vendor Netgear has patched the fifth set of dangerous remote code execution bugs impacting its small office and small home (SOHO) routers this year. Discovered by security firm GRIMM, the latest set of patches address a bug that can be exploited from within local networks to allow attackers to take full control of a vulnerable Netgear router.
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
www.bleepingcomputer.com/news/security/us-uk-warn-of-iranian-hackers-exploiting-microsoft-exchange-fortinet/ US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group. The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC). See also:
Linux has a serious security problem that once again enables DNS cache poisoning
arstechnica.com/gadgets/2021/11/dan-kaminskys-dns-cache-poisoning-attack-is-back-from-the-dead-again/ The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.
Strategic web compromises in the Middle East with a pinch of Candiru
www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/ ESET researchers have discovered strategic web compromise (aka watering hole) attacks against highprofile websites in the Middle East
Cybersecurity Spending: An analysis of Investment Dynamics within the EU
www.enisa.europa.eu/news/enisa-news/cybersecurity-spending-an-analysis-of-investment-dynamics-within-the-eu The European Union Agency for Cybersecurity issues a new report on how cybersecurity investments have developed under the provisions of the NIS directive.
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
www.bleepingcomputer.com/news/security/threat-actors-offer-millions-for-zero-days-developers-talk-of-exploit-as-a-service/ While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. Some adversaries claim multi-million U.S. dollar budgets for acquiring zero-day exploits but those that don’t have this kind of money may still have a chance to use zero-days if a new ‘exploit-as-a-service’ idea becomes reality.
Cloudflare blocked a massive 2 Tbps DDoS attack
techcrunch.com/2021/11/15/cloudflare-terabits-ddos-attack/ Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded.
Evil Corp: ‘My hunt for the world’s most wanted hackers’
www.bbc.com/news/technology-59297187 Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein.
Most SS7 exploit service providers on dark web are scammers
www.bleepingcomputer.com/news/security/most-ss7-exploit-service-providers-on-dark-web-are-scammers/ The existence of Signaling System 7 (SS7) mobile telephony protocol vulnerabilities is something security researchers warned about in 2016, and it only took a year before the first attacks exploiting them were observed.