Daily NCSC-FI news followup 2021-11-17

Jyrki Kasvi eli kolme elämää

www.is.fi/digitoday/art-2000008410855.html Entinen kansanedustaja, tekniikan tohtori, teknologiavaikuttaja, kulttuuripersoona ja nörtti sanan kaikissa positiivisissa merkityksissä Jyrki Kasvi kuoli sairauden murtamana tiistaina 16.11.2021.

Netgear patches severe pre-auth RCE in 61 router and modem models

therecord.media/netgear-deals-with-its-fifth-wave-of-severe-rce-bugs-this-year/ Networking equipment vendor Netgear has patched the fifth set of dangerous remote code execution bugs impacting its small office and small home (SOHO) routers this year. Discovered by security firm GRIMM, the latest set of patches address a bug that can be exploited from within local networks to allow attackers to take full control of a vulnerable Netgear router.

US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet

www.bleepingcomputer.com/news/security/us-uk-warn-of-iranian-hackers-exploiting-microsoft-exchange-fortinet/ US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group. The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC). See also:

us-cert.cisa.gov/ncas/alerts/aa21-321a

Linux has a serious security problem that once again enables DNS cache poisoning

arstechnica.com/gadgets/2021/11/dan-kaminskys-dns-cache-poisoning-attack-is-back-from-the-dead-again/ The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.

Strategic web compromises in the Middle East with a pinch of Candiru

www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/ ESET researchers have discovered strategic web compromise (aka watering hole) attacks against highprofile websites in the Middle East

Cybersecurity Spending: An analysis of Investment Dynamics within the EU

www.enisa.europa.eu/news/enisa-news/cybersecurity-spending-an-analysis-of-investment-dynamics-within-the-eu The European Union Agency for Cybersecurity issues a new report on how cybersecurity investments have developed under the provisions of the NIS directive.

Threat actors offer millions for zero-days, developers talk of exploit-as-a-service

www.bleepingcomputer.com/news/security/threat-actors-offer-millions-for-zero-days-developers-talk-of-exploit-as-a-service/ While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have. Some adversaries claim multi-million U.S. dollar budgets for acquiring zero-day exploits but those that don’t have this kind of money may still have a chance to use zero-days if a new ‘exploit-as-a-service’ idea becomes reality.

Cloudflare blocked a massive 2 Tbps DDoS attack

techcrunch.com/2021/11/15/cloudflare-terabits-ddos-attack/ Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded.

Evil Corp: ‘My hunt for the world’s most wanted hackers’

www.bbc.com/news/technology-59297187 Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein.

Most SS7 exploit service providers on dark web are scammers

www.bleepingcomputer.com/news/security/most-ss7-exploit-service-providers-on-dark-web-are-scammers/ The existence of Signaling System 7 (SS7) mobile telephony protocol vulnerabilities is something security researchers warned about in 2016, and it only took a year before the first attacks exploiting them were observed.

You might be interested in …

Daily NCSC-FI news followup 2020-10-28

Vastaamo-kiristäjä pysyi piilossa vaikka lunnaiden maksuaika umpeutui nyt uhkana uhrien identiteettivarkaudet yle.fi/uutiset/3-11618253 Kiristäjä ei tiettävästi julkaissut uusia henkilötietoja tai potilaskertomuksia tiistaina, kuten uhkasi. Vastaamo-kiristyksen uhrien tietoja levitetään nyt uudella tavalla asiantuntijat: Harkitse tarkkaan, mitä kirjoitat someen www.is.fi/digitoday/art-2000006702529.html Tiedetään, että idiootit pimeässä verkossa ovat jo levittäneet poliisien, kansanedustajien ja muiden julkisuuden henkilöiden potilastietoja, sanoo F-Securen tietoturvajohtaja […]

Read More

Daily NCSC-FI news followup 2021-08-25

Ransomware: These four rising gangs could be your next major cybersecurity threat www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/#ftag=RSSbaffb68 Cybersecurity researchers have warned of four emerging families of ransomware that could pose a significant cybersecurity threat to businesses. . Ransomware remains one of the key cybersecurity threats facing businesses around the world as cyber criminals try to compromise networks and encrypt […]

Read More

Daily NCSC-FI news followup 2019-12-29

UK Government exposes addresses of new year honours recipients www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients More than 1,000 celebrities, government employees and politicians recognized in the U.K.’s traditional New Year’s Honours list this year “have had their home and work addresses posted on a government website.” IoT vendor Wyze confirms server leak www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/ Wyze, a company that sells smart devices […]

Read More