Daily NCSC-FI news followup 2022-01-07

The JNDI Strikes Back Unauthenticated RCE in H2 Database Console

jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). Although this is a critical issue with a similar root cause, CVE-2021-42392 should not be as widespread as Log4Shell (CVE-2021-44228). That being said, if you are running an H2 console which is exposed to your LAN (or worse, WAN) this issue is extremely critical (unauthenticated remote code execution) and you should update your H2 database to version 2.0.206 immediately.

“Olet maksamassa palvelussamme” varo uutta pankkihuijausta

www.is.fi/digitoday/tietoturva/art-2000008524565.html OP varoittaa nimissään tehtävästä huijauksesta. Ihmisille lähetetään tekstiviestejä, joissa ilmoitetaan näiden tekemästä maksusta. Viestissä on linkki, joka johtaa pankkitunnuksia varastavalle sivulle. Verkkopankkiin tai viranomaispalveluihin ei tulisi kirjautua tekstiviestitse tai sähköpostitse tulleiden linkkien kautta.

FluBot malware now targets Europe posing as Flash Player app

www.bleepingcomputer.com/news/security/flubot-malware-now-targets-europe-posing-as-flash-player-app/ The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.

FinalSite ransomware attack shuts down thousands of school websites

www.bleepingcomputer.com/news/security/finalsite-ransomware-attack-shuts-down-thousands-of-school-websites/ FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions for over 8, 000 schools and universities across 115 different countries.

Night Sky is the latest ransomware targeting corporate networks

www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/ It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks.

Massive internet outages continue to sow confusion amid Kazakhstan protests

therecord.media/massive-internet-outages-continue-to-sow-confusion-amid-kazakhstan-protests/ Nation-level internet traffic was cut off in Kazakhstan this week in the latest example of a petrostate trying to use shutdowns to quell protests and sow confusion. Early reports of communications disruptions started coming in on January 2, the first day people took to the streets in Almaty and other cities to protest fuel price increases and deteriorating economic conditions. Those reports were limited to localized mobile network interference and blocks on traffic to certain messaging services, including Telegram and Signal, Natalia Krapiva, Tech Legal Counsel at digital rights group Access Now said.

Latest WordPress security release fixes XSS, SQL injection bugs

portswigger.net/daily-swig/latest-wordpress-security-release-fixes-xss-sql-injection-bugs The developers of WordPress have pushed out a security-focused update that addresses four significant security flaws in the content management software. More specifically WordPress 5.8.3 patches cross site scripting (XSS) and SQL injection vulnerabilities that affect WordPress versions between 3.7 and 5.8.

UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits

therecord.media/uk-nhs-threat-actor-targets-vmware-horizon-servers-using-log4shell-exploits/ The security team of the UK National Health Service (NHS) said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks. “The web shell can then be used by an attacker to carry out a number of malicious activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware, ” the NHS team said in a security alert published on Wednesday. also:


QNAP: Get NAS Devices Off the Internet Now

threatpost.com/qnap-nas-devices-ransomware-attacks/177452/ There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. “The most vulnerable victims will be those devices exposed to the Internet without any protection, ” QNAP said on Friday, urging all QNAP NAS users to follow security-setting instructions that the Taiwanese NAS maker included in its alert. also:


Custom Python RAT Builder


Codex Exposed: Exploring the Capabilities and Risks of OpenAI’s Code Generator

www.trendmicro.com/en_us/research/22/a/codex-exposed–exploring-the-capabilities-and-risks-of-openai-s-.html The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine.

You might be interested in …

Daily NCSC-FI news followup 2021-06-24

FIN7 manager sentenced to 7 years for role in global hacking scheme therecord.media/fin7-manager-sentenced-to-7-years-for-role-in-global-hacking-scheme/ A key member of the international cybercrime group FIN7 was sentenced to 84 months in prison and ordered to pay $2.5 million in restitution Hacker wipes database of NewsBlur RSS reader therecord.media/hacker-wipes-database-of-newsblur-rss-reader/ NewsBlur was in process of a database migration when MongoDB […]

Read More

Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to […]

Read More

Daily NCSC-FI news followup 2019-06-24

How to remove Ryuk Ransomware (Uninstall guide) csirt.cy/how-to-remove-ryuk-ransomware-uninstall-guide/ Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time.. According to the […]

Read More