Daily NCSC-FI news followup 2022-01-13

How to control cookies: A real-world experiment www.kaspersky.com/blog/how-to-control-your-cookies/43303/ These days, when you go to almost any website, youll immediately see a banner at the bottom of the screen asking you to accept all cookies. Typically, users agree, to get rid of the annoying text box without delay. Lots of people dont know if they can […]

Read More

Daily NCSC-FI news followup 2022-01-12

New Windows Server updates cause DC boot loops, break Hyper-V www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/ The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back. Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 […]

Read More

Daily NCSC-FI news followup 2022-01-11

Microsoft Patch Tuesday – January 2022 isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Microsoft fixed 126 different CVEs with this month’s update (this includes the Chromium issues patched in Edge). Six of the issues were publicly disclosed, and nine are rated critical. Noteworthy updates: CVE-2022-21907: This is a remote code execution vulnerability in http.sys. http.sys is part of anything in windows […]

Read More

Daily NCSC-FI news followup 2022-01-10

OP:n verkkosivut kaataneen kyberhyökkäyksen tekijöistä tai motiivista ei ole vielä tietoa yle.fi/uutiset/3-12263848 Osuuspankin verkkopalveluissa toimintahäiriön sunnuntaina aiheuttaneen kyberhyökkäyksen mahdollisista tekijöistä tai iskun motiivista ei vielä maanantaina ole saatu mitään tietoa, kertoo pankin tietoturvajohtaja Teemu Ylhäisi STT:lle. – Eilen saatiin hyökkäys torjuttua ja korjaustoimenpiteet tehtyä. Nyt jatketaan teknisiä selvityksiä ja ollaan viranomaisiin yhteydessä. Jatkoselvityksissä menee vielä […]

Read More

Daily NCSC-FI news followup 2022-01-09

Osuuspankin verkkosivut joutuivat kyberhyökkäyksen kohteeksi verkkopalvelun häiriö kesti useita tunteja yle.fi/uutiset/3-12263337 Osuuspankin mukaan vika on nyt korjattu. Asiakastietoja tai rahoja ei vaarantunut kyberhyökkäyksessä. Extracting Cobalt Strike Beacons from MSBuild Scripts isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ The developer behind popular open-source NPM libraries ‘colors’ (aka colors.js on GitHub) […]

Read More

Daily NCSC-FI news followup 2022-01-08

Organized Cybercrime Cases: What CISOs Need to Know www.trendmicro.com/en_us/ciso/22/a/organized-cybercrime-what-cisos-need-to-know.html Recently, Trend Micro Research analyzed a new service offering, called Access as a Service (AaaS), in the undergrounds whereby malicious actors are selling access into business networks. AaaS is part of a developing trend in cybercrime, which is the increased specialization of services within CaaS and […]

Read More

Daily NCSC-FI news followup 2022-01-07

The JNDI Strikes Back Unauthenticated RCE in H2 Database Console jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). Although this […]

Read More

Daily NCSC-FI news followup 2022-01-06

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry thehackernews.com/2022/01/north-korean-hackers-start-new-year.html A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation’s Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. “This activity cluster demonstrates the patient […]

Read More

Daily NCSC-FI news followup 2022-01-05

New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft’s digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, […]

Read More

Daily NCSC-FI news followup 2022-01-04

Cyberattack against UK Ministry of Defence training academy revealed www.zdnet.com/article/ex-officer-reveals-cyberattack-against-uk-ministry-of-defence-training-academy/ A retired military officer has disclosed a cyberattack that struck the UK Ministry of Defence (MoD) academy and had a “significant” impact on the organization. Air Marshal Edward Stringer, an officer in charge at the time, told Sky News that the cyberattack was discovered in […]

Read More