Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and […]

Read More

Daily NCSC-FI news followup 2019-08-08

Porin kaupunki joutunut tietomurron kohteeksi www.pori.fi/uutinen/2019-08-08_porin-kaupunki-joutunut-tietomurron-kohteeksi Keskiviikkona 7. elokuuta iltapäivällä yhdellä Porin kaupungin opetusverkon työasemalla havaittiin tietomurto. Kyseisen työaseman kautta oli saatu asennettua haittaohjelma opetusverkon käyttäjähakemistopalvelimille.. Haittaohjelman tarkoituksena oli datan kerääminen, joka on saattanut vaarantaa käyttäjien kirjautumistietoja. Varotoimenpiteenä kaikkien opetusverkon käyttäjien salasanat vaihdetaan, sanoo ICT-yksikön päällikkö Heikki Haaparanta. . Reagoimme tilanteeseen nopeasti, minkä vuoksi murto […]

Read More

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More
u r hackerman!

Restoring admin access in Kirjuri

I recently got asked how to restore admin access on Kirjuri after the original administrator has left and the password for the admin account isn’t known. As Kirjuri does not have any internet-connected features, it can’t implement a standard “we’ll email you a password reset link feature. Most Kirjuri users run their own server on […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2019-08-05

– From State-Sponsored Attackers to Common Cybercriminals: Destructive Attacks on the Rise securityintelligence.com/posts/from-state-sponsored-attackers-to-common-cybercriminals-destructive-attacks-on-the-rise/ Destructive attacks have left their mark over the past few years, wiping data and rendering millions of enterprise devices inoperable at companies around the world. A new report today from IBM X-Force Incident Response and Intelligence Services (IRIS) shows that these attacks […]

Read More

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Read More

Daily NCSC-FI news followup 2019-08-03

Joosua sai palkkion hakkeroinnista: Menneinä vuosina ei katsottu hyvällä www.is.fi/digitoday/tietoturva/art-2000006192538.html Joosua Santasalo sai tuntuvan palkkion löytämästään tietoturva-aukosta. Bug bounty -kampanjoiden yleistyminen kertoo ohjelmistoalan asennemuutoksesta. Internet connected cars can be hacked to gridlock major cities www.hackread.com/internet-connected-cars-hacked-gridlock-cities/ Hacking Internet Connected Cars a near possibility for cybercriminals to cause major havoc. Say hello to Lord Exploit Kit blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/ […]

Read More

Daily NCSC-FI news followup 2019-08-02

LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Between July 19 and July 25, 2019, several spear phishing emails were identifiedtargeting three US companies in the utilities sector. . The phishing messages were found to contain a Microsoft Word document attachment that uses VBA macros to installLookBack […]

Read More

Daily NCSC-FI news followup 2019-08-01

Ransomware: Cyberattack forces Houston County schools to postpone opening day www.scmagazine.com/home/security-news/malware/cyberattack-forces-houston-county-schools-to-postpone-opening-day/ Ransomware: Syracuse, NY and Watertown, NY City School Districts have been targeted in a ransomware attack spectrumlocalnews.com/nys/watertown/news/2019/07/30/watertown-the-latest-school-system-targeted-by-cyber-attack Ransomware: Steps to Safeguard Against Ransomware Attacks www.us-cert.gov/ncas/current-activity/2019/07/30/steps-safeguard-against-ransomware-attacks 1. Back up systems – now (and daily). Store one copy offline.. 2. Reinforce basic cybersecurity awareness and education. […]

Read More