This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in January 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
369 Comments
Tomi Engdahl says:
Scientists Believe US Embassy Staff and CIA Officers Were Hit With High-Power Microwaves – Here’s How the Weapons Work
https://scitechdaily.com/scientists-believe-us-embassy-staff-and-cia-officers-were-hit-with-high-power-microwaves-heres-how-the-weapons-work/
Tomi Engdahl says:
https://therecord.media/an-interview-with-russian-hacker-pavel-sitnikov-there-is-no-hacking-scene-now-only-commerce/
Tomi Engdahl says:
PSA: Android 11 will no longer let you insecurely connect to enterprise WiFi networks
https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/
Tomi Engdahl says:
https://techcrunch.com/2021/01/05/fbi-nsa-says-hacks-on-us-federal-agencies-likely-russian-in-origin/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/
Tomi Engdahl says:
Tietomurtoa voi harjoitella laillisesti – kokeilussa Hack the Box
https://www.tivi.fi/uutiset/tietomurtoa-voi-harjoitella-laillisesti-kokeilussa-hack-the-box/6109c66e-1aab-4ae9-b629-583b2bec1689
Tomi Engdahl says:
https://www.zdnet.com/article/hackers-target-cryptocurrency-users-with-new-electrorat-malware/
Tomi Engdahl says:
‘We All Got Played’: QAnon Followers Implode After Big Moment Never Comes
https://www.forbes.com/sites/jackbrewster/2021/01/20/we-all-got-played-qanon-followers-implode-after-big-moment-never-comes/
As Joe Biden was sworn in as president, QAnon followers finally saw their hope for the “storm”—when President Donald Trump would bring down the “deep state” and expose a far-reaching child-sex trafficking ring—disappear, leaving followers of the unhinged conspiracy theory in despair and searching for answers, while one of the most prominent adherents gave up.
Tomi Engdahl says:
Hacker leaks full database of 77 million Nitro PDF user records
https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.
The 14GB leaked database contains 77,159,696 records with users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.
The database has also been added to the Have I Been Pwned service
Tomi Engdahl says:
Linux users should patch now to block new “FreakOut” malware which exploits new vulnerabilities
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Recently, Check Point Research (CPR) encountered several attacks that are exploiting multiple vulnerabilities, including some recently discovered flaws. These ongoing attacks involve a new malware variant, called ‘FreakOut.’ The goal behind these attacks is to create an IRC botnet (a collection of machines infected with malware that can be controlled remotely), which can then be used for malicious activities, such as launching DDoS attacks on other organizations’ networks, or for crypto-mining activity on infected machines, which can potentially shut down entire systems infected.
Tomi Engdahl says:
This is where Parler went: to the Russian company that helps keep Hamas online. It is fitting for a supporter of domestic terrorist communications to end up on a Russian site. Free speech does not include sedition, nor enriching those supporting international terrorists.
https://krebsonsecurity.com/tag/ddos-guard/?fbclid=IwAR21LCInbZkwlvtIc6CSjaLq2pP1wdZjvxpiFYihowdWL5odwVBWcfAwAUo
Tomi Engdahl says:
https://www.facebook.com/groups/2600net/permalink/2941232892766483/
We issued V3 supplemental guidance to Emergency Directive 21-01: cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3
The supplemental guidance was issued in response to the SolarWinds Orion code compromise. We urge state & local governments, critical infrastructure entities, and private organizations to review the latest version.
V3 provides updates on affected versions; guidance for ensuring all federal agencies operating unaffected platforms are using at least SolarWinds Orion Platform version 2020.2.1HF2; guidance for agencies using third-party service providers; and additional clarity on required actions.
Read the guidance: cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3
#SolarWinds #APT #Cybersecurity #Infosec #Cyber
Tomi Engdahl says:
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
https://www.zdnet.com/article/ransomware-victims-that-have-backups-are-paying-ransoms-to-stop-hackers-leaking-their-stolen-data/
Ransomware attacks are proving even more lucrative for cyber criminals as even organisations which can restore from backups are paying ransom demands to prevent further damage.
Tomi Engdahl says:
Eduskunta aloitti selvityksen, “miten on mahdollista”, että videokuva Sipilän päälle käymisestä päätyi julkisuuteen
https://yle.fi/uutiset/3-11746501
Eduskunnan pääsihteeri painottaa, että valvontakameran materiaali on salassa pidettävää tietoa.
Eduskunnan kanslia selvittää, miten videotallenne 7. tammikuuta tapahtuneesta kansanedustaja, ex-pääministeri Juha Sipilän (kesk.) epäillystä pahoinpitelystä päätyi julkisuuteen. MTV:n uutiset julkaisi perjantaina videomateriaalia hyökkäyksestä.
– Eduskunnan kanslia on käynnistänyt selvityksen eduskunnan kameravalvontakuvien päätymisestä julkisuuteen ja tähän liittyneestä eduskunnan muusta toiminnasta. Kameravalvonnan kuvamateriaali on lähtökohtaisesti salassa pidettävää tietoa
– Haluamme kokonaiskuvan, mitä on tapahtunut ja miten on mahdollista, että materiaalia on päätynyt julkisuuteen, Paavola kertoo Ylelle.
Onko materiaali julkista vai ei, siitä on eduskuntalähteillä eri näkemyksiä.
Maanantaina eduskunnan turvallisuusjohtaja Jukka Savola kommentoi STT:lle, että videotallenne on julkista tietoa. Savola viittaa eduskunnan tietosuojavastaavan asiasta tekemään linjaukseen.
– Tietosuojavastaavan lausunnon mukaan meillä on velvollisuus ne esittää, sillä ne sinänsä siinä muodossa eivät vaaranna meidän turvallisuusjärjestelmän sisältöä tai toimivuutta tai siitä ei käy ilmi yksityiskohtia, jotka vaarantaisivat järjestelmän ylläpitoa ja toimivuutta, Savola sanoi maanantaina.
Maija-Leena Paavolan mukaan kahdessa ristiriitaisessa julkisuuslinjauksissa on kyse kahdesta eri tilanteista: Lähtökohtaisesti eduskunnan valvontakameran materiaali on salassa pidettävää.
Tilanne on eri, jos tietoa tai materiaalia on jo vuotanut julkisuuteen, kuten tässä tapauksessa kansanedustajan pahoinpitelystä oli.
Tomi Engdahl says:
SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach
https://www.scmagazine.com/home/security-news/cloud-security/solarwinds-attack-opened-up-4-separate-paths-to-a-microsoft-365-cloud-breach/
Tomi Engdahl says:
https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/
Tomi Engdahl says:
A Chinese hacking group is stealing airline passenger details
https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/
Chinese hackers are gathering passenger details from airlines across the world to track high-value targets’ movements.
Tomi Engdahl says:
https://briarproject.org/how-it-works/
Tomi Engdahl says:
TERRORIST REGULATION : THE EU PARLIAMENT MUST OPPOSE AUTHORITARIAN CENSORSHIP
https://www.laquadrature.net/en/2021/01/08/terrorist-regulation-the-eu-parliament-must-oppose-authoritarian-censorship/
Tomi Engdahl says:
NSA urges system administrators to replace obsolete TLS protocols
NSA: Obsolete encryption provides a false sense of security.
https://www.zdnet.com/article/nsa-urges-system-administrators-to-replace-obsolete-tls-protocols/
Tomi Engdahl says:
https://www.theregister.com/2021/01/07/jetbrains_solarwinds_accusation/
Tomi Engdahl says:
Fast, mature, secure DoH server proxy written in Rust
https://github.com/jedisct1/doh-server
RPZ Zone Files to Block DNS-over-HTTPS
https://github.com/bambenek/block-doh
This is a list of hostnames, IP addresses, and appropriate RPZ zone files to either block usage of DNS-over-HTTPS in an environment or to redirect it to a local DNS-over-HTTPS (DoH) server.
Tomi Engdahl says:
JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI), AND THE NATIONAL SECURITY AGENCY (NSA)
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure
the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts.
Tomi Engdahl says:
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
Zyxel security advisory for hardcoded credential vulnerability
CVE: CVE-2020-29583
https://www.zyxel.com/support/CVE-2020-29583.shtml
Tomi Engdahl says:
https://us-cert.cisa.gov/ncas/current-activity/2021/01/05/nsa-releases-guidance-eliminating-obsolete-tls-protocol
Tomi Engdahl says:
https://hakkeriradio.fi/
Hakkeriradio toimii valtakunnallisesti nettistreamina sekä pääkaupunkiseudulla FM-taajuudella 105,8MHz (1.1.2021 klo 12 alkaen).
Tomi Engdahl says:
Equipment worth a few hundred dollars is enough to intercept data relayed via satellites in orbit. With number of satellites planned to increase several-fold, governments and manufacturers need to be better prepared for modern cybersecurity threats in space.
Satellites are not safe enough. Here’s why that should worry you
https://cybernews.com/editorial/satellites-are-not-safe-enough-heres-why-that-should-worry-you/?utm_source=facebook&utm_medium=cpc&utm_campaign=rm&utm_content=satellites_safe&fbclid=IwAR1g8p9W1S_w0ZKA-OgwhfLzz0mqSIaGVS55xf6uCR8PxmMzX6Kzcj4by44
Tomi Engdahl says:
Microsoft details “incredible effort” to hide by SolarWinds hackers
https://www.itnews.com.au/news/microsoft-details-incredible-effort-to-hide-by-solarwinds-hackers-560004
Standout opsec and anti-forensic methods applied.
The hackers behind the high-profile SolarWinds attacks went to extraordinary lengths to avoid detection, research by Microsoft security analysts shows.
Based on their Sunburst – or as Microsoft calls it, Solorigate – backdoor staying dormant for at at least two weeks, the attackers painstakingly selected targets and built unique Cobalt Strike network penetration tools for each victim system for a month or so, Microsoft researchers said.
During that time, the hackers also established their command and control infrastructure, with domain generation algorithms creating random names.
Tomi Engdahl says:
As Adobe Flash stops running, so do some railroads in China
https://hk.appledaily.com/news/20210117/FLXATT4LKVBGVEBRLAECJPTCHM/
The railroad system in Dalian, northern China, collapsed citywide on Tuesday for up to 20 hours after the Adobe Flash programing software stopped running.
Adobe had announced as early as 2017 that it would cease support for the multimedia software on Dec. 30 last year. The American software company eventually ended the operation of all Flash content on Tuesday.
Tuesday’s chaos arose after China Railway Shenyang failed to deactivate Flash in time, leading to a complete shutdown of its railroads in Dalian, Liaoning province.
Staffers were reportedly unable to view train operation diagrams, formulate train sequencing schedules and arrange shunting plans.
Authorities fixed the issue by installing a pirated version of Flash at 4:30 a.m. the following day.
Tomi Engdahl says:
Ransomware is now the biggest cybersecurity concern for CISOs
https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/
A survey of chief information security officers (CISOs) and chief
security officers (CSOs) by cybersecurity Proofpoint found that
ransomware is now viewed as the main cybersecurity threat to their
organisation over the course of the next year.
Tomi Engdahl says:
UK govt gives malware infected laptops to vulnerable students
https://www.bleepingcomputer.com/news/security/uk-govt-gives-malware-infected-laptops-to-vulnerable-students/
The devices are given out for free by the government to support
disadvantaged students unable to access remote education during the
COVID-19 pandemic, including children and young people who have no
digital devices, have only a smartphone, or share a single device with
other family members. “Upon unboxing and preparing them, it was
discovered that a number of the laptops were infected with a
self-propagating network worm, ” according to one of the teachers.
Tomi Engdahl says:
Microsoft Edge gets a password generator, leaked credentials monitor
https://www.bleepingcomputer.com/news/security/microsoft-edge-gets-a-password-generator-leaked-credentials-monitor/
Microsoft is rolling out a built-in password generator and a leaked
credentials monitoring feature on Windows and macOS systems running
the latest Microsoft Edge version.
Tomi Engdahl says:
NSA urges system administrators to replace obsolete TLS protocols
https://www.zdnet.com/article/nsa-urges-system-administrators-to-replace-obsolete-tls-protocols/
NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0,
SSL 3.0, TLS 1.0, and TLS 1.1 not be used. Even if TLS 1.2 and TLS 1.3
are deployed, the NSA warns against configuring these two protocols
with weak cryptographic parameters and cipher suites.
Tomi Engdahl says:
Bugs in Signal, Facebook, Google chat apps let attackers spy on users
https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/
Vulnerabilities found in multiple video conferencing mobile
applications allowed attackers to listen to users’ surroundings
without permission before the person on the other end picked up the
calls. The logic bugs were found by Google Project Zero security
researcher Natalie Silvanovich in the Signal, Google Duo, Facebook
Messenger, JioChat, and Mocha messaging apps and are now all fixed.
Tomi Engdahl says:
NCSC-UK: Technical report: Responsible use of the Border Gateway
Protocol (BGP) for ISP interworking
https://www.ncsc.gov.uk/report/responsible-use-of-bgp-for-isp-interworking
The guidance encourages operators to use the BGP in a predictable and
rigorous way, making full use of Internet Registries such as RIPE.
PDF:
https://www.ncsc.gov.uk/files/border-gateway-protocol-technical-paper.pdf
Tomi Engdahl says:
DNSpooq – 7 vulnerabilities found in dnsmasq, an open-source DNS
forwarding software in common use
https://www.jsof-tech.com/disclosures/dnspooq/
The Dnspooq vulnerabilities include DNS cache poisoning
vulnerabilities as well as a potential Remote code execution and
others. The list of devices using dnsmasq is long and varied.
According to our internet-based research, prominent users of dnsmasq
seem to include Cisco routers, Android phones, Aruba devices,
Technicolor, and Red-Hat, as well as Siemens, Ubiquiti networks,
Comcast, and others listed below. Depending on how they use dnsmasq,
devices may be more or less affected, or not affected at all. PDF:
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf.
TheHackerNews:
https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html.
ZDnet:
https://www.zdnet.com/article/dnspooq-lets-attackers-poison-dns-cache-records/.
BleepingComputer:
https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/
Tomi Engdahl says:
FireEye releases tool for auditing networks for techniques used by
SolarWinds hackers
https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/
Together with the report, FireEye researchers have also released a
free tool on GitHub named Azure AD Investigator that they say can help
companies determine if the SolarWinds hackers (also known as UNC2452)
used any of these techniques inside their networks. Report:
https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html.
GitHub: https://github.com/fireeye/Mandiant-Azure-AD-Investigator
Tomi Engdahl says:
Linux users should patch now to block new “FreakOut” malware which
exploits new vulnerabilities
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
These ongoing attacks involve a new malware variant. The goal behind
these attacks is to create an IRC botnet, which can then be used for
malicious activities, such as launching DDoS attacks on other
organizations’ networks, or for crypto-mining activity on infected
machines, which can potentially shut down entire systems infected. The
attack exploits TerraMaster TOS, Zend Framework and Liferay Portal.
ThreatPost:
https://threatpost.com/linux-attack-freakout-malware/163137/.
BleepingComputer:
https://www.bleepingcomputer.com/news/security/freakout-malware-exploits-critical-bugs-to-infect-linux-hosts/.
TiVi:
https://www.tivi.fi/uutiset/tv/372649cd-e1a1-48ab-8d4b-03f75dd6117b
Tomi Engdahl says:
Decrypted: With more SolarWinds fallout, Biden picks his cybersecurity team
https://techcrunch.com/2021/01/21/decrypted-with-more-solarwinds-fallout-biden-picks-his-cybersecurity-team/?tpcc=ECFB2021
Tomi Engdahl says:
Russia-linked viruses found on school laptops handed out by Government
https://metro.co.uk/2021/01/21/russia-linked-viruses-found-on-school-laptops-handed-out-by-government-13944542/?ito=facebook|social|metroukfacebook
Laptops provided to schools from the Government arrived with a virus on them that connected to servers in Russia.
The discovery raises concerns that hackers could steal data on vulnerable students learning from home amid the pandemic.
Employees of a Bradford school sounded the alarm in an online forum after receiving laptops containing malware installed by hackers, according to The Telegraph.
The Department for Education (DfE) confirmed the incident to the Metro.co.uk and said it was an issue with a ‘small number’ of devices;
https://www.telegraph.co.uk/technology/2021/01/21/schools-find-russia-linked-viruses-laptops-given-government/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/11658-trend-micro-suojaa-nyt-kontit-ajonaikaisesti
Tomi Engdahl says:
Amerikkalaiset pelkäävät hakkerointia enemmän kuin murhaa
https://etn.fi/index.php/13-news/11654-amerikkalaiset-pelkaavat-hakkerointia-enemman-kuin-murhaa
Atlas VPN:n teettämän tutkimuksen mukaan Yhdysvaltain kansalaiset ovat paljon enemmän huolissaan hakkeroinnista kuin murhasta. Kaikkiaan 72 prosenttia amerikkalaisista pelkää, että kyberrikolliset varastavat heidän henkilö, luotto- ta pankkitietonsa.
Tomi Engdahl says:
https://www.forbes.com/sites/thomasbrewster/2021/01/22/facebook-livestreamer-who-broadcast-capitol-hill-riot-charged-says-fbi/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Tomi Engdahl says:
A Home Security Tech Hacked Into Cameras To Watch People Undressing And Having Sex, Prosecutors Say
https://www.buzzfeednews.com/article/salvadorhernandez/home-security-camera-hacked-adt
Telesforo Aviles admitted he took note of homes where attractive women lived and hacked into more than 200 accounts over several years.
A home security technician admitted Thursday that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex, federal prosecutors said.
“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” acting US Attorney Prerak Shah said in a statement. “We are glad to hold him accountable for this disgusting betrayal of trust.”
While working for ADT, a home security company that provides alarms, cameras, and locks, Aviles took note of customer homes where attractive women lived, prosecutors said, then repeatedly gained access to their video feeds for sexual gratification.
The technician violated the company’s policies by surreptitiously adding his personal email address to accounts on ADT Pulse, an app that allows customers to check remotely on their homes’ security cameras.
ADT, which is based in Florida, is currently facing three federal lawsuits related to the incident. The breach affected 220 customers who lived in Texas.
According to the lawsuits, ADT began to notify customers about the breach back in April 2020, telling them that one of their employees had accessed customer accounts for about four and a half years.
In the lawsuit, the woman said ADT had “failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses” to the mobile app.
Another lawsuit alleges the company had “failed to monitor consumers’ accounts and promptly alert them anytime a new email was added to their accounts.”
The lawsuit also claims the flagrant security breach was discovered not by the company, but “by luck and happenstance.”
“A customer, reporting a technical issue, inadvertently revealed the unwanted third-party access,” the lawsuit claims. “But for that event, ADT would be unaware of this invasive conduct.”
In a statement to BuzzFeed News, an ADT spokesperson said the company self-reported the incident in April 2020 on its website.
In the three lawsuits, the customers also alleged ADT tried to obtain confidentiality agreements when notifying them of the security breach. In one instance, a customer said she was offered $2,500, as well as credit for monitoring services and upgraded equipment.
When she refused, she alleged the company increased their offer to $50,000.
The spokesperson for ADT said the company apologized to the people who were affected and addressed the matter differently with each customer.
“In speaking to our customers and apologizing for what happened, it’s clear that the employee’s abuse of access impacted each customer differently,” the spokesperson said. “Therefore, we took steps to address their concerns individually.”
Meanwhile, Aviles could face up to five years in prison for pleading guilty to computer fraud, prosecutors said.
Tomi Engdahl says:
Former home security tech admits to hacking into customer’s surveillance cameras
https://abc13.com/9903489/?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
A former security technician faces up to five years in prison after admitting to authorities that he repeatedly hacked into home video camera feeds.
Aviles worked for ADT security and accessed around 200 customer accounts more than 9,600 times, the FBI said.
“Mr. Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes,”
Authorities said the case is a reminder for people to practice ‘cyber hygiene by reviewing authorized users and routinely changing passwords.
Tomi Engdahl says:
Capitol riot suspect plotted to sell stolen Pelosi laptop to Russian intelligence, authorities say
https://www.nbcnews.com/news/us-news/capitol-rioter-plotted-sell-stolen-pelosi-laptop-russian-intelligence-n1254583
Tomi Engdahl says:
#DYSTOPIAN_WEEKEND — They’re watching you, wherever you walk. They know exactly where you pause, when you slow down and speed up, and they count you in and out of the city. What’s more, they’re tracking your phone, so they can tell exactly how many people from your country or region are in which area, at which time. And they’re doing it in a bid to change tourism for the better.
Venice is watching tourists’ every move
https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html
They’re watching you, wherever you walk. They know exactly where you pause, when you slow down and speed up, and they count you in and out of the city.
What’s more, they’re tracking your phone, so they can tell exactly how many people from your country or region are in which area, at which time.
Tomi Engdahl says:
Resurssipula vaivaa poliisia – rikosoikeuden professori: Erittäin suuri osa rikoksista jää tutkimatta
Entisen poliisin mukaan verkossa tapahtuvat rikokset saattavat ylittää määrässään jo perinteiset rikokset.
https://yle.fi/uutiset/3-11751534
Tomi Engdahl says:
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
Windows RDP servers are being abused to amplify DDoS attacks
https://www.zdnet.com/article/windows-rdp-servers-are-being-abused-to-amplify-ddos-attacks/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.
Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday.
Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.
Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target’s system.
Tomi Engdahl says:
Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes
Thorough counter-detection methods laid bare by Redmond
https://www.theregister.com/2021/01/21/microsoft_solarwinds_deep_dive/?utm_source=dlvr.it&utm_medium=facebook
The SolarWinds hackers triggered one of their Cobalt Strike implants in the firm’s network through a cunning VBScript that was activated by a routine system process, Microsoft has said.
Microsoft’s deep dive, published yesterday following SolarWinds’ own take on the malware, repeated earlier findings that the hackers went to unusual lengths to disguise their intrusion and avoid detection.