Cyber security news August 2022

This posting is here to collect cyber security news in August 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

543 Comments

  1. Tomi Engdahl says:

    Greek PM under pressure over tapping of opponent’s phone
    Government accused of ‘darkest practices’ in eavesdropping scandal that evokes worst days of country’s military rule
    https://www.theguardian.com/world/2022/aug/07/greek-pm-kyriakos-mitsotakis-under-pressure-over-tapping-of-opponents-phone

    An eavesdropping scandal that sees Greece’s intelligence chief and the head of his personal office resign within minutes; calls for further resignations amid revelations of “dark practices”, and a spy crisis likened to Watergate.

    The Greek prime minister, Kyriakos Mitsotakis, is facing his toughest hour in office following the discovery that the mobile phone of his political opponent, the leader of the country’s third largest party, was tapped by order of EYP, the intelligence service that reports directly to his office.

    “I never expected the Greek government to spy on me using the darkest practices,” the Pasok party head, Nikos Androulakis who is also a member of the European parliament, said in a televised address late on Friday as the extent of the espionage became apparent.

    Reply
  2. Tomi Engdahl says:

    Targeted attack on industrial enterprises and public institutions https://ics-cert.kaspersky.com/publications/reports/2022/08/08/targeted-attack-on-industrial-enterprises-and-public-institutions/
    In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan. In the course of our research, we were able to identify over a dozen of attacked organizations. The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions. An analysis of information obtained during our investigation indicates that cyberespionage was the goal of this series of attacks.

    Reply
  3. Tomi Engdahl says:

    Twilio customer data exposed after its staffers got phished https://www.theregister.com/2022/08/08/twilio_phishing_attack/
    Twilio confirmed a breach of the communication giant’s network and accessed “a limited number” of customer accounts after tricking some employees into falling for a phishing attack. The company declined to respond to The Register’s inquiries about how many customers’ accounts were compromised and the type of data that the crooks stole, but the investigation is ongoing.

    Reply
  4. Tomi Engdahl says:

    North Korean hackers target crypto experts with fake Coinbase job offers https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-crypto-experts-with-fake-coinbase-job-offers/
    A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack. According to Hossein Jazi, a security researcher at Malwarebytes who has been following Lazarus activity closely since February 2022, the threat actors are now pretending to be from Coinbase, targeting candidates suitable for the role of “Engineering Manager, Product Security.”

    Reply
  5. Tomi Engdahl says:

    New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains https://thehackernews.com/2022/08/new-orchard-botnet-uses-bitcoin.html
    A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto’s account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. “Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more difficult to defend against,” researchers from Qihoo 360′s Netlab security team said in a Friday write-up.
    Orchard is said to have undergone three revisions since February 2021, with the botnet primarily used to deploy additional payloads onto a victim’s machine and execute commands received from the C2 server.

    Reply
  6. Tomi Engdahl says:

    7-Eleven stores in Denmark closed due to a cyberattack https://www.bleepingcomputer.com/news/security/7-eleven-stores-in-denmark-closed-due-to-a-cyberattack/
    7-Eleven stores in Denmark shut down today after a cyberattack disrupted stores payment and checkout systems throughout the country.
    The attack occurred early this morning, August 8th, with the company posting on Facebook that they were likely “exposed to a hacker attack”. The translated statement says that the company has closed all the stores in the country while investigating the security incident.

    Reply
  7. Tomi Engdahl says:

    CloudGuard Spectral detects several malicious packages on PyPI the official software repository for Python developers https://research.checkpoint.com/2022/cloudguard-spectral-detects-several-malicious-packages-on-pypi-the-official-software-repository-for-python-developers/
    PyPI is the leading Python repository, the most commonly in use by Python users. Every python developer is familiar with the pip install daily routine to bring the Python software they need. Pypi helps developers find and install software developed and shared by other developers of this community. The platform and its use is currently free and developers use the repository daily. According to their own website, Pypi has over 612,240 active users, working on 391,325 projects, with 3,664,724 releases. What many users are not aware is the fact that this one liner simple command can put them at an elevated risk. The pip install command triggers a package installation which can include a setup.py script. This script can include Python snippets to make the required installation process at the target installer machine.

    Reply
  8. Tomi Engdahl says:

    Email marketing firm hacked to steal crypto-focused mailing lists https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/
    Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers. Klaviyo says the breach occurred on August 3rd after hackers stole an employee’s login credentials in a phishing attack. These login credentials were then used to access the employee’s account and internal Klaviyo support tools. Using the internal tools, the threat actors downloaded marketing lists for thirty-eight customers who are in the cryptocurrency industry.. “The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information,” explained a security notification from Klavyio.

    Reply
  9. Tomi Engdahl says:

    Varo SIM-korttisi kopiota
    https://etn.fi/index.php?option=com_content&view=article&id=13821&via=n&datum=2022-08-03_15:48:23&mottagare=30929

    Kyberturvallisuusasiantuntijat kuten Check Point Software varoittavat, että matkapuhelimen SIM-korttien vaihto on yleistymässä. Ongelmat on mahdollista välttää, kunhan käyttäjä on varovainen henkilötietojensa kanssa, varoo tietojenkalastelua ja on tarkkana, jos puhelimen signaali yllättäen katoaa.

    Check Point muistuttaa, että vaikka useimmat ihmiset ovat tietoisia tietojenkalasteluhyökkäyksistä, vain harvat ovat valppaita niin sanotun SIM-kortin vaihdon vaaroista. Tässä menetelmässä verkkorikolliset saavat haltuunsa uhrin SIM-kortin kaksoiskappaleen.

    Kaksivaiheisella SIM-kortilla rikolliset voivat kiertää kaksivaiheisen vahvistusprosessin, joka suojaa pankkisovelluksesi kaltaisia ​​palveluita. Ongelma on niin vakava, että jopa FBI varoitti siitä.

    SIM-kortin vaihto tapahtuu, kun verkkorikollinen saa kopion SIM-kortistasi. Tätä varten he tarvitsevat kuitenkin pääsyn henkilötietoihin, kuten sotu-tunnukseen, puhelinnumeroon ja koko nimeen. Nämä he voivat saada haltuunsa tietojenkalastelutekniikoilla. Sitten he voivat yksinkertaisesti ottaa yhteyttä matkapuhelinoperaattoriin ja esiintyä uhrina puhelimitse tai internetissä tai jopa käymällä fyysisessä kaupassa.

    Kun SIM-kortin kaksoiskappale on hankittu, verkkorikollisen tarvitsee vain asettaa kortti laitteeseen päästäkseen käsiksi kaikkiin uhrin tilin tietoihin, mukaan lukien puhelulokit ja viestihistoria. Siitä lähtien hänellä on täysi hallinta ja on helppo käyttää pankkisovellustasi ja varastaa rahaa siirtämällä ne toiselle tilille. Vaikka tämä tarkoittaisi vahvistuskoodin käyttöä, rikollinen saa senkin käyttöönsä liittymän kautta.

    Reply
  10. Tomi Engdahl says:

    Junaliikenne ajautui kaaokseen – pääradalla kaapelin katkaisseet tallentuivat valvontakameraan
    Katkaisu aiheutti junaliikennekaaoksen maanantaina Tampereen ja Riihimäen välillä.
    https://www.iltalehti.fi/kotimaa/a/82246636-e57c-4fbf-b40f-f9902f14b492

    Poliisille on tehty kaksi rikosilmoitusta Lempäälän Turuntien ylittävän rautatiesillan työmaa-alueella olevien valokuitukaapeleiden katkaisusta, kertoo Sisä-Suomen poliisi.

    Katkaisu aiheutti maanantaina junaliikennekaaoksen Tampereen ja Riihimäen välillä useamman tunnin ajaksi.

    Poliisi epäilee tässä vaiheessa kahden henkilön syyllistyneen kaapelien katkaisun osalta varkauden yritykseen. Teko tallentui videovalvontatallenteeseen. Rikosilmoituksen poliisille on tehnyt työmaa-alueen urakoitsija.

    Poliisin mukaan kaapelien katkaisulla on aiheutettu tuntuvaa vahinkoa, sillä teko johti koko raideliikenteen pysäyttämiseen Riihimäen ja Tampereen välisellä rataosuudella.

    Riihimäen ja Tampereen junaliikenteen vian syyksi epäillään ilkivaltaa – tutkintapyyntö poliisille
    Riihimäen ja Tampereen välinen junaliikenne oli poikki yli seitsemän tuntia.
    https://www.iltalehti.fi/kotimaa/a/5d4282e3-64ec-4c54-ae5c-33ef51c5833b

    Junaliikenne Riihimäen ja Tampereen välillä oli maanantaina useita tunteja poikki. Syynä oli edellisenä yönä Lempäälässä tapahtunut kaapelivaurio.

    Reply
  11. Tomi Engdahl says:

    Slack admits to leaking hashed passwords for five years
    https://nakedsecurity.sophos.com/2022/08/08/slack-admits-to-leaking-hashed-passwords-for-three-months/

    Popular collaboration tool Slack (not to be confused with the nickname of the world’s longest-running Linux distro, Slackware) has just owned up to a long-running cybersecurity SNAFU.

    According to a news bulletin entitled Notice about Slack password resets, the company admitted that it had inadvertently been oversharing personal data “when users created or revoked a shared invitation link for their workspace.”

    From 2017-04-17 to 2022-07-17 (we assume both dates are inclusive), Slack said that the data sent to the recipients of such invitations included…

    …wait for it…

    …the sender’s hashed password.

    Reply
  12. Tomi Engdahl says:

    Palvelunestohyökkäys kaatoi eduskunnan verkkosivut, venäläinen hakkeriryhmä kertoo tehneensä hyökkäyksen https://www.hs.fi/politiikka/art-2000008994152.html
    Eduskunnan verkkosivut kaatuivat tiistaina iltapäivällä. Puoli viiden aikaan sivuille ei päässyt, mutta noin kello 16.50 eduskunnan sivut vaikuttivat toimivan taas, joskin hitaasti. Venäläinen hakkeriryhmä
    NoName057(16) ilmoitti Telegram-kanavallaan tehneensä verkkohyökkäyksen Suomen eduskunnan sivuille, minkä vuoksi sivut eivät toimineet. Eduskunnan tiedotteen mukaan eduskunnan ulkoisia verkkosivuja vastaan kohdistuu palvelunestohyökkäys, joka alkoi noin kello 14.30. Tiedotteen mukaan eduskunta pyrkii rajaamaan hyökkäystä yhdessä palveluntoimittajien ja Kyberturvallisuuskeskuksen kanssa..
    Myös: https://yle.fi/uutiset/3-12569629.
    https://www.mtvuutiset.fi/artikkeli/eduskunnan-nettisivut-eivat-toimi-venalainen-hakkeriryhma-kertoi-tehneensa-iskun/8485030.
    https://www.tivi.fi/uutiset/tv/20561af8-222c-4879-8713-851f0d6d8727.
    https://www.ksml.fi/uutissuomalainen/4776577

    Reply
  13. Tomi Engdahl says:

    Microsoft August 2022 Patch Tuesday
    https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
    This month we got patches for 141 vulnerabilities. Of these, 17 are critical, 2 were previously disclosed, and one is already being exploited, according to Microsoft. The exploited vulnerability is a Remote Code Execution (RCE) affecting Microsoft Windows Support Diagnostic Tool (MSDT) (CVE-2022-34713). According to the advisory, exploitation of the vulnerability requires that a user open a specially crafted file in different scenarios.. Also:
    https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2022-patch-tuesday-fixes-exploited-zero-day-121-flaws/.
    https://www.tenable.com/blog/microsofts-august-2022-patch-tuesday-addresses-118-cves-cve-2022-34713

    Reply
  14. Tomi Engdahl says:

    VMware warns of public exploit for critical auth bypass vulnerability https://www.bleepingcomputer.com/news/security/vmware-warns-of-public-exploit-for-critical-auth-bypass-vulnerability/
    Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges. A week ago, VMware released updates to address the vulnerability (CVE-2022-31656) affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. Multiple other flaws were patched the same day, including a high severity SQL injection flaw (CVE-2022-31659) that allows remote attackers to gain remote code execution.

    Reply
  15. Tomi Engdahl says:

    Microsoft patches Windows DogWalk zero-day exploited in attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-dogwalk-zero-day-exploited-in-attacks/
    Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. Fixed as part of the August 2022 Patch Tuesday, this security flaw is now tracked CVE-2022-34713 and has been jokingly named DogWalk. It is due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT) that attackers can exploit to gain remote code execution on compromised systems.

    Reply
  16. Tomi Engdahl says:

    Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/
    Beginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Using our naming schema, Unit 42 tracks the threat actor as Tropical Scorpius. Here, we start with an overview of the ransomware and focus on an evolution of behavior observed leading up to deployment of Cuba Ransomware. While this behavior was consistent for over a year, Unit 42 has observed some recent changes. This includes providing an overview of the ransomwares functionality and algorithms, as well as covering the technical details of the tactics, techniques and procedures (TTPs) used by Tropical Scorpius.

    Reply
  17. Tomi Engdahl says:

    Andariel deploys DTrack and Maui ransomware https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/
    On July 7, 2022, the CISA published an alert, entitled, North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector, related to a Stairwell report, Maui Ransomware.. Later, the Department of Justice announced that they had effectively clawed back $500,000 in ransom payments to the group, partly thanks to new legislation. We can confirm a Maui ransomware incident in 2022, and add some incident and attribution findings.. We extend their first seen date from the reported May 2021 to April 15th 2021, and the geolocation of the target, to Japan. Because the malware in this early incident was compiled on April 15th, 2021, and compilation dates are the same for all known samples, this incident is possibly the first ever involving the Maui ransomware.

    Reply
  18. Tomi Engdahl says:

    CISA Adds Two Known Exploited Vulnerabilities to Catalog https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/cisa-adds-two-known-exploited-vulnerabilities-catalog
    CISA has added two new vulnerabilities to itsKnown Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
    These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. These two are Microsoft Windows Support Diagnostic Tool
    (MSDT) Remote Code Execution Vulnerability (CVE-2022-34713) and RARLAB UnRAR Directory Traversal Vulnerability (CVE-2022-30333)

    Reply
  19. Tomi Engdahl says:

    Raspberry Robin: Highly Evasive Worm Spreads over External Disks https://blogs.cisco.com/security/raspberry-robin-highly-evasive-worm-spreads-over-external-disks
    During our threat hunting exercises in recent months, weve started to observe a distinguishing pattern of msiexec.exe usage across different endpoints. As we drilled down to individual assets, we found traces of a recently discovered malware called Raspberry Robin. The RedCanary Research Team first coined the name for this malware in their blog post, and Sekoia published a Flash Report about the activity under the name of QNAP Worm. Both articles offer great analysis of the malwares behavior. Our findings support and enrich prior research on the topic.

    Reply
  20. Tomi Engdahl says:

    ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data
    https://www.securityweek.com/aepic-leak-architectural-bug-intel-cpus-exposes-protected-data

    A group of researchers from several universities and companies has disclosed a new Intel CPU attack method that could allow an attacker to obtain potentially sensitive information.

    The research was conducted by researchers from the Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services.

    The attack method has been dubbed AEPIC Leak — spelled ÆPIC Leak — and it’s related to the Advanced Programmable Interrupt Controller (APIC). This integrated CPU component is responsible for accepting, prioritizing, and dispatching interrupts to processors. When it’s in xAPIC mode, the APIC registers are accessed through a memory-mapped I/O (MMIO) page.

    However, the researchers pointed out that unlike Meltdown and Spectre, which are transient execution attacks, AEPIC Leak exists due to an architectural bug, which leads to the disclosure of sensitive data without leveraging any side channel. They described it as “the first CPU bug able to architecturally disclose sensitive data.”

    One of the researchers told SecurityWeek that since it does not rely on a side channel, the attack is extremely reliable.

    “It is sufficient to load an enclave application in memory to be able to leak its contents. AEPIC Leaks can precisely target an application and fully dumps its memory in less than a second,” explained Pietro Borrello of the Sapienza University of Rome.

    ÆPIC Leak, officially tracked as CVE-2022-21233, has been described as an uninitialized memory read issue that affects Intel CPUs.

    Intel, which described it as a medium-severity issue related to improper isolation of shared resources, published an advisory on Tuesday and provided a list of impacted products.

    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html

    Summary:

    A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to address this potential vulnerability.
    Vulnerability Details:

    CVEID: CVE-2022-21233

    Description: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

    CVSS Base Score: 6.0 Medium

    CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
    Affected Products:

    Consult this list of affected products here.

    Affected Processors: Transient Execution Attacks & Related Security Issues by CPU
    https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

    Reply
  21. Tomi Engdahl says:

    Exploit Code Published for Critical VMware Security Flaw
    https://www.securityweek.com/exploit-code-published-critical-vmware-security-flaw

    The race to mitigate a gaping authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation products just got a lot more urgent.

    Just one week after the release of an urgent, high-priority patch with fixes for the issue, VMware is calling attention to publicly available exploit code that provides hackers with a roadmap to obtain administrative access without the need to authenticate

    “VMware has confirmed malicious code that can exploit CVE-2022-31656 in impacted products is publicly available,” the company said in an updated critical-level advisory published Tuesday.

    As SecurityWeek previously reported, the CVE-2022-31656 vulnerability carries VMware’s highest severity rating (CVSSv3 base score of 9.8) and should be remediated without delay.

    Reply
  22. Tomi Engdahl says:

    Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader
    https://www.securityweek.com/adobe-patch-tuesday-code-execution-flaws-acrobat-reader
    Software maker Adobe has released patches for at least 25 documented security vulnerabilities that expose Windows and macOS users to malicious hacker attacks.
    The most urgent fix affects the ubiquitous Adobe Acrobat and Reader software used to create, view and manage PDF files across platforms.
    “These [Acrobat and Reader] updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak,” Adobe said in a critical-severity advisory released Tuesday.

    Reply
  23. Tomi Engdahl says:

    ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities
    https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-fix-only-11-vulnerabilities

    Industrial giants Siemens and Schneider Electric have addressed less than a dozen vulnerabilities in their August 2022 Patch Tuesday advisories, far fewer than in most of the previous months.

    It’s not uncommon for these companies to address 50 vulnerabilities on a Patch Tuesday, and in some cases their advisories even covered 100 vulnerabilities. This week, however, they only published four advisories each, to inform customers about a total of just 11 vulnerabilities.

    Major companies that typically patch a significant number of vulnerabilities each month do occasionally only address a small number of flaws, so it’s too soon to conclude that the products of these vendors have become more secure or that they don’t get as much attention from security researchers.

    Reply
  24. Tomi Engdahl says:

    Microsoft Publishes Office Symbols to Improve Bug Hunting
    https://www.securityweek.com/microsoft-publishes-office-symbols-improve-bug-hunting

    Microsoft Office has started publishing Office symbols for Windows in an effort to help bug hunters find and report security issues.

    Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build.

    Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only public symbols are called ‘stripped symbol files’.

    Starting August 9, Microsoft Office is publishing stripped symbol files via the Microsoft Public Symbol Server, to provide security researchers with additional information when hunting for bugs in Office products, and to help them create more detailed reports.

    “Symbols empower customers and partners to better understand and potentially diagnose issues they’re encountering. They also open the door for the development of more advanced performance tools and insights,” Microsoft says.

    https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/

    Reply
  25. Tomi Engdahl says:

    IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products
    https://www.securityweek.com/ibm-patches-high-severity-vulnerabilities-cloud-voice-security-products

    IBM on Monday announced patches for multiple high-severity vulnerabilities impacting products such as Netezza for Cloud Pak for Data, Voice Gateway, and SiteProtector.

    A total of three vulnerabilities were resolved in IBM Netezza for Cloud Pak for Data, all of which impact the Golang packages that the platform uses. Two of these issues are rated ‘high severity’, with a CVSS score of 7.5.

    All three flaws are described as denial-of-service (DoS) vulnerabilities in Golang that could be exploited remotely using specially crafted content or requests.

    Reply
  26. Tomi Engdahl says:

    CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems
    https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

    Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

    This means that an adversary could exploit the flaw to drop arbitrary files on a target system that has the utility installed simply by decompressing the file. The vulnerability was revealed by SonarSource researcher Simon Scannell in late June.

    Reply
  27. Tomi Engdahl says:

    Patch Tuesday: Yet another Microsoft RCE bug under active exploit
    Oh, and that critical VMware auth bypass vuln? Miscreants found it, too
    https://www.theregister.com/2022/08/09/august_patch_tuesday_microsoft/

    Reply
  28. Tomi Engdahl says:

    Venäläinen hakkeriryhmä uhittelee nyt Kyberturvallisuuskeskusta
    Myös eduskunnan verkkosivuille kohdistui palvelunestohyökkäys.
    https://www.iltalehti.fi/kotimaa/a/a24c9147-7a22-4e31-90cc-9ab7e248b9f7

    Eduskunnan verkkosivuille palvelunestohyökkäyksen tehnyt venäläinen NoName057(16)-niminen hakkeriryhmä uhittelee nyt myös Kyberturvallisuuskeskusta.

    Hakkeriryhmä kirjoittaa Telegram-viestissään aikeistaan.

    Vapaasti suomennettuna ryhmän venäjänkielinen viesti kuuluu seuraavasti ”Julkituomme kiitoksemme Suomen eduskunnalle uuden päämäärän johdosta. Suomen kyberturvallisuuskeskus –odottakaa vierailuamme!”

    Eduskunnan verkkosivuille kohdistui palvelunestohyökkäys. Hyökkäys alkoi tiistaina 9. elokuuta noin kello 14.30.

    Keskiviikkoaamuna eduskunnan verkkosivujen toiminta on palautunut normaaliksi.

    F-Securen tutkimusjohtaja Mikko Hyppönen kertoi Iltalehdelle aikaisemmin, että palvelunestohyökkäyksillä ei murtauduta tai varasteta tietoa järjestelmistä. Palvelunestohyökkäyksen tarkoituksena on yksinkertaisesti pyrkiä estämään verkkosivuston tarkoitettu käyttö.

    Reply
  29. Tomi Engdahl says:

    New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
    https://thehackernews.com/2022/08/new-iot-rapperbot-malware-targeting.html

    A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022.

    “This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai,” Fortinet FortiGuard Labs said in a report.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*