This posting is here to collect cyber security news in November 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in November 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
77 Comments
Slope says:
I found your blog to be quite enjoyable to read. Not only was it well-written, but it was also simple to comprehend. In contrast to other blogs that I have read, which are not quite as good as this one. Many, many thanks!
Tomi Engdahl says:
Luckily, the problem hasn’t crashed millions of computers worldwide
CrowdStrike part 2 crashes Microsoft Office on Windows 11 24H2
Luckily, the problem hasn’t crashed millions of computers worldwide
https://www.techspot.com/news/105447-crowdstrike-part-2-crashes-microsoft-office-windows-11.html?fbclid=IwZXh0bgNhZW0CMTEAAR2bxkYFS0_St8F60aiqvXOPsN4RXOSVX0ejDc1KEdiVCjmNGXGIvaiC0tM_aem_mrk5i_MnZTphEIm8Djz1zQ
What just happened? Enterprise users at companies that employ CrowdStrike antivirus software and have received prompts to upgrade their operating systems to Windows 11 24H2 should probably wait. The security toolchain has encountered another faulty update that could make Microsoft Office apps unusable. Fortunately, the problem isn’t as widespread as the incident from earlier this year.
Microsoft is investigating an error that causes Microsoft Office applications like Word and Excel to crash after users upgrade to Windows 11 24H2. The problem only impacts companies and managed IT environments, so those using Windows 11 Home or Pro on personal devices need not worry.
Tomi Engdahl says:
FBI havaitsi outoa toimintaa ennen vaaleja
Presidentinvaalien alla myös yritykset vaikuttaa vaaleihin lisääntyivät.
https://www.iltalehti.fi/digiuutiset/a/c591faef-1e5f-4473-91cc-9b21e1a9ea44
Kiinan tukemien hakkerien murtautuneen monien teleyhtiöiden järjestelmiin Yhdysvalloissa. Tietoja on urkittu etenkin presidentti Donald Trumpin lähipiiristä ja perheenjäseniltä.
Asiasta uutisoi New York Times anonyymien sisäpiirilähteiden kertoman mukaan.
Lähteen mukaan FBI:n ja Cisan tietoturvaviranomaiset epäilevät, että Donald Trumpin lisäksi J.D. Vancen henkilökohtainen puhelin on ollut murron kohteena.
Tutkintaa laajennettiin, kun presidentin pojan Eric Trumpin ja presidentin vävyn Jared Kushnerin havaittiin olleen myös hakkereiden kohteena.
New York Timesille asiasta nimettöminä puhuneiden lähteiden mukaan hakkerointikampanjan kohteena on havaittu olleen alle 100 henkilöä. Kohteina oli myös presidentti Joe Bidenin avustajia ja ulkoministeriön työntekijöitä.
https://www.nytimes.com/2024/10/29/us/politics/trump-biden-hacking-china.html
Tomi Engdahl says:
https://www.iltalehti.fi/kotimaa/a/2795c627-a6c9-426f-9481-4b57fdc954c7?utm_medium=Social&utm_source=Facebook&fbclid=IwZXh0bgNhZW0CMTEAAR20FiMArpcbzsaIpX2a-UkbZDeO8Et4PRLCsKLnOG4RyJKz-t7zGWTjAqg_aem_wtIP43jJwPpaMLas72knXQ#Echobox=1730811726
Tomi Engdahl says:
Cisco Patches Critical Vulnerability in Industrial Networking Solution
A critical vulnerability in Cisco Unified Industrial Wireless software could allow remote, unauthenticated attackers to inject commands with root privileges.
https://www.securityweek.com/cisco-patches-critical-vulnerability-in-industrial-networking-solution/
Tomi Engdahl says:
Malware & Threats
‘SteelFox’ Miner and Information Stealer Bundle Emerges
Impersonating legitimate software such as Foxit PDF Editor and AutoCAD, the SteelFox crimeware bundle steals user information.
https://www.securityweek.com/steelfox-miner-and-information-stealer-bundle-emerges/
Tomi Engdahl says:
North Korean Hackers Target macOS Users
North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.
https://www.securityweek.com/north-korean-hackers-target-macos-users-with-fake-crypto-pdfs/
Tomi Engdahl says:
Nation-State
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack
The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
https://www.securityweek.com/us-gov-agency-urges-employees-to-limit-phone-use-after-china-salt-typhoon-hack/
The US government’s Consumer Financial Protection Bureau (CFPB) is directing employees to minimize the use of cellphones for work-related activities, following an intrusion into major telco systems attributed to Chinese government hackers.
According to a Wall Street Journal report, the agency sent an email to all employees and contractors with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
The warning comes on the heels of a series of hacks into US telcos and broadband providers blamed on Salt Typhoon, a Chinese government-backed cyberespionage hacking operation. The group has reportedly broken into companies like Verizon, AT&T and Lumen Technologies and has used that access to surveil politicians and critical communications systems.
“While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,” the CFPB said in the email.
Tomi Engdahl says:
https://www.securityweek.com/malwarebytes-acquires-vpn-provider-azirevpn/
Tomi Engdahl says:
Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI
ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution.
https://www.securityweek.com/unpatched-vulnerabilities-allow-hacking-of-mazda-cars-zdi/
Vulnerabilities in the infotainment system of multiple Mazda car models could allow attackers to execute arbitrary code with root privileges, Trend Micro’s Zero Day Initiative (ZDI) warns.
The issues, ZDI explains, exist because the Mazda Connect Connectivity Master Unit (CMU) system does not properly sanitize user-supplied input, which could allow a physically present attacker to send commands to the system by connecting a specially crafted USB device.
The CMU, popular among the modding community, which has released software tweaks to modify its operations, was manufactured by Visteon and runs software initially developed by Johnson Controls.
According to ZDI, the flaws, which were identified in software version 74.00.324A, could be used in conjunction to “achieve a complete and persistent compromise of the infotainment system”. Earlier software iterations might also be affected. Mazda 3 model year 2014-2021 and other car models are impacted.
Tomi Engdahl says:
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks
Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.
https://www.securityweek.com/google-patches-two-android-vulnerabilities-exploited-in-targeted-attacks/
Tomi Engdahl says:
Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation
Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging.
https://www.securityweek.com/siemens-and-rockwell-tackle-industrial-cybersecurity-but-face-customer-hesitation/
Tomi Engdahl says:
Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days
British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.
https://www.securityweek.com/sophos-used-custom-implants-to-surveil-chinese-hackers-targeting-firewall-zero-days/
British cybersecurity vendor Sophos on Thursday published details of a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hacking teams and fessed up to using its own custom implants to capture the attackers’ tools, movements and tactics.
The Thoma Bravo-owned company, which has found itself in the crosshairs of attackers targeting zero-days in its enterprise-facing products, described fending off multiple campaigns beginning as early as 2018, each building on the previous in sophistication and aggression.
The sustained attacks included a successful hack of Sophos’ Cyberoam satellite office in India, where attackers gained initial access through an overlooked wall-mounted display unit. An investigation quickly concluded that the Sophos facility hack was the work of an “adaptable adversary capable of escalating capability as needed to achieve their objectives.”
In a separate blog post, the company said it countered attack teams that used a custom userland rootkit, the TERMITE in-memory dropper, Trojanized Java files, and a unique UEFI bootkit. The attackers also used stolen VPN credentials, obtained from both malware and Active Directory DCSYNC, and hooked firmware-upgrade processes to ensure persistence across firmware updates.
Tomi Engdahl says:
Training & Awareness
The Biggest Inhibitor of Cybersecurity: The Human Element
Essential steps such as security awareness training, MFA, and Zero Trust identity management help organizations reduce the human element and stay ahead in the cybersecurity curve.
https://www.securityweek.com/the-biggest-inhibitor-of-cybersecurity-the-human-element/
Tomi Engdahl says:
US Prison Sentences for Nigerian Cybercriminals Surge in Recent Months
A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentences.
https://www.securityweek.com/us-prison-sentences-for-nigerian-cybercriminals-surge-in-recent-months/
Tomi Engdahl says:
In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, LastPass Phishing Campaign
Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use.
https://www.securityweek.com/in-other-news-china-hacked-singtel-guloader-attacks-on-industrial-firms-phone-use-warning-in-us-agency/
Tomi Engdahl says:
Diana Kwon / Nature:
Research integrity specialists and scientific publishers raise concerns about the ease with which scientific data can be fabricated using generative AI tools
AI-generated images threaten science — here’s how researchers hope to spot them
Generative-AI technologies can create convincing scientific data with ease — publishers and integrity specialists fear a torrent of faked science.
https://www.nature.com/articles/d41586-024-03542-8
Tomi Engdahl says:
Skynet liikehti outoon paikkaan
Ison-Britannian viestintäsatelliitti ajautui toiselle puolelle maapalloa todennäköisesti jonkun käskystä.
https://www.iltalehti.fi/ulkomaat/a/10e9ce41-05e3-4ce5-83ad-d97f856cc9f6
Tomi Engdahl says:
”Aikamoinen riesa” piinaa tankkaajia – ST1-pomo kertoo ongelmasta, joka on vain pahentunut syksyn aikana
Ongelmat katevarauksen purkamisessa ovat lisääntyneet syksyn aikana, kertoo ST1:n myynti- ja verkostojohtaja Juha Vanninen.
https://www.iltalehti.fi/autouutiset/a/3e07582e-1a96-421a-879c-2ab278b346fa
Polttoaineasemaketju ST1:n automaateilla tankanneiden asiakkaiden rahoja on jäänyt jumiin pahimmillaan jopa viikoksi, kun katevaraukset eivät ole purkautuneet normaalisti.
Tomi Engdahl says:
https://www.securityweek.com/many-legacy-d-link-nas-devices-exposed-to-remote-attacks-via-critical-flaw/
Tomi Engdahl says:
https://www.securityweek.com/law-firm-data-breach-impacts-300000-presbyterian-healthcare-patients/
Tomi Engdahl says:
Varoitus Fortumin asiakkaille
Näin voi käydä, jos organisaatio ei ole suojannut lähettäjätunnustaan.
https://www.iltalehti.fi/digiuutiset/a/b5f0e0a0-dc93-42ca-ae99-32cf4c27fff9
Fortumin nimissä liikkuu huijausviestejä, jotka tulevat samaan viestiketjuun aitojen viestien kanssa.
Energiayhtiö Fortumin nimissä liikkuu huijausviestejä, jotka tulevat samaan viestiketjuun Fortumin aitojen yhteydenottojen kanssa, mikäli sellaisia on omissa tekstiviesteissä. Kyberturvallisuuskeskus varoittaa haksahtamasta huijaukseen.
Rikolliset voivat käyttää huijausviestien lähettämiseen aitoa Fortum-lähettäjätunnusta, koska yhtiö ei ole ainakaan vielä toistaiseksi suojannut sitä.
– Rekisteröimättömällä lähettäjänimellä lähetetyt huijausviestit menevät samaan viestiketjuun yrityksen aiemman asiakasviestinnän kanssa, mikä lisää huijauksen uskottavuutta, Kyberturvallisuuskeskus varoittaa.
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-452024?toggle=Tekstiviestihuijauksia%20oikeilla%20ja%20v%C3%A4%C3%A4rill%C3%A4%20l%C3%A4hett%C3%A4j%C3%A4nimill%C3%A4
Tomi Engdahl says:
Taylor Lorenz / User Mag:
Threads becoming inundated with liberal election fraud conspiracies highlights the shift toward a “post-truth” online landscape across the political spectrum
Meta’s Threads is ‘overrun’ with liberal election fraud conspiracies
Thousands of users have amplified baseless claims of hacked voting machines as Democrats become more comfortable embracing denialism
https://www.usermag.co/p/metas-threads-overrun-with-liberal-election-fraud-conspiracies
Over the past several days, Meta’s Threads has become inundated with liberal election fraud conspiracies.
The conspiracies range from skepticism about vote tallies in key swing states, to allegations of a criminal coverup by Biden to force the Democrats to lose in order to (somehow eventually?) take down Trump, to claims of Russian interference with voting technology.
One pervasive conspiracy as of Saturday morning centered around Elon Musk, alleging that the billionaire hacked the election through his Starlink satellite internet company, which conspiracy theorists claim is part of the voting machine supply chain. (This is false, and ironically Musk himself pushed a debunked Dominion voting machine conspiracy theory at a Trump rally last month).
The rampant election fraud conspiracies on Threads show how Meta’s efforts to downrank and minimize journalistic content on the app have helped to create a vacuum in which misinformation thrives unchecked and users are unable to find reliable, accurately reported news. The conspiracies also show how many self-described liberals have grown increasingly conspiratorial and unable to distinguish fact from fiction in a chaotic and broken information ecosystem.
“What is happening with conspiracy theories among liberals is the thing that’s always happened with conspiracy theories throughout history,” said Mike Rothschild, author of The Storm Is Upon Us: How QAnon Became a Movement, Cult and Conspiracy Theory of Everything.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16821-venaelaeinen-tietovaras-on-nyt-suomen-yleisin-haittaohjelma
Tomi Engdahl says:
Asiantuntijan kova väite IL:lle: Venäjällä valmius lamauttavaan kyberiskuun Suomea vastaan – testattu jo
Iltalehden haastattelema asiantuntija kertoo uskovansa, että Venäjä on varautunut katkaisemaan Itämeren tietoliikennekaapelit
Asiantuntijan kova väite IL:lle: Venäjällä valmius lamauttavaan kyberiskuun Suomea vastaan – testattu jo
https://www.is.fi/ulkomaat/art-2000010826618.html
Venäjä voi katkaista Suomesta internetin ja sähköt samalla kertaa, kyberturvallisuuden työelämäprofessori Tapio Frantti sanoo Iltalehdelle.
Frantin mukaan Venäjä on valmistautunut laajaan kyberfyysiseen iskuun Suomea vastaan ja myös testannut sitä rajoitetusti.
Internet-liikenne kulkee runkokaapeleita pitkin. Kaapeleita on esimerkiksi Itämeressä. Frantti sanoo Iltalehdelle uskovansa, että Venäjä on todennäköisesti varautunut katkaisemaan kaapelit.
– Pitäisin aika ihmeenä, jos he eivät olisi panostaneet näitä kaapeleita siellä valmiiksi. Jos on tarve katkaista ne räjäyttämällä, niin he pystyvät kyllä tekemään sen, Frantti sanoo.
Tomi Engdahl says:
Mattel has apologized after mistakenly printing the web address of a pornographic site on the packaging of its newly launched “Wicked” dolls.
https://abc7.com/post/wicked-movie-mattel-apologizes-after-mistakenly-printing-porn-site-dolls-packaging-featuring-ariana-grande-cynthia-erivo/15537116/?ex_cid=TA_KABC_FB&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR3cV8x0EgJ0QupPYWx0QO_-hN64b6q1SlAlk6cTSrvfSpcdaTGa9rcrPWU_aem_FXfOI4S0BCfPGsHdGuCqig
Toy manufacturer Mattel has apologized after mistakenly printing the web address of a pornographic site on the packaging of its newly launched “Wicked” dolls.
Instead of pointing readers to the official website of the movie adaptation of the Tony Award-winning musical, information found on boxes of the special edition dolls leads to a page that requires users to be 18 years or older to enter, according to social media users on X.
Tomi Engdahl says:
Mattel Accidentally Lists Adult Film Website on Wicked Doll Boxes: ‘We Deeply Regret This Unfortunate Error’
“It’s true! WTF?!!” one person on X (formerly Twitter) wrote after checking the URL on the doll boxes she purchased
https://people.com/mattel-accidentally-lists-adult-film-website-on-wicked-doll-boxes-8742887?utm_campaign=peoplemagazine&utm_content=manual&utm_medium=social&utm_source=facebook.com&fbclid=IwZXh0bgNhZW0CMTEAAR0TPM8KW7NYyPPNGrnlgBE4qDEo9Iii9ZLdYjBXWEtrDCKOd6QmHB6K_hY_aem_0U08VHWxv_7VQie97dtCIQ
Tomi Engdahl says:
FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals
https://www.securityweek.com/fbi-warns-us-organizations-of-fake-emergency-data-requests-made-by-cybercriminals/
The FBI is seeing an increase in threat actors using fake emergency data requests to harvest information from US companies.
The FBI has issued an alert to warn US-based companies and law enforcement agencies that threat actors are sending fake emergency data requests with the goal of harvesting personally identifiable information (PII).
An emergency data request enables law enforcement agencies to obtain information from online service providers in emergency situations, when there is no time to get a subpoena.
Emergency data requests have been abused by Lapsus$ and other threat actors, but the FBI has observed a spike in cybercrime forum posts related to the process of emergency data requests.
“Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI’s alert (PDF) reads.
https://www.ic3.gov/CSA/2024/241104.pdf
Tomi Engdahl says:
Cyberattack Cost Oil Giant Halliburton $35 Million
In its latest financial report, Halliburton said the recent cybersecurity incident has so far cost the company $35 million.
https://www.securityweek.com/cyberattack-cost-oil-giant-halliburton-35-million/
The expenses related to the recent cybersecurity incident suffered by US oil giant Halliburton reached $35 million by the end of September, according to the company’s latest financial report.
The incident came to light on August 22, when Halliburton, one of the world’s largest oilfield service providers, confirmed unauthorized access to some of its systems.
The company immediately launched an investigation and shut down some systems to contain the incident.
By the end of August, reports emerged that — based on indicators of compromise — the ransomware group known as RansomHub was likely behind the Halliburton attack.
Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate systems.
Tomi Engdahl says:
https://www.securityweek.com/veeam-patches-high-severity-vulnerability-as-exploitation-of-previous-flaw-expands/
Tomi Engdahl says:
PLCHound Aims to Improve Detection of Internet-Exposed ICS
Georgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS.
https://www.securityweek.com/plchound-aims-to-improve-detection-of-internet-exposed-ics/
Tomi Engdahl says:
Jamie Tarabay / Bloomberg:
Sources: the US plans to support a controversial, legally binding cybercrime UN treaty this week despite concerns that authoritarian regimes could misuse it
https://www.bloomberg.com/news/articles/2024-11-11/biden-administration-to-support-controversial-un-cyber-treaty
Biden Administration to Support Controversial UN Cyber Treaty
Critics fear it could be misused by authoritarian countries
Agreement would help pursuit of cybercriminals, official says
Tomi Engdahl says:
Jason Koebler / 404 Media:
A look at DeFlock, an open-source project that has crowdsourced the locations of 5,600+ automated license plate reader cameras globally from Flock and others
The Open Source Project DeFlock Is Mapping License Plate Surveillance Cameras All Over the World
Jason Koebler Jason Koebler
·
Nov 11, 2024 at 9:24 AM
DeFlock has mapped the locations of more than a thousand ALPRs around the United States and thousands more around the world.
https://www.404media.co/the-open-source-project-deflock-is-mapping-license-plate-surveillance-cameras-all-over-the-world/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16821-venaelaeinen-tietovaras-on-nyt-suomen-yleisin-haittaohjelma
Check Point Softwaren tuore haittaohjelmakatsaus osoittaa, että tietoja varastavat haittaohjelmat yleistyvät. Lumma Stealer, joka kerää käyttäjätunnuksia ja arkaluonteista dataa vaarantuneista järjestelmistä, on noussut Suomen yleisimmäksi ja maailman neljänneksi yleisimmäksi haittaohjelmaksi. Mobiilihaittaohjelmat, kuten Google Playsta Android-laitteisiin leviävä Necro, ovat edelleen merkittävä uhka.
Check Pointin lokakuun haittaohjelmakatsaus tuo esiin huolestuttavan kehityksen kyberturvallisuudessa: tietoja varastavien haittaohjelmien yleistymisen ja kyberrikollisten hyökkäystapojen kehittymisen. Tehokkaasti vaarantuneista järjestelmistä tunnistetietoja ja arkaluonteista dataa varastavat haittaohjelmat ovat yleistyneet. Lokakuussa tutkijat havaitsivat tartuntaketjun, jossa väärennettyjä CAPTCHA-sivuja käytetään Lumma Stealer -haittaohjelman levittämiseen.
Tomi Engdahl says:
Amazon Employee Data Leaked by Hacker
Amazon has confirmed that some employee data was compromised as a result of a MOVEit hack last year.
https://www.securityweek.com/amazon-employee-data-leaked-by-hacker/
Tomi Engdahl says:
New iOS Security Feature Reboots Devices to Protect User Data: Reports
A new feature in the latest iOS release reportedly reboots locked devices that have not been unlocked for longer periods of time.
https://www.securityweek.com/new-ios-security-feature-reboots-devices-to-protect-user-data-reports/
Tomi Engdahl says:
Network Security
IP Spoofing Attack Tried to Disrupt Tor Network
A coordinated IP spoofing attack that involved port scans tried to disrupt the Tor network by getting relays on blocklists.
https://www.securityweek.com/ip-spoofing-attack-tried-to-disrupt-tor-network/
Tomi Engdahl says:
US Prison Sentences for Nigerian Cybercriminals Surge in Recent Months
A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentence
https://www.securityweek.com/us-prison-sentences-for-nigerian-cybercriminals-surge-in-recent-months/
Tomi Engdahl says:
Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford
Cybersecurity incident impacts Giant Food, Hannaford, and other Ahold Delhaize USA brands, including pharmacies and e-commerce services.
https://www.securityweek.com/ahold-delhaize-cybersecurity-incident-impacts-giant-food-hannaford/
Tomi Engdahl says:
SAP Patches High-Severity Vulnerability in Web Dispatcher
SAP has released eight new security notes on November 2024 patch day, including one addressing a high-severity vulnerability in Web Dispatcher.
https://www.securityweek.com/sap-patches-high-severity-vulnerability-in-web-dispatcher/
Tomi Engdahl says:
https://www.securityweek.com/millions-of-hot-topic-customers-impacted-by-data-breach/
Roughly 57 million unique email addresses allegedly stolen from fashion retailer Hot Topic have been posted online, data breach notification website Have I Been Pwned warns.
Tomi Engdahl says:
Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories
Intel and AMD have published November 2024 Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products.
https://www.securityweek.com/chipmaker-patch-tuesday-intel-publishes-44-and-amd-publishes-8-new-advisories/
Tomi Engdahl says:
https://www.securityweek.com/google-cloud-to-assign-cves-to-critical-vulnerabilities/
Tomi Engdahl says:
Tekstiviestihuijari vei nuoren tililtä 44 000 euroa – Osuuspankki joutuu korvaamaan summan, hovioikeus vahvisti
Osuuspankin mukaan asiakas oli toiminut törkeän huolimattomasti, mutta hovioikeus oli eri mieltä.
https://yle.fi/a/74-20124351
Järvi-Hämeen Osuuspankki joutuu korvaamaan asiakkaalleen kymmeniä tuhansia euroja, jotka tämä hävisi huijauksessa. Itä-Suomen hovioikeus piti käräjäoikeuden päätöksen voimassa.
Kyse on tapauksesta, jossa huijari vei Osuuspankin asiakkaalta lähes 44 000 euroa elokuussa 2021.
Huijari lähetti asiakkaalle petoksesta varoittavan tekstiviestin, joka johti valepankin sivuille. Asiakas syötti sivuille verkkopankkitunnuksensa, joita huijari käytti tilisiirtoon. Rahat päätyivät isobritannialaiselle tilille.
Osuuspankin mielestä asiakas oli toiminut törkeän huolimattomasti, mutta oikeudet olivat eri mieltä. Hovioikeuden mukaan on todennäköistä, että uhrilla ei ollut pitkää kokemusta pankkipalveluiden käytöstä, koska hän oli huijauksen aikaan alle 20-vuotias. Lisäksi uhri oli tilanteessa hätääntynyt.
Hovioikeuden tuomio ei ole lainvoimainen. Tuomiolle voi hakea valituslupaa korkeimmasta oikeudesta.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
FBI and CISA: Chinese hackers breached multiple US telecom companies, compromising the “private communications” of US officials and stealing customer call data — CISA and the FBI confirmed that Chinese hackers compromised the “private communications” of a “limited number” …
US govt officials’ communications compromised in recent telecom hack
https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach/
CISA and the FBI confirmed that Chinese hackers compromised the “private communications” of a “limited number” of government officials after breaching multiple U.S. broadband providers.
The attackers also stole other information from the companies’ compromised systems, including information related to customer call records and law enforcement requests.
“Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data,” the two agencies said in a joint statement issued on Wednesday.
They added that the attackers also compromised the “private communications of a limited number of individuals who are primarily involved in government or political activity” and stole “certain information that was subject to U.S. law enforcement requests pursuant to court orders.”
This comes after CISA and the FBI confirmed the hack in late October after reports that a Chinese hacking group tracked as Salt Typhoon (aka Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) breached multiple broadband providers, including AT&T, Verizon, and Lumen Technologies.
Today’s joint statement also confirms reports that the threat group had access to U.S. federal government systems used for court-authorized network wiretapping requests.
Hackers reportedly maintained access for months
While it’s unknown when the telecom networks were first breached, people familiar with the matter told WSJ that the Chinese hackers had access “for months or longer,” which allowed them to collect vast amounts of “internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers.”
Canada also revealed last month that China-backed threat actors targeted many Canadian government agencies and departments in broad network scans, including federal political parties, the Senate, and the House of Commons.
“They also targeted dozens of organizations, including democratic institutions, critical infrastructure, the defence sector, media organizations, think tanks and NGOs,” the Government of Canada said.
Tomi Engdahl says:
Nicole Hegarty / ABC:
Australia plans to enact laws imposing a “digital duty of care” on big tech, which would make companies liable for citizens’ safety online
Social media ‘duty of care’ laws would force online giants to take preventative action on mental health harms
https://www.abc.net.au/news/2024-11-13/social-media-duty-of-care-laws-mental-health-harm/104597890
Tomi Engdahl says:
A snafu by Mattel — which accidentally printed the URL for an adult site on packaging for dolls based on Universal Pictures’ “Wicked” movie — has yielded a bonanza of traffic for Wicked Pictures, the adult-entertainment company that actually owns the web address.
https://www.facebook.com/share/p/2cyRKRskRrXAY2ng/
In the last two days, searches for the website have surged to their highest levels since mid-2012, according to the Google Trends analytics tool.
Tomi Engdahl says:
Nyt sattui XXL:lle paha Black Friday -tarjousmoka
XXL:n Black Friday -hinnoittelu yllättää.
https://www.iltalehti.fi/kotimaa/a/d34fa072-211d-4f6d-9914-05ed0b1c2acf
Black Friday tai Black Week -alennuksia metsästävät tarjoushaukat ovat saattaneet hieraista silmiään, jos ovat eksyneet urheiluvälineitä myyvän XXL:n verkkosivuille.
XXL:n tarjousten joukossa on muun muassa maastopyörä, jonka alkuperäiseksi jäsenhinnaksi on ilmoitettu 799 euroa. Nyt XXL mainostaa myyvänsä polkupyörää 43 prosentin alennuksella. Uusi, alennettu hinta on huimat 1 399 euroa.
Vastaavasti esimerkiksi kaunoluistimia myydään 51 prosentin alennuksella. Yli on vedetty alkuperäinen 29,99 euron hinta, ja sivuilla komeilee ”alennettu” 61,49 euron hinta.
XXL on toisin sanoen epähuomiossa kääntänyt päittäin vanhat ja alennetut hintansa.
Tomi Engdahl says:
Suurin osa maailman salasanoista murtuu alle sekunnissa
https://etn.fi/index.php/13-news/16837-tuttu-qwerty123-on-edelleen-suosituin-salasana
NordPass on julkaissut kuudetta kertaa vuotuisen 200 yleisintä salasanaa -tutkimuksensa, joka paljastaa kansainvälisesti suositut salasanat sekä 44 eri maan salasanat. Maailmalla yleisin salasana on nerokas ”123456” ja Suomen yleisimpänä jatkaa kestosuosikki ”qwerty123”.
Lähes puolet maailman salasanoista tänä vuonna koostuu helpoista näppäinyhdistelmistä, kuten “qwerty”, “1q2w3e4r5t” ja “123456789.” Suomi ei ole tässä asiassa poikkeus, vaan tällaiset salasanat ovat Suomenkin listan kärjessä.
Nämä salasanat ovat kirjaimellisesti idioottivarmoja, sillä 78 prosenttia maailman yleisimmistä salasanoista voidaan murtaa alle sekunnissa.
Tästä voidaan päätellä, että suurin osa niistä, jotka valitsevat vapaa-ajalla idioottimaisia salasanoja, tekevät niin yritysten verkoissakin. NordPassin aiemmin tekemässä tutkimuksessa kävi ilmi, että yhdellä internetin käyttäjällä on keskimäärin 168 salasanaa henkilökohtaiseen käyttöön ja 87 salasanaa työkäyttöön. Tämän salasanamäärän hallitseminen on yksinkertaisesti liian haastavaa monille, ja asiantuntijat sanovatkin, että on luonnollista, että käyttäjät luovat heikkoja salasanoja ja käyttävät samoja salasanoja eri tileillä.
Tomi Engdahl says:
Päivitä Windows nyt
Vaarassa on nyt jokainen Windowsin käyttäjä.
https://www.is.fi/digitoday/art-2000010833162.html
Microsoft paikkasi Ukrainaa vastaan käytetyn haavoittuvuuden kaikista Windows-käyttöjärjestelmän tuetuista versioista, kuten 10:stä ja 11:stä. Korjaus sisältyy marraskuun päivityspakettiin, joka poistaa Windowsista ja muista Microsoftin tuotteista kaikkiaan noin 90 haavoittuvuutta.
Bleeping Computerin mukaan viime kesäkuussa havaitussa hyökkäyksessä Ukrainaa vastaan käytettiin hyväksi Kamjanets-Podilskyin hallinnon murrettua palvelinta. Tavoitteena oli kaapata tietokoneita ja varastaa käyttäjien salasanoja.
Kohteille lähetettiin tietoja kalastelevia sähköposteja, joissa oli mukana linkki palvelimella sijaitsevaan tiedostoon. Sen avulla haavoittuvuus voitiin aktivoida haittaohjelman lataamiseksi tietokoneisiin. Mutta viestissä olevaa haitallista linkkiä ei tarvinnut avata. Riitti, että sitä esimerkiksi vain tarkasteli hiiren kakkosnäppäimellä.
Microsoft patches Windows zero-day exploited in attacks on Ukraine
https://www.bleepingcomputer.com/news/security/microsoft-patches-windows-zero-day-exploited-in-attacks-on-ukraine/
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities.
The security flaw (CVE-2024-43451) is an NTLM Hash Disclosure spoofing vulnerability reported by ClearSky security researchers, which can be exploited to steal the logged-in user’s NTLMv2 hash by forcing connections to a remote attacker-controlled server.
ClearSky spotted this campaign in June after observing phishing emails designed to exploit it. These emails contained hyperlinks that would download an Internet shortcut file hosted on a previously compromised server (osvita-kp.gov[.]ua) belonging to the Kamianets-Podilskyi City Council’s Department of Education and Science.
“When the user interacts with the URL file by right-clicking, deleting, or moving it, the vulnerability is triggered,” ClearSky said.
When this happens, a connection to a remote server is created to download malware payloads, including the SparkRAT open-source and multi-platform remote access tool that enables attackers to control compromised systems remotely.