Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability

www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

Russian Hacks on U.S. Voting System Wider Than Previously Known

www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral system before Donald Trumps election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

THE HIGHLY DANGEROUS ‘TRITON’ HACKERS HAVE PROBED THE US GRID

www.wired.com/story/triton-hackers-scan-us-power-grid/ Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these hackers, known as Xenotimeor sometimes as the Triton ac

Microsoft Management Console Bugs Allow Windows Takeover

threatpost.com/microsoft-management-console-bugs/145791/ A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.

GoldBrute: the botnet searching for RDP connections

www.pandasecurity.com/mediacenter/malware/goldbrute-botnet-rdp/ This new threat is GoldBrute, a botnet that is currently scanning the Internet, actively searching for Windows machines with the Remote Desktop Protocol (RDP) connection enabled. The researchers have discovered that the malware has compiled a list of 1.5 million unique systems with RDP enabled.

Threat Actors Use Older Cobalt Strike Versions to Blend In

www.bleepingcomputer.com/news/security/threat-actors-use-older-cobalt-strike-versions-to-blend-in/ Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.

You might be interested in …

Daily NCSC-FI news followup 2021-08-20

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in […]

Read More

Daily NCSC-FI news followup 2019-06-25

Operation Soft Cell a worldwide campaign against telecommunications providers www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and […]

Read More

Daily NCSC-FI news followup 2021-04-16

SolarWinds hack affected six EU agencies therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.