Daily NCSC-FI news followup 2019-10-15

Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected

www.bleepingcomputer.com/news/linux/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected/ A vulnerability in the Linux sudo command has been discovered that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected.

Building China’s Comac C919 airplane involved a lot of hacking, report says

www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/ A report published today shines a light on one of China’s most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country’s underground hacking scene, legitimate security researchers, and insiders at companies all over the world.. The aim of this hacking operation was to acquire intellectual property to narrow China’s technological gap in the aviation industry, and especially to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, to compete with industry rivals like Airbus and Boeing.. see full report

www.crowdstrike.com/resources/wp-content/brochures/reports/huge-fan-of-your-work-intelligence-report.pdf

LOWKEY: Hunting for the Missing Volume Serial ID

www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html In August 2019, FireEye released the Double Dragon report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services.. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report and recently unveiled at the FireEye Cyber Defense Summit. We observed LOWKEY being used in highly targeted attacks, utilizing payloads that run only on specific systems.

China’s Study the Great Nation app ‘enables spying via back door’

www.bbc.com/news/technology-50042379 The Chinese Communist Party has gained the ability to spy on more than 100 million citizens via a heavily promoted official app, a report suggests.. Analysis of the Study the Great Nation app found hidden elements that could help monitor use and copy data, said phone security experts Cure 53.. full report

cure53.de/analysis_report_sgn.pdf

Fake iOS Jailbreak Site Lures in Apple Users

threatpost.com/apple-fake-ios-jailbreak-site/149159/ A fake website purports to enable iPhone users to download an iOS jailbreak but ultimately prompts them to download a gaming app and conducts click fraud.

Pitney Bowes Hit with Ransomware Attack

threatpost.com/pitney-bowes-hit-with-ransomware-attack/149156/ Shipping services company Pitney Bowes was hit with a ransomware attack that disrupted customer access to key services, the company said Monday.

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

www.bleepingcomputer.com/news/security/chinese-hackers-use-new-cryptojacking-tactics-to-evade-detection/ Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Welcome to the World Of Tomorrow, where fridges suffer certificate errors. Just like everything else

www.theregister.co.uk/2019/10/15/welcome_to_the_world_of_tomorrow/

The Day MegaCortex Ransomware Mayhem Was Averted

securityintelligence.com/posts/the-day-megacortex-ransomware-mayhem-was-averted/ This post will highlight the benefits of reporting early and escalating suspicious indicators to responders by diving into a recent case where a ransomware attack by MegaCortex was stopped in its tracks.

BriansClub Hack Rescues 26M Stolen Cards

krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/ BriansClub, one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.