Daily NCSC-FI news followup 2020-01-16

APT40 is run by the Hainan department of the Chinese Ministry of State Security

intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/ Either a Hainan intelligence officer has a side-hustle running a business empire of at least 13 fast-growing, high-tech information security companies, and that business empire has a side-hustle recruiting people with knowledge of the languages spoken in APT40 target countries coincidentally in the months preceding APT40 attacks in those countries, and on the same island that we know APT40 . runs its operations.. Or, APT40 is run by Ding Xiaoyang, an intelligence officer at the Hainan State Security Department.

CVE-2020-0601 Followup

isc.sans.edu/diary/rss/25714 Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see

sans.org/cryptoapi-isc )

Proof-of-concept exploits published for the Microsoft-NSA crypto bug

www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/ Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).. The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

Using CveEventWrite From VBA (CVE-2020-0601)

blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/ Microsofts patch for CVE-2020-0601 introduces a call to CveEventWrite in CryptoAPI when a faked certificate is detected.. This will write a Windows event entry in the Application event log.

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

threatpost.com/wordpress-bug-leaves-sites-open-to-attack/151911/ Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a sites backend with no password.

You might be interested in …

Daily NCSC-FI news followup 2020-10-26

Apua ja neuvoja tietovuodon uhreille tietovuotoapu.fi/fi/ Tietovuotoapu-sivustolta löydät kootusti viranomaisten ja avustusjärjestöjen ohjeita tietovuodon uhreille. Sivustoa päivitetään jatkuvasti. Mitä tehdä, jos törmää vuodettuun materiaaliin? Tietojen käsittelemisestä voi saada jopa vuoden vankeusrangaistuksen yle.fi/uutiset/3-11613689 Jos netissä törmää vuodettuun, haitalliseen sisältöön, siitä tulisi ilmoittaa Kyberturvallisuuskeskukseen tai poliisille. Moni miettii nyt, onko oma tietoturva ajan tasalla asiantuntija kertoo viisi […]

Read More

Daily NCSC-FI news followup 2020-07-08

Redirect auction securelist.com/redirect-auction/ Razor Enhanced, a legitimate assistant tool for Ultima Online, caught our eye when it started trying to access a malicious URL.. The WHOIS data told us that its owner had stopped paying for the domain name, and that it had been purchased using a service for tracking released domains, and then put […]

Read More

Daily NCSC-FI news followup 2020-11-17

Nordean tietomurrosta kahdelle vankeutta yhden syytteet hylättiin Pohjanmaan käräjäoikeudessa yle.fi/uutiset/3-11652084?origin=rss Rikokset ajoittuivat kesään 2019. Käräjäoikeus määräsi tiistaina tuomitut maksamaan pankille yhteensä yli 276 000 euroa vahingonkorvauksia. Delhin poliisi pidätti 17 ihmistä “Microsoftin palvelukeskuksesta” www.tivi.fi/uutiset/tv/79cbdf6d-9551-46b5-b6ff-06a378686a75 Poliisin antamien tietojen mukaan huijariporukka oli ehtinyt petkuttaa ihmisiä jo runsaan vuoden ajan. Uhrien määräksi kerrotaan 2268 ja saaliiksi runsaat 0, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.