Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-01-16

APT40 is run by the Hainan department of the Chinese Ministry of State Security

intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/ Either a Hainan intelligence officer has a side-hustle running a business empire of at least 13 fast-growing, high-tech information security companies, and that business empire has a side-hustle recruiting people with knowledge of the languages spoken in APT40 target countries coincidentally in the months preceding APT40 attacks in those countries, and on the same island that we know APT40 . runs its operations.. Or, APT40 is run by Ding Xiaoyang, an intelligence officer at the Hainan State Security Department.

CVE-2020-0601 Followup

isc.sans.edu/diary/rss/25714 Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see

sans.org/cryptoapi-isc )

Proof-of-concept exploits published for the Microsoft-NSA crypto bug

www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/ Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).. The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

Using CveEventWrite From VBA (CVE-2020-0601)

blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/ Microsofts patch for CVE-2020-0601 introduces a call to CveEventWrite in CryptoAPI when a faked certificate is detected.. This will write a Windows event entry in the Application event log.

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

threatpost.com/wordpress-bug-leaves-sites-open-to-attack/151911/ Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a sites backend with no password.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.