Daily NCSC-FI news followup 2020-01-16

APT40 is run by the Hainan department of the Chinese Ministry of State Security

intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/ Either a Hainan intelligence officer has a side-hustle running a business empire of at least 13 fast-growing, high-tech information security companies, and that business empire has a side-hustle recruiting people with knowledge of the languages spoken in APT40 target countries coincidentally in the months preceding APT40 attacks in those countries, and on the same island that we know APT40 . runs its operations.. Or, APT40 is run by Ding Xiaoyang, an intelligence officer at the Hainan State Security Department.

CVE-2020-0601 Followup

isc.sans.edu/diary/rss/25714 Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see

sans.org/cryptoapi-isc )

Proof-of-concept exploits published for the Microsoft-NSA crypto bug

www.zdnet.com/article/proof-of-concept-exploits-published-for-the-microsoft-nsa-crypto-bug/ Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).. The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

Using CveEventWrite From VBA (CVE-2020-0601)

blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/ Microsofts patch for CVE-2020-0601 introduces a call to CveEventWrite in CryptoAPI when a faked certificate is detected.. This will write a Windows event entry in the Application event log.

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

threatpost.com/wordpress-bug-leaves-sites-open-to-attack/151911/ Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a sites backend with no password.

You might be interested in …

Daily NCSC-FI news followup 2021-01-31

5 Insights From NSA’s 2020 Cybersecurity Year In Review www.forbes.com/sites/louiscolumbus/2021/01/30/5-insights-from-nsas-2020-cybersecurity-year-in-review/ The report provides insights into the many accomplishments of the NSA Cybersecurity Directorate’s first full year of operations under the leadership of Ms. Anne Neuberger, Director of Cybersecurity. also: www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2466179/nsa-cybersecurity-2020-year-in-review/ Regulator Blasts NZ’s Stock Exchange Over DDoS Meltdown www.databreachtoday.co.uk/regulator-blasts-nzs-stock-exchange-over-ddos-meltdown-a-15881 New Zealand’s financial regulator has issued […]

Read More

Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted […]

Read More

Daily NCSC-FI news followup 2021-05-07

Connected Places: new NCSC security principles for ‘Smart Cities’ www.ncsc.gov.uk/blog-post/connected-places-new-ncsc-security-principles-for-smart-cities NCSC Technical Director warns that ‘Connected Places’ will likely be a target for malicious actors. It wasnt a teenager accidentally taking control of nuclear command and control, or a magic box that can decrypt anything stolen and used by shady Bond villains intent on taking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.