Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw

threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain controllers (DCs).. The vulnerability, dubbed Zerologon, is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsofts August 2020 security updates.

Iran-Based Threat Actor Exploits VPN Vulnerabilities

us-cert.cisa.gov/ncas/alerts/aa20-259a CISA and FBI are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States. . see also

us-cert.cisa.gov/ncas/analysis-reports/ar20-259a

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html This new post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and got fixed in June.

MFA Bypass Bugs Opened Microsoft 365 to Attack

threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/ Vulnerabilities that have existed for years in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.

Back Despite Disruption: RedDelta Resumes Operations

www.recordedfuture.com/reddelta-cyber-threat-operations/ In the interim two-month period since previous Insikt Group reporting, RedDelta has largely remained unperturbed by the extensive public reporting on its targeting of the Vatican and other Catholic organizations.

Not for higher education: cybercriminals target academic & research institutions across the world

blog.checkpoint.com/2020/09/15/not-for-higher-education-cybercriminals-target-academic-research-institutions-across-the-world/ Across the USA, Europe and Asia, there was an increase in the number of attacks targeting the education and research sector in recent months.

MITRE releases emulation plan for FIN6 hacking group, more to follow

www.zdnet.com/article/mitre-releases-emulation-plan-for-fin6-hacking-group-more-to-follow/ New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders.

Fingrid nostaa valmiutta lähestyvän myrskyn vuoksi

www.fingrid.fi/sivut/ajankohtaista/tiedotteet/2020/fingrid-nostaa-valmiutta-lahestyvan-myrskyn-vuoksi/ Suomeen ennustetun myrskyn vuoksi kantaverkon häiriönselvitysvalmiutta nostetaan keskiviikosta 16.9. klo 16 alkaen. Valmiustilan nosto kestää perjantaiaamuun 17.9. klo 7 saakka.

You might be interested in …

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2019-12-15

(Lazy) Sunday Maldoc Analysis: A Bit More … isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis+A+Bit+More/25608/ At the end of my diary entry “(Lazy) Sunday Maldoc Analysis”, I wrote that there was something unusal about this document. Let’s take a look at the content of the file and compare that with the file size. Luulitko älylukon olevan turvallinen? Varoittava esimerkki panee miettimään […]

Read More

Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays! nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you! Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.