Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. –

www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure. Lisäksi:

www.bleepingcomputer.com/news/security/us-govt-says-russian-state-hackers-likely-behind-solarwinds-hack/. Lisäksi:

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html. Lisäksi:

apnews.com/article/us-blames-russia-federal-hacking-3921096dfd9693a020420acc787132bd. Lisäksi:

threatpost.com/feds-russia-culprit-solarwinds/162785/. Lisäksi:

www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack. Lisäksi:


SolarWinds hackers had access to over 3, 000 US DOJ email accounts

www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/ The US Department of Justice (DoJ) said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department’s Office 365 email inboxes. Lisäksi:

www.justice.gov/opa/pr/department-justice-statement-solarwinds-update. Lisäksi:


WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook

www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/ WhatsApp users are receiving an in-app notice today regarding the service’s new terms and privacy policy. Lisäksi:

www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/. Lisäksi: www.whatsapp.com/legal/updates/key-updates

Google Warns of Critical Android Remote Code Execution Bug

threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/ Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/ More than 100, 000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. Lisäksi:


Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/ On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea.

SMS Phishing Is Getting Out Of Control

www.vice.com/en/article/m7appv/sms-phishing-is-getting-out-of-control Consumers and security companies report a concerning increase in scams via text message phishing, also known as smishing. Lisäksi:


Understanding And Exploiting Zerologon

packetstormsecurity.com/files/160823/Understanding_and_Exploiting_Zerologon.pdf Zerologon is a vulnerability in Microsoft’s Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.

81, 000 UK-owned.eu domains suspended as Brexit transition ends

www.zdnet.com/article/81000-uk-owned-eu-domains-suspended-as-brexit-transition-ends/ Tens of thousands of website owners who are based in the UK might have started the year with an unpleasant surprise: Eurid, the registry manager of.eu domain names, has suspended.eu domain names registered by UK citizens as a result of the regulatory changes caused by Brexit.

A Trump Sex Video? No, It’s a RAT!

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ While reviewing our spam traps, a particular campaign piqued our interest primarily because the attachment to the email does not coincide with the theme of the email body. When we investigated further, we discovered that its attachment is a variant of the QRAT downloader we blogged about last August. Lisäksi:

thehackernews.com/2021/01/hackers-using-fake-trumps-scandal-video.html. Lisäksi:


Stolen employee credentials put leading gaming firms at risk

www.welivesecurity.com/2021/01/05/breached-employee-credentials-gaming-companies More than 500, 000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence company KELA. Threat actors have been increasingly targeting the gaming industry, including by harvesting and selling access credentials into the internal systems of top-tier game companies. Lisäksi:


You might be interested in …

Daily NCSC-FI news followup 2021-01-19

DNSpooq – 7 vulnerabilities found in dnsmasq, an open-source DNS forwarding software in common use www.jsof-tech.com/disclosures/dnspooq/ The Dnspooq vulnerabilities include DNS cache poisoning vulnerabilities as well as a potential Remote code execution and others. The list of devices using dnsmasq is long and varied. According to our internet-based research, prominent users of dnsmasq seem to […]

Read More

Daily NCSC-FI news followup 2021-03-27

Google’s top security teams unilaterally shut down a counterterrorism operation www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ Google’s Project Zero and Threat Analysis Group teams found the hacking group exploiting 11 zero-day vulnerabilities in just nine months, a high number of exploits over a short period. Software that was attacked included the Safari browser on iPhones but also many Google products, […]

Read More

Daily NCSC-FI news followup 2019-08-20

Guccifer Rising? Months-Long Phishing Campaign on ProtonMail Targets Dozens of Russia-Focused Journalists and NGOs www.bellingcat.com/news/uk-and-europe/2019/08/10/guccifer-rising-months-long-phishing-campaign-on-protonmail-targets-dozens-of-russia-focused-journalists-and-ngos/ A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.