Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. –

www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure. Lisäksi:

www.bleepingcomputer.com/news/security/us-govt-says-russian-state-hackers-likely-behind-solarwinds-hack/. Lisäksi:

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html. Lisäksi:

apnews.com/article/us-blames-russia-federal-hacking-3921096dfd9693a020420acc787132bd. Lisäksi:

threatpost.com/feds-russia-culprit-solarwinds/162785/. Lisäksi:

www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack. Lisäksi:

arstechnica.com/tech-policy/2021/01/feds-say-that-russia-was-likely-behind-months-long-hack-of-us-agencies

SolarWinds hackers had access to over 3, 000 US DOJ email accounts

www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/ The US Department of Justice (DoJ) said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department’s Office 365 email inboxes. Lisäksi:

www.justice.gov/opa/pr/department-justice-statement-solarwinds-update. Lisäksi:

www.forbes.com/sites/thomasbrewster/2021/01/06/doj-admits-microsoft-email-accounts-were-hit-in-solarwinds-attacks/

WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook

www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/ WhatsApp users are receiving an in-app notice today regarding the service’s new terms and privacy policy. Lisäksi:

www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/. Lisäksi: www.whatsapp.com/legal/updates/key-updates

Google Warns of Critical Android Remote Code Execution Bug

threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/ Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/ More than 100, 000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. Lisäksi:

www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/ On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea.

SMS Phishing Is Getting Out Of Control

www.vice.com/en/article/m7appv/sms-phishing-is-getting-out-of-control Consumers and security companies report a concerning increase in scams via text message phishing, also known as smishing. Lisäksi:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Understanding And Exploiting Zerologon

packetstormsecurity.com/files/160823/Understanding_and_Exploiting_Zerologon.pdf Zerologon is a vulnerability in Microsoft’s Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.

81, 000 UK-owned.eu domains suspended as Brexit transition ends

www.zdnet.com/article/81000-uk-owned-eu-domains-suspended-as-brexit-transition-ends/ Tens of thousands of website owners who are based in the UK might have started the year with an unpleasant surprise: Eurid, the registry manager of.eu domain names, has suspended.eu domain names registered by UK citizens as a result of the regulatory changes caused by Brexit.

A Trump Sex Video? No, It’s a RAT!

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ While reviewing our spam traps, a particular campaign piqued our interest primarily because the attachment to the email does not coincide with the theme of the email body. When we investigated further, we discovered that its attachment is a variant of the QRAT downloader we blogged about last August. Lisäksi:

thehackernews.com/2021/01/hackers-using-fake-trumps-scandal-video.html. Lisäksi:

www.zdnet.com/article/this-new-phishing-attack-uses-an-odd-lure-to-deliver-windows-trojan-malware

Stolen employee credentials put leading gaming firms at risk

www.welivesecurity.com/2021/01/05/breached-employee-credentials-gaming-companies More than 500, 000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence company KELA. Threat actors have been increasingly targeting the gaming industry, including by harvesting and selling access credentials into the internal systems of top-tier game companies. Lisäksi:

www.zdnet.com/article/cyber-criminals-are-taking-aim-at-online-gaming-for-their-next-big-pay-day/

You might be interested in …

Daily NCSC-FI news followup 2019-10-12

These are the 29 countries vulnerable to Simjacker attacks www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/ Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.. Simjacker attacks spotted in Mexico, Colombia and Peru. Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ The RIG exploit kit is now pushing a cocktail […]

Read More

Daily NCSC-FI news followup 2020-01-05

Austria: Cyberangriff auf Außenministerium orf.at/stories/3149769/ Die IT-Systeme des Außenministeriums sind derzeit offenbar Ziel eines schwerwiegenden Cyberangriffs. Der Angriff lief auch am Sonntag weiter, so Außenamtssprecher Peter Guschelbauer. Vonseiten des Ministeriums vermutet man einen Angriff eines staatlichen Akteurs.. Also www.bbc.com/news/world-europe-50997773 US announces AI software export restrictions www.theverge.com/2020/1/5/21050508/us-export-ban-ai-software-china-geospatial-analysis The ban, which comes into force on Monday, is […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.