Daily NCSC-FI news followup 2021-01-06

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. –

www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure. Lisäksi:

www.bleepingcomputer.com/news/security/us-govt-says-russian-state-hackers-likely-behind-solarwinds-hack/. Lisäksi:

thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html. Lisäksi:

apnews.com/article/us-blames-russia-federal-hacking-3921096dfd9693a020420acc787132bd. Lisäksi:

threatpost.com/feds-russia-culprit-solarwinds/162785/. Lisäksi:

www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack. Lisäksi:

arstechnica.com/tech-policy/2021/01/feds-say-that-russia-was-likely-behind-months-long-hack-of-us-agencies

SolarWinds hackers had access to over 3, 000 US DOJ email accounts

www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/ The US Department of Justice (DoJ) said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department’s Office 365 email inboxes. Lisäksi:

www.justice.gov/opa/pr/department-justice-statement-solarwinds-update. Lisäksi:

www.forbes.com/sites/thomasbrewster/2021/01/06/doj-admits-microsoft-email-accounts-were-hit-in-solarwinds-attacks/

WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook

www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/ WhatsApp users are receiving an in-app notice today regarding the service’s new terms and privacy policy. Lisäksi:

www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/. Lisäksi: www.whatsapp.com/legal/updates/key-updates

Google Warns of Critical Android Remote Code Execution Bug

threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/ Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/ More than 100, 000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. Lisäksi:

www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/ On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea.

SMS Phishing Is Getting Out Of Control

www.vice.com/en/article/m7appv/sms-phishing-is-getting-out-of-control Consumers and security companies report a concerning increase in scams via text message phishing, also known as smishing. Lisäksi:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Understanding And Exploiting Zerologon

packetstormsecurity.com/files/160823/Understanding_and_Exploiting_Zerologon.pdf Zerologon is a vulnerability in Microsoft’s Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.

81, 000 UK-owned.eu domains suspended as Brexit transition ends

www.zdnet.com/article/81000-uk-owned-eu-domains-suspended-as-brexit-transition-ends/ Tens of thousands of website owners who are based in the UK might have started the year with an unpleasant surprise: Eurid, the registry manager of.eu domain names, has suspended.eu domain names registered by UK citizens as a result of the regulatory changes caused by Brexit.

A Trump Sex Video? No, It’s a RAT!

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ While reviewing our spam traps, a particular campaign piqued our interest primarily because the attachment to the email does not coincide with the theme of the email body. When we investigated further, we discovered that its attachment is a variant of the QRAT downloader we blogged about last August. Lisäksi:

thehackernews.com/2021/01/hackers-using-fake-trumps-scandal-video.html. Lisäksi:

www.zdnet.com/article/this-new-phishing-attack-uses-an-odd-lure-to-deliver-windows-trojan-malware

Stolen employee credentials put leading gaming firms at risk

www.welivesecurity.com/2021/01/05/breached-employee-credentials-gaming-companies More than 500, 000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence company KELA. Threat actors have been increasingly targeting the gaming industry, including by harvesting and selling access credentials into the internal systems of top-tier game companies. Lisäksi:

www.zdnet.com/article/cyber-criminals-are-taking-aim-at-online-gaming-for-their-next-big-pay-day/

You might be interested in …

Daily NCSC-FI news followup 2020-08-20

Emotet palasi kesälomalta ja on jälleen aktiivinen Miten pienennät riskiä ympäristössäsi? blog.f-secure.com/fi/emotet-palasi-kesalomalta-ja-on-jalleen-aktiivinen-miten-pienennat-riskia-ymparistossasi/ Emotet-haittaohjelma on jälleen aktivoitunut rauhallisemman kevään ja kesän jälkeen. Vuodesta 2014 toiminut troijalainen on ollut vaihtelevasti tauolla, mutta jälleen on havaittavissa poikkeuksellisen voimakasta toimintaa.. Kyberturvallisuuskeskus varoitti 18.8.2020 organisaatioita haittaohjelman poikkeuksellisen aktiivisesta leviämisestä suomalaisten organisaatioiden keskuudessa ja uhka on luokiteltu tällä hetkellä vakavaksi Microsoft […]

Read More

Daily NCSC-FI news followup 2020-02-07

Backing up is no panacea when blackmailers publish stolen data www.kaspersky.com/blog/ransomware-data-disclosure/32410/ Backing up data has been one of the most effective, though labor-intensive, safeguards against encrypting ransomware so far. Now, malefactors seem to have caught up with those who rely on backups. The creators of several ransomware programs, confronted with victims refusing to pay the […]

Read More

Daily NCSC-FI news followup 2019-06-25

Operation Soft Cell a worldwide campaign against telecommunications providers www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.