FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack
thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. Lisäksi: This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. –
thehackernews.com/2021/01/fbi-cisa-nsa-officially-blames-russia.html. Lisäksi:
apnews.com/article/us-blames-russia-federal-hacking-3921096dfd9693a020420acc787132bd. Lisäksi:
threatpost.com/feds-russia-culprit-solarwinds/162785/. Lisäksi:
www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack. Lisäksi:
SolarWinds hackers had access to over 3, 000 US DOJ email accounts
www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/ The US Department of Justice (DoJ) said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department’s Office 365 email inboxes. Lisäksi:
www.justice.gov/opa/pr/department-justice-statement-solarwinds-update. Lisäksi:
WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook
www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/ WhatsApp users are receiving an in-app notice today regarding the service’s new terms and privacy policy. Lisäksi:
www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/. Lisäksi: www.whatsapp.com/legal/updates/key-updates
Google Warns of Critical Android Remote Code Execution Bug
threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/ Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw
threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/ More than 100, 000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. Lisäksi:
www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/ On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea.
SMS Phishing Is Getting Out Of Control
www.vice.com/en/article/m7appv/sms-phishing-is-getting-out-of-control Consumers and security companies report a concerning increase in scams via text message phishing, also known as smishing. Lisäksi:
Understanding And Exploiting Zerologon
packetstormsecurity.com/files/160823/Understanding_and_Exploiting_Zerologon.pdf Zerologon is a vulnerability in Microsoft’s Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.
81, 000 UK-owned.eu domains suspended as Brexit transition ends
www.zdnet.com/article/81000-uk-owned-eu-domains-suspended-as-brexit-transition-ends/ Tens of thousands of website owners who are based in the UK might have started the year with an unpleasant surprise: Eurid, the registry manager of.eu domain names, has suspended.eu domain names registered by UK citizens as a result of the regulatory changes caused by Brexit.
A Trump Sex Video? No, It’s a RAT!
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/ While reviewing our spam traps, a particular campaign piqued our interest primarily because the attachment to the email does not coincide with the theme of the email body. When we investigated further, we discovered that its attachment is a variant of the QRAT downloader we blogged about last August. Lisäksi:
thehackernews.com/2021/01/hackers-using-fake-trumps-scandal-video.html. Lisäksi:
www.zdnet.com/article/this-new-phishing-attack-uses-an-odd-lure-to-deliver-windows-trojan-malware
Stolen employee credentials put leading gaming firms at risk
www.welivesecurity.com/2021/01/05/breached-employee-credentials-gaming-companies More than 500, 000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence company KELA. Threat actors have been increasingly targeting the gaming industry, including by harvesting and selling access credentials into the internal systems of top-tier game companies. Lisäksi:
www.zdnet.com/article/cyber-criminals-are-taking-aim-at-online-gaming-for-their-next-big-pay-day/