Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination

www.securityfocus.com/archive/1/542248

CISA Publishes 2020 Chemical Security Presentations

www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others.

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents claimed to be a curriculum vitae and an IELTS certificate.

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

threatpost.com/apple-kills-macos-feature-allowing-apps-to-bypass-firewalls/163099/ The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called “ContentFilterExclusionList” and included a list of at least 50 Apple apps including Maps, Music, FaceTime, the App Store and its software update service. It has been recently removed in macOS Big Sur versions 11.2, Apple experts pointed out this week.

Windows Finger command abused by phishing to download malware

www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/ In September, we reported that security researchers discovered a way to use Finger as a way to download malware from a remote computer or exfiltrate data. This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.

A security researcher commandeered a Congo’s expired top-level domain nameserver’s domain to save it from hackers

techcrunch.com/2021/01/15/congo-comandeered/ In the end, the Congolese government didn’t bother asking for the domain back. It spun up an entirely new but similarly named domain scpt-network.net to replace the one now in Almroth’s possession.. The domain – scpt-network.com – was one of two nameservers for the.cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing

You might be interested in …

Daily NCSC-FI news followup 2020-01-26

Teenagers today. Can’t take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist www.theregister.co.uk/2020/01/25/security_roundup/ Also, Cisco, Citrix emit patches, US army advises using Signal Patching the Citrix ADC Bug Doesn’t Mean You Weren’t Hacked www.bleepingcomputer.com/news/security/patching-the-citrix-adc-bug-doesnt-mean-you-werent-hacked/ Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. […]

Read More

Daily NCSC-FI news followup 2020-11-07

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Lisäksi: www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/ New Pay2Key ransomware encrypts networks within one […]

Read More

Daily NCSC-FI news followup 2021-03-11

February 2021s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top global threat used by cybercriminals. Our latest Global Threat Index for February 2021 has revealed that the Trickbot trojan has […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.