Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination

www.securityfocus.com/archive/1/542248

CISA Publishes 2020 Chemical Security Presentations

www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others.

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents claimed to be a curriculum vitae and an IELTS certificate.

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

threatpost.com/apple-kills-macos-feature-allowing-apps-to-bypass-firewalls/163099/ The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called “ContentFilterExclusionList” and included a list of at least 50 Apple apps including Maps, Music, FaceTime, the App Store and its software update service. It has been recently removed in macOS Big Sur versions 11.2, Apple experts pointed out this week.

Windows Finger command abused by phishing to download malware

www.bleepingcomputer.com/news/security/windows-finger-command-abused-by-phishing-to-download-malware/ In September, we reported that security researchers discovered a way to use Finger as a way to download malware from a remote computer or exfiltrate data. This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.

A security researcher commandeered a Congo’s expired top-level domain nameserver’s domain to save it from hackers

techcrunch.com/2021/01/15/congo-comandeered/ In the end, the Congolese government didn’t bother asking for the domain back. It spun up an entirely new but similarly named domain scpt-network.net to replace the one now in Almroth’s possession.. The domain – scpt-network.com – was one of two nameservers for the.cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing

You might be interested in …

Daily NCSC-FI news followup 2021-03-03

HAFNIUM targeting Exchange Servers with 0-day exploits www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional […]

Read More

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Daily NCSC-FI news followup 2021-09-19

An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/ A U.S. company’s tech was abused by the Indian government, amidst warnings Americans are contributing to a spyware industry already under fire for being out of control. Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.