Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility

www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.

Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack

www.dragos.com/blog/industry-news/recommendations-following-the-oldsmar-water-treatment-facility-cyber-attack/ The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations.

New BendyBear APT malware gets linked to Chinese hacking group

www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/ Unit 42 researchers today have shared info on a new polymorphic and “highly sophisticated” malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. Report:

unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/

Web hosting provider shuts down after cyberattack

www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/ Two other UK web hosting providers also suffered similar hacks over the weekend, although it’s unconfirmed if the attacks are related. A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.

Android Devices Hunted by LodaRAT Windows Malware

threatpost.com/android-devices-lodarat-windows/163769/ The LodaRAT known for targeting Windows devices has been discovered also targeting Android devices in a new espionage campaign. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, researchers said. Report:

blog.talosintelligence.com/2021/02/kasablanka-lodarat.html

Arrest, Raids Tied to U-Admin’ Phishing Kit

krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/ Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”. The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Browser Favicons’ Can Be Used as Undeletable Supercookies’ to Track You Online

www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online Favicons can break through incognito mode, VPNs, and Pi-holes to track your movement online

CD PROJEKT RED gaming studio hit by ransomware attack

www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/ CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. The attackers claim in the ransom note left on CD PROJEKT RED’s encrypted systems that they were able to steal the full source code of Cyberpunk 2077, the Witcher 3, Gwent, as well as for an unreleased Witcher 3 version.

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/ The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name ‘HelloKitty, ‘ and yes, that’s the name the threat actors utilize.

Huijarit käyttävät Googlen hakutuloksia reittinä verkkopankkiisi näin suojaudut

www.tivi.fi/uutiset/tv/94fc74fb-dff0-4fe3-a13c-c78ee320f681 Rikolliset voivat siirtää suuriakin summia rahaa pankkitileiltä, jos huijauksen kohde ei ole valppaana. Huijarit käyttävät nyt verkkopankkeja muistuttavia huijaussivustoja, joihin johdetaan hakukoneiden, kuten Googlen ja Bingin hakutulosten kautta.

Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day

www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/ With today’s update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important. There is also one zero-day vulnerability and six previously disclosed vulnerabilities fixed as part of the February 2021 updates.

Microsoft Warns of Windows Win32k Privilege Escalation

us-cert.cisa.gov/ncas/current-activity/2021/02/09/microsoft-warns-windows-win32k-privilege-escalation Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/ Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.

Adobe fixes critical Reader vulnerability exploited in the wild

www.bleepingcomputer.com/news/security/adobe-fixes-critical-reader-vulnerability-exploited-in-the-wild/ Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.

Apple Releases Security Updates

us-cert.cisa.gov/ncas/current-activity/2021/02/09/apple-releases-security-updates Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system.

Office 365 will help admins find impersonation attack targets

www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/ Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.

Researcher hacks Microsoft, Apple, more in novel supply chain attack

www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/ A researcher managed to breach over 35 major companies’ internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. The attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion. Birsan noticed some of the manifest file packages were not present on the public npm repository but were instead PayPal’s privately created npm packages, used and stored internally by the company.

Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles

www.enisa.europa.eu/news/enisa-news/solving-the-cryptography-riddle-post-quantum-computing-crypto-assets-blockchain-puzzles The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets.

ESET Threat Report Q4 2020

www.welivesecurity.com/2021/02/08/eset-threat-report-q42020/ A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Full report:

www.welivesecurity.com/wp-content/uploads/2021/02/ESET_Threat_Report_Q42020.pdf

DNSMon: using DNS data to produce threat intelligence (3)

blog.netlab.360.com/use-dns-data-produce-threat-intelligence-3-en/ This article is the third in our series of articles introducing DNSMon in the production of threat intelligence (Domain Name IoC).

Last Week in Security (LWiS) – 2021-02-08

blog.badsectorlabs.com/last-week-in-security-lwis-2021-02-08.html Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2021-02-01 to 2021-02-08.

After Lightning Comes Thunder

safebreach.com/blog/2021/After-Lightning-Comes-Thunder/ The Most Persistent Iranian APT Rumbling Again

You might be interested in …

Daily NCSC-FI news followup 2021-02-24

Haavoittuvuuksia VMwaren tuotteissa – päivitä heti www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti VMware julkaisi päivityksiä, jotka tulisi asentaa välittömästi. Haavoittuvuudet mahdollistavat esimerkiksi etänä suoritettavat komennot sekä mielivaltaisen ohjelmakoodin suorittamisen. Kriittinen haavoittuvuus CVE-2021-21972 koskee VMware vCenter Server – -hallinta-alustaa, joka mahdollistaa etänä suoritettavien komentojen suorittamisen. Julkaistu vakava haavoittuvuus CVE-2021-21974 koskee ESXi OpenSLP -puskurin ylivuotoa. Google funds Linux maintainers to boost Linux […]

Read More

Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN. Leaky Gekko Group database exposes info on hotel brands, travelers www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over […]

Read More

Daily NCSC-FI news followup 2020-06-16

T-Mobile confirms nationwide outage impacting millions of customers abc13.com/tmobile-outage-is-out-t-mobile-down/6248980/ T-Mobile customers are dealing with a nationwide outage of its voice and data network. The phone carrier’s president of technology, Neville Ray, confirmed the outage Monday afternoon. “Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.