Daily NCSC-FI news followup 2021-02-09

Hackers tried poisoning town after breaching its water facility

www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.

Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack

www.dragos.com/blog/industry-news/recommendations-following-the-oldsmar-water-treatment-facility-cyber-attack/ The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations.

New BendyBear APT malware gets linked to Chinese hacking group

www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/ Unit 42 researchers today have shared info on a new polymorphic and “highly sophisticated” malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. Report:


Web hosting provider shuts down after cyberattack

www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/ Two other UK web hosting providers also suffered similar hacks over the weekend, although it’s unconfirmed if the attacks are related. A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.

Android Devices Hunted by LodaRAT Windows Malware

threatpost.com/android-devices-lodarat-windows/163769/ The LodaRAT known for targeting Windows devices has been discovered also targeting Android devices in a new espionage campaign. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, researchers said. Report:


Arrest, Raids Tied to U-Admin’ Phishing Kit

krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/ Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”. The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.

Browser Favicons’ Can Be Used as Undeletable Supercookies’ to Track You Online

www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online Favicons can break through incognito mode, VPNs, and Pi-holes to track your movement online

CD PROJEKT RED gaming studio hit by ransomware attack

www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/ CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. The attackers claim in the ransom note left on CD PROJEKT RED’s encrypted systems that they were able to steal the full source code of Cyberpunk 2077, the Witcher 3, Gwent, as well as for an unreleased Witcher 3 version.

HelloKitty ransomware behind CD Projekt Red cyberattack, data theft

www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/ The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name ‘HelloKitty, ‘ and yes, that’s the name the threat actors utilize.

Huijarit käyttävät Googlen hakutuloksia reittinä verkkopankkiisi näin suojaudut

www.tivi.fi/uutiset/tv/94fc74fb-dff0-4fe3-a13c-c78ee320f681 Rikolliset voivat siirtää suuriakin summia rahaa pankkitileiltä, jos huijauksen kohde ei ole valppaana. Huijarit käyttävät nyt verkkopankkeja muistuttavia huijaussivustoja, joihin johdetaan hakukoneiden, kuten Googlen ja Bingin hakutulosten kautta.

Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day

www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/ With today’s update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important. There is also one zero-day vulnerability and six previously disclosed vulnerabilities fixed as part of the February 2021 updates.

Microsoft Warns of Windows Win32k Privilege Escalation

us-cert.cisa.gov/ncas/current-activity/2021/02/09/microsoft-warns-windows-win32k-privilege-escalation Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/ Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.

Adobe fixes critical Reader vulnerability exploited in the wild

www.bleepingcomputer.com/news/security/adobe-fixes-critical-reader-vulnerability-exploited-in-the-wild/ Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.

Apple Releases Security Updates

us-cert.cisa.gov/ncas/current-activity/2021/02/09/apple-releases-security-updates Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system.

Office 365 will help admins find impersonation attack targets

www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/ Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.

Researcher hacks Microsoft, Apple, more in novel supply chain attack

www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/ A researcher managed to breach over 35 major companies’ internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. The attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion. Birsan noticed some of the manifest file packages were not present on the public npm repository but were instead PayPal’s privately created npm packages, used and stored internally by the company.

Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles

www.enisa.europa.eu/news/enisa-news/solving-the-cryptography-riddle-post-quantum-computing-crypto-assets-blockchain-puzzles The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets.

ESET Threat Report Q4 2020

www.welivesecurity.com/2021/02/08/eset-threat-report-q42020/ A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Full report:


DNSMon: using DNS data to produce threat intelligence (3)

blog.netlab.360.com/use-dns-data-produce-threat-intelligence-3-en/ This article is the third in our series of articles introducing DNSMon in the production of threat intelligence (Domain Name IoC).

Last Week in Security (LWiS) – 2021-02-08

blog.badsectorlabs.com/last-week-in-security-lwis-2021-02-08.html Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2021-02-01 to 2021-02-08.

After Lightning Comes Thunder

safebreach.com/blog/2021/After-Lightning-Comes-Thunder/ The Most Persistent Iranian APT Rumbling Again

You might be interested in …

Daily NCSC-FI news followup 2020-11-09

Tietoja ja toimintaohjeita on saatavissa poliisin nettisivuilta ja poliisin valtakunnallisesta puhelinneuvontapalvelusta Vastaamon tietomurtoon liittyen www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/tietoja_ja_toimintaohjeita_on_saatavissa_poliisin_nettisivuilta_ja_poliisin_valtakunnallisesta_puhelinneuvontapalvelusta_vastaamon_tietomurtoon_liitt… Psykoterapiakeskus Vastaamon tietovuodon uhrit ovat tehneet poliisille jo noin 25 000 rikosilmoitusta. Ilmoituksia käsitellään poliisilaitoksissa jatkuvasti. Rikosilmoitusten käsittely viivästyttää myös rikosilmoitusten jäljennösten lähettämistä. Lisäksi: yle.fi/uutiset/3-11637719 Työryhmä selvittämään kriittisten toimialojen tietoturvaa – Psykoterapiapalveluja tarjovan Vastaamon tietomurron jälkeen on havahduttu tutkimaan ja […]

Read More

Daily NCSC-FI news followup 2020-08-09

Scanning Activity Include Netcat Listener isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/ This activity started on the 5 July 2020 and has been active to this day only scanning against TCP port 81. The GET command is always the same except for the Netcat IP which has changed a few times since it started. If you have a webserver or a […]

Read More

Daily NCSC-FI news followup 2021-03-13

Protecting on-premises Exchange Servers against recent attacks www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/ For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although larger organizations with on-premises Exchange […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.