Hackers tried poisoning town after breaching its water facility
www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/ A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.
Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack
www.dragos.com/blog/industry-news/recommendations-following-the-oldsmar-water-treatment-facility-cyber-attack/ The case is evolving and details are ongoing but this blog is intended to share what’s known currently with some defensive recommendations.
New BendyBear APT malware gets linked to Chinese hacking group
www.bleepingcomputer.com/news/security/new-bendybear-apt-malware-gets-linked-to-chinese-hacking-group/ Unit 42 researchers today have shared info on a new polymorphic and “highly sophisticated” malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. Report:
unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
Web hosting provider shuts down after cyberattack
www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/ Two other UK web hosting providers also suffered similar hacks over the weekend, although it’s unconfirmed if the attacks are related. A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.
Android Devices Hunted by LodaRAT Windows Malware
threatpost.com/android-devices-lodarat-windows/163769/ The LodaRAT known for targeting Windows devices has been discovered also targeting Android devices in a new espionage campaign. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, researchers said. Report:
blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Arrest, Raids Tied to U-Admin’ Phishing Kit
krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/ Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”. The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.
Browser Favicons’ Can Be Used as Undeletable Supercookies’ to Track You Online
www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online Favicons can break through incognito mode, VPNs, and Pi-holes to track your movement online
CD PROJEKT RED gaming studio hit by ransomware attack
www.bleepingcomputer.com/news/security/cd-projekt-red-gaming-studio-hit-by-ransomware-attack/ CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. The attackers claim in the ransom note left on CD PROJEKT RED’s encrypted systems that they were able to steal the full source code of Cyberpunk 2077, the Witcher 3, Gwent, as well as for an unreleased Witcher 3 version.
HelloKitty ransomware behind CD Projekt Red cyberattack, data theft
www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/ The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name ‘HelloKitty, ‘ and yes, that’s the name the threat actors utilize.
Huijarit käyttävät Googlen hakutuloksia reittinä verkkopankkiisi näin suojaudut
www.tivi.fi/uutiset/tv/94fc74fb-dff0-4fe3-a13c-c78ee320f681 Rikolliset voivat siirtää suuriakin summia rahaa pankkitileiltä, jos huijauksen kohde ei ole valppaana. Huijarit käyttävät nyt verkkopankkeja muistuttavia huijaussivustoja, joihin johdetaan hakukoneiden, kuten Googlen ja Bingin hakutulosten kautta.
Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day
www.bleepingcomputer.com/news/security/microsoft-february-2021-patch-tuesday-fixes-56-flaws-1-zero-day/ With today’s update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important. There is also one zero-day vulnerability and six previously disclosed vulnerabilities fixed as part of the February 2021 updates.
Microsoft Warns of Windows Win32k Privilege Escalation
us-cert.cisa.gov/ncas/current-activity/2021/02/09/microsoft-warns-windows-win32k-privilege-escalation Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/ Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.
Adobe fixes critical Reader vulnerability exploited in the wild
www.bleepingcomputer.com/news/security/adobe-fixes-critical-reader-vulnerability-exploited-in-the-wild/ Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
Apple Releases Security Updates
us-cert.cisa.gov/ncas/current-activity/2021/02/09/apple-releases-security-updates Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system.
Office 365 will help admins find impersonation attack targets
www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/ Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.
Researcher hacks Microsoft, Apple, more in novel supply chain attack
www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/ A researcher managed to breach over 35 major companies’ internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack. The attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion. Birsan noticed some of the manifest file packages were not present on the public npm repository but were instead PayPal’s privately created npm packages, used and stored internally by the company.
Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles
www.enisa.europa.eu/news/enisa-news/solving-the-cryptography-riddle-post-quantum-computing-crypto-assets-blockchain-puzzles The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets.
ESET Threat Report Q4 2020
www.welivesecurity.com/2021/02/08/eset-threat-report-q42020/ A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts. Full report:
www.welivesecurity.com/wp-content/uploads/2021/02/ESET_Threat_Report_Q42020.pdf
DNSMon: using DNS data to produce threat intelligence (3)
blog.netlab.360.com/use-dns-data-produce-threat-intelligence-3-en/ This article is the third in our series of articles introducing DNSMon in the production of threat intelligence (Domain Name IoC).
Last Week in Security (LWiS) – 2021-02-08
blog.badsectorlabs.com/last-week-in-security-lwis-2021-02-08.html Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2021-02-01 to 2021-02-08.
After Lightning Comes Thunder
safebreach.com/blog/2021/After-Lightning-Comes-Thunder/ The Most Persistent Iranian APT Rumbling Again