Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update

msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to attack others.. For a small number of repositories, there was additional access, including in some cases, downloading component source code. These repositories contained code for:. a small subset of Azure components (subsets of service, security, identity). a small subset of Intune components. a small subset of Exchange components

SolarWinds attack hit 100 companies and took months of planning, says White House

www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ The White House warns SolarWinds attack was more than espionage because the private sector targets could lead to follow-up attacks.

Exploit Details Emerge for Unpatched Microsoft Bug

threatpost.com/exploit-details-unpatched-microsoft-bug/164083/ A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.

Windows and Linux servers targeted by new WatchDog botnet for almost two years

www.zdnet.com/article/windows-and-linux-servers-targeted-by-new-watchdog-botnet-for-almost-two-years/ WatchDog botnet uses exploits to take over servers and mine cryptocurrency.

RIPE NCC Internet Registry discloses SSO credential stuffing attack

www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/ RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

SHAREit Flaw Could Lead to Remote Code Execution

www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a users sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

threatpost.com/ninja-forms-wordpress-plugin-hacks/164042/ The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.

Hackers Leak Gigabytes Of Data Stolen From International Law Firm Jones Day

www.forbes.com/sites/leemathews/2021/02/18/hackers-leak-gigabytes-of-data-stolen-from-international-law-firm-jones-day/ Last month hackers infiltrated a server used by Jones Day, one of the largest and most successful law firms in the world. After failed attempts to extort payment from the firm, the hackers have now uploaded gigabytes of of highly sensitive data that were stolen in the attack.

Estonian Foreign Intelligence Service public report 2021

valisluureamet.ee/en.html The Estonian Foreign Intelligence Service has published a report covering the security situation in the Baltic Sea region.. Full report


Nurserycam horror show: ‘Secure’ daycare video monitoring product beamed DVR admin creds to all users

www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/ Company has a habit of reacting badly to vuln disclosures

You might be interested in …

Daily NCSC-FI news followup 2019-06-27

Firefox Will Give You a Fake Browsing History to Fool Advertisers www.vice.com/en_us/article/43j8qm/firefox-will-give-you-a-fake-browsing-history-to-fool-advertisers Using the ‘Track THIS’ tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. Google Public DNS over HTTPS (DoH) supports RFC 8484 standard security.googleblog.com/2019/06/google-public-dns-over-https-doh.html Ever since […]

Read More

Daily NCSC-FI news followup 2020-09-22

How to fight delayed phishing www.kaspersky.com/blog/delayed-phishing-countermeasures/37153/ Phishing links in e-mails to company employees often become active after initial scanning. But they still can and must be caught. Phishing has long been a major attack vector on corporate networks. Its no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, […]

Read More

Daily NCSC-FI news followup 2020-10-30

Attacks exploiting Netlogon vulnerability (CVE-2020-1472) msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/ Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.