Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update

msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to attack others.. For a small number of repositories, there was additional access, including in some cases, downloading component source code. These repositories contained code for:. a small subset of Azure components (subsets of service, security, identity). a small subset of Intune components. a small subset of Exchange components

SolarWinds attack hit 100 companies and took months of planning, says White House

www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ The White House warns SolarWinds attack was more than espionage because the private sector targets could lead to follow-up attacks.

Exploit Details Emerge for Unpatched Microsoft Bug

threatpost.com/exploit-details-unpatched-microsoft-bug/164083/ A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.

Windows and Linux servers targeted by new WatchDog botnet for almost two years

www.zdnet.com/article/windows-and-linux-servers-targeted-by-new-watchdog-botnet-for-almost-two-years/ WatchDog botnet uses exploits to take over servers and mine cryptocurrency.

RIPE NCC Internet Registry discloses SSO credential stuffing attack

www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/ RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

SHAREit Flaw Could Lead to Remote Code Execution

www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a users sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

threatpost.com/ninja-forms-wordpress-plugin-hacks/164042/ The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.

Hackers Leak Gigabytes Of Data Stolen From International Law Firm Jones Day

www.forbes.com/sites/leemathews/2021/02/18/hackers-leak-gigabytes-of-data-stolen-from-international-law-firm-jones-day/ Last month hackers infiltrated a server used by Jones Day, one of the largest and most successful law firms in the world. After failed attempts to extort payment from the firm, the hackers have now uploaded gigabytes of of highly sensitive data that were stolen in the attack.

Estonian Foreign Intelligence Service public report 2021

valisluureamet.ee/en.html The Estonian Foreign Intelligence Service has published a report covering the security situation in the Baltic Sea region.. Full report


Nurserycam horror show: ‘Secure’ daycare video monitoring product beamed DVR admin creds to all users

www.theregister.com/2021/02/18/nurserycam_security_problems_footfallcam_ltd/ Company has a habit of reacting badly to vuln disclosures

You might be interested in …

Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also: arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/ Microsoft Uses Trademark Law to […]

Read More

Daily NCSC-FI news followup 2021-01-12

Going Rogue a Mastermind Behind Android Malware Returns with a New RAT blog.checkpoint.com/2021/01/12/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/ Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion smartphone users worldwide, and it is estimated that over 85% of those devices around […]

Read More

Daily NCSC-FI news followup 2020-06-11

Hackers breached A1 Telekom, Austria’s largest ISP www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/ A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers. Snake Ransomware Delivers Double-Strike on Honda, Energy Co. threatpost.com/snake-ransomware-honda-energy/156462/ The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.