Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword

blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the hidden story and origins behind “Jian”, an exploit that was previously attributed to the Chinese-affiliated attack group named APT31 (Zirconium)

China Hijacked an NSA Hacking Tool in 2014and Used It for Years

www.wired.com/story/china-nsa-hacking-tool-epme-hijack/ The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong handsstill haunts the security community. Lisäksi:

www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/. Lisäksi:

thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html. Lisäksi:

www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group. Lisäksi:

www.forbes.com/sites/zakdoffman/2021/02/22/dangerous-chinese-cyber-threats-against-microsoft-windows-users-were-made-in-america/

Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa suomalaisten rahoja nettirikollisten uusi temppu on verottajana esiintyminen

yle.fi/uutiset/3-11802472 Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä. Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto varoittaa huijareista verkkosivuillaan.

Python programming language hurries out update to tackle remote code vulnerability

www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

SHAREit fixes security bugs in app with 1 billion download

www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/ Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.

Global Accellion data breaches linked to Clop ransomware gang

www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. Lisäksi:

threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

Powerhouse VPN products can be abused for large-scale DDoS attacks

www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks. This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com.

How to Fight Business Email Compromise (BEC) with Email Authentication?

thehackernews.com/2021/02/how-to-fight-business-email-compromise.html An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Erasing data from donated devices

www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Many charities have recently encouraged the public to donate their old laptops, tablets and other devices to schoolchildren. This makes a huge difference, as it means more schoolchildren can learn at home during the COVID-19 lockdown.

You might be interested in …

Daily NCSC-FI news followup 2019-12-31

Ghosts in the Clouds: Inside Chinas Major Corporate Hack www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc. Tieto Oyj, a major Finnish […]

Read More

Daily NCSC-FI news followup 2020-08-12

Annatko selaimen tallentaa salasanasi? Haittaohjelman uusi versio voi varastaa ne salaa www.is.fi/digitoday/tietoturva/art-2000006598720.html Salasanoja vohkiva Agent Tesla muuttui entistäkin pahemmaksi uhkaksi. Samalla se osoittaa, miten kätevyys voi kostautua salasanojen säilytyksessä.. Selain kysyy verkkopalveluun kirjautuessa, tallennetaanko salasana jatkoa varten. Kovin usein tulee painettua kyllä, jotta seuraavalla kerralla olisi helpompi päästä sisään. Tämä kuitenkin synnyttää rikollisille houkuttelevan varannon […]

Read More

Daily NCSC-FI news followup 2019-12-10

Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit: Macronin toimisto sumutti vakoojia vitseillä www.hs.fi/ulkomaat/art-2000006337940.html Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia jakamalla heille väärää tietoa. Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools www.bleepingcomputer.com/news/security/snatch-ransomware-reboots-to-windows-safe-mode-to-bypass-av-tools/ Researchers discovered a new Snatch ransomware strain that will reboot computers it […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.