Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword

blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the hidden story and origins behind “Jian”, an exploit that was previously attributed to the Chinese-affiliated attack group named APT31 (Zirconium)

China Hijacked an NSA Hacking Tool in 2014and Used It for Years

www.wired.com/story/china-nsa-hacking-tool-epme-hijack/ The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong handsstill haunts the security community. Lisäksi:

www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/. Lisäksi:

thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html. Lisäksi:

www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group. Lisäksi:

www.forbes.com/sites/zakdoffman/2021/02/22/dangerous-chinese-cyber-threats-against-microsoft-windows-users-were-made-in-america/

Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa suomalaisten rahoja nettirikollisten uusi temppu on verottajana esiintyminen

yle.fi/uutiset/3-11802472 Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä. Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto varoittaa huijareista verkkosivuillaan.

Python programming language hurries out update to tackle remote code vulnerability

www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

SHAREit fixes security bugs in app with 1 billion download

www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/ Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.

Global Accellion data breaches linked to Clop ransomware gang

www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. Lisäksi:

threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

Powerhouse VPN products can be abused for large-scale DDoS attacks

www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks. This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com.

How to Fight Business Email Compromise (BEC) with Email Authentication?

thehackernews.com/2021/02/how-to-fight-business-email-compromise.html An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Erasing data from donated devices

www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Many charities have recently encouraged the public to donate their old laptops, tablets and other devices to schoolchildren. This makes a huge difference, as it means more schoolchildren can learn at home during the COVID-19 lockdown.

You might be interested in …

Daily NCSC-FI news followup 2019-11-17

Indian officials acknowledged on October 30th that a cyberattack occurred at the countrys Kudankulam nuclear power plant. thebulletin.org/2019/11/lessons-from-the-cyberattack-on-indias-largest-nuclear-power-plant/ While reactor operations at Kudankulam were reportedly unaffected, this incident should serve as yet another wake-up call that the nuclear power industry needs to take cybersecurity more seriously.. The problem of cybersecurity is not new to the […]

Read More

Daily NCSC-FI news followup 2019-12-30

Uusi viranomainen alkaa välittää suomalaisten potilastietoja eteenpäin, mutta lupaa yksityisyyden suojan olevan turvattu yle.fi/uutiset/3-11133001 Vuodenvaihteessa toimintansa aloittaa uusi viranomainen, Findata. Se kerää ja välittää suomalaisten terveystietoja niistä kiinnostuneille tahoille. Taustalla on vappuna 2019 voimaan tullut toisiolaki. Satakunnassa erittäin vakava tietoliikennekatkos sairaaloissa käyttäjän vahinko katkaisi yhteyden potilastietojärjestelmiin yle.fi/uutiset/3-11138205 Satakunnassa erikoissairaanhoitoa tuottavan Satasairaalan tietoverkoissa oli maanantaina päivällä […]

Read More

Daily NCSC-FI news followup 2020-10-11

Settings That Impact The Windows OS windowsir.blogspot.com/2020/10/settings-that-impact-windows-os.html There are a number of settings within Windows systems that can and do significantly impact the functionality of Windows, and as a result, can also impact what is available to a DFIR analyst. These settings very often manifest as modifications to Registry keys or values. These settings also […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.