Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword

blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the hidden story and origins behind “Jian”, an exploit that was previously attributed to the Chinese-affiliated attack group named APT31 (Zirconium)

China Hijacked an NSA Hacking Tool in 2014and Used It for Years

www.wired.com/story/china-nsa-hacking-tool-epme-hijack/ The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong handsstill haunts the security community. Lisäksi:

www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/. Lisäksi:

thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html. Lisäksi:

www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group. Lisäksi:

www.forbes.com/sites/zakdoffman/2021/02/22/dangerous-chinese-cyber-threats-against-microsoft-windows-users-were-made-in-america/

Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa suomalaisten rahoja nettirikollisten uusi temppu on verottajana esiintyminen

yle.fi/uutiset/3-11802472 Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä. Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto varoittaa huijareista verkkosivuillaan.

Python programming language hurries out update to tackle remote code vulnerability

www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

SHAREit fixes security bugs in app with 1 billion download

www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/ Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.

Global Accellion data breaches linked to Clop ransomware gang

www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. Lisäksi:

threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

Powerhouse VPN products can be abused for large-scale DDoS attacks

www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks. This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com.

How to Fight Business Email Compromise (BEC) with Email Authentication?

thehackernews.com/2021/02/how-to-fight-business-email-compromise.html An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Erasing data from donated devices

www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Many charities have recently encouraged the public to donate their old laptops, tablets and other devices to schoolchildren. This makes a huge difference, as it means more schoolchildren can learn at home during the COVID-19 lockdown.

You might be interested in …

Daily NCSC-FI news followup 2020-09-08

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/ Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also: isc.sans.edu/diary/rss/26544 Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/ Adobe patched 11 bugs overall in its Experience Manager; five of those are rated […]

Read More

Daily NCSC-FI news followup 2020-12-22

Kyberturvallisuuskeskuksen uusi julkaisu: Opas tietomurtojen havaitsemiseen www.kyberturvallisuuskeskus.fi/fi/julkaisut/opas-tietomurtojen-havaitsemiseen Tässä ohjeessa keskitytään erityisesti tietomurron havaitsemiseen lokitietojen avulla. Esimerkkeinä käytetään Windows Event Log – -­tapahtumalokeja tai muita Windows-­käyttöjärjestelmän lokitapahtumia. Valittuja esimerkkitapahtumia on havaittu tutkituissa tietomurroista tunkeutujien jäljiltä. PDF: www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Opas-tietomurtojen-havaitsemiseen.pdf SolarWinds hackers breached US Treasury officials’ email accounts www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/ US Senator Ron Wyden said that dozens of US Treasury […]

Read More

Daily NCSC-FI news followup 2019-06-26

Security flaw in LTE networks can let hackers send false presidential alerts cyware.com/news/security-flaw-in-lte-networks-can-let-hackers-send-false-presidential-alerts-109ceabf A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts. New Silex malware is bricking IoT devices, has scary plans www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/ A new […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.