Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword

blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the hidden story and origins behind “Jian”, an exploit that was previously attributed to the Chinese-affiliated attack group named APT31 (Zirconium)

China Hijacked an NSA Hacking Tool in 2014and Used It for Years

www.wired.com/story/china-nsa-hacking-tool-epme-hijack/ The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong handsstill haunts the security community. Lisäksi:

www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/. Lisäksi:

thehackernews.com/2021/02/chinese-hackers-had-access-to-us.html. Lisäksi:

www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group. Lisäksi:

www.forbes.com/sites/zakdoffman/2021/02/22/dangerous-chinese-cyber-threats-against-microsoft-windows-users-were-made-in-america/

Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa suomalaisten rahoja nettirikollisten uusi temppu on verottajana esiintyminen

yle.fi/uutiset/3-11802472 Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä. Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto varoittaa huijareista verkkosivuillaan.

Python programming language hurries out update to tackle remote code vulnerability

www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

SHAREit fixes security bugs in app with 1 billion download

www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/ Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.

Global Accellion data breaches linked to Clop ransomware gang

www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. Lisäksi:

threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

Powerhouse VPN products can be abused for large-scale DDoS attacks

www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks. This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com.

How to Fight Business Email Compromise (BEC) with Email Authentication?

thehackernews.com/2021/02/how-to-fight-business-email-compromise.html An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

Erasing data from donated devices

www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Many charities have recently encouraged the public to donate their old laptops, tablets and other devices to schoolchildren. This makes a huge difference, as it means more schoolchildren can learn at home during the COVID-19 lockdown.

You might be interested in …

Daily NCSC-FI news followup 2020-08-19

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide thehackernews.com/2020/08/p2p-botnet-malware.html Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020.. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known […]

Read More

Daily NCSC-FI news followup 2020-02-22

Slickwraps Data Breach Exposes Financial and Customer Info www.bleepingcomputer.com/news/security/slickwraps-data-breach-exposes-financial-and-customer-info/ Slickwraps has suffered a data breach after a security researcher was able to access their systems and after receiving no response to emails, publicly disclosed how they gained access to the site and the data that was exposed.. Slickwraps is a mobile device case retailer who […]

Read More

Daily NCSC-FI news followup 2021-05-17

Lukiolaiskolmikko huomasi tietoturva-aukon sähköisessä yo-kirjoitus­järjestelmässä: Oli iso yllätys, että saimme toimimaan näin ison hyökkäys­ketjun www.hs.fi/kotimaa/art-2000007980520.html TÄMÄN kevään ylioppilaskirjoitusten aikana maaliskuun loppupuolella Ylioppilastutkintolautakunta (YTL) sai vinkin, että sen Abitti-järjestelmässä on erittäin vakava tietoturva-aukko. Abitti on nykyisin sähköisissä ylioppilaskirjoituksissa käytettävä järjestelmä.. Alkuperäinen blogikirjoitus www.abitti.fi/blogi/2021/05/abitista-on-korjattu-kaksi-tietoturvahaavoittuvuutta/. Abitista on korjattu kaksi vakavaa tietoturva-aukkoa. Ensimmäinen, merkitykseltään vähäisempi haavoittuvuus koskee kokelaan tikkua. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.