Jian The Chinese Double-edged Cyber Sword
blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the hidden story and origins behind “Jian”, an exploit that was previously attributed to the Chinese-affiliated attack group named APT31 (Zirconium)
China Hijacked an NSA Hacking Tool in 2014and Used It for Years
www.wired.com/story/china-nsa-hacking-tool-epme-hijack/ The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online. More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raisedwhether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong handsstill haunts the security community. Lisäksi:
Microsoft-huijarit ovat vieneet tänä vuonna jo miljoona euroa suomalaisten rahoja nettirikollisten uusi temppu on verottajana esiintyminen
yle.fi/uutiset/3-11802472 Rikolliset yrittävät päästä käsiksi rahoihisi tällä hetkellä muun muassa Postin, Microsoftin ja uutuutena Verohallinnon nimissä. Verottajan sähköposteiksi naamioiduista huijausviesteistä on tullut viime päivinä muutamia ilmoituksia Liikenne- ja viestintävirasto Traficomin alainen Kyberturvallisuuskeskuseen. Myös Verohallinto varoittaa huijareista verkkosivuillaan.
Python programming language hurries out update to tackle remote code vulnerability
www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.
SHAREit fixes security bugs in app with 1 billion download
www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/ Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices. The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.
Global Accellion data breaches linked to Clop ransomware gang
www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance and steal sensitive files. The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. Unlike previous attacks by these groups, the Clop file-encrypting malware was not deployed. Lisäksi:
Powerhouse VPN products can be abused for large-scale DDoS attacks
www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks. This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.
Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter
www.zdnet.com/article/stored-xss-bug-in-apple-icloud-domain-disclosed-by-bug-bounty-hunter A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the security flaw, which is a stored XSS issue in icloud.com.
How to Fight Business Email Compromise (BEC) with Email Authentication?
thehackernews.com/2021/02/how-to-fight-business-email-compromise.html An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.
Erasing data from donated devices
www.ncsc.gov.uk/blog-post/erasing-data-from-donated-devices How charities can erase personal data from donated laptops, phones and tablets, before passing them on. Many charities have recently encouraged the public to donate their old laptops, tablets and other devices to schoolchildren. This makes a huge difference, as it means more schoolchildren can learn at home during the COVID-19 lockdown.