Daily NCSC-FI news followup 2021-03-01

T-Mobile discloses data breach after SIM swapping attacks

www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/ The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. The information accessed by the hackers might have included customers’ full names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of . birth, plan information, and the number of lines subscribed to their accounts.

Chinese businessman charged with plotting with GE insider to steal transistor tech secrets

www.theregister.com/2021/03/01/china_mosfet_theft/ The FBI alleges that between March 2017 and January 2018, Ng and at least one co-conspirator a GE engineer of more than seven years plotted to swipe the blueprints for the transistor, which are electronic components typically found in industrial equipment and vehicles that regulate the flow of electricity. The duo planned to use the stolen trade secrets to set up a competitor in . China, it’s claimed.

Is Your Browser Extension a Botnet Backdoor?

krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/ A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.. Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infaticas computer code can earn anywhere from $15 to $45 each month for every 1,000 active users.

World’s leading dairy group Lactalis hit by cyberattack

www.bleepingcomputer.com/news/security/worlds-leading-dairy-group-lactalis-hit-by-cyberattack/ Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world.. In a press release published on Friday, Lactalis says that only a limited number of computers on its network were compromised during the attack.

Spectre exploits in the “wild”

dustri.org/b/spectre-exploits-in-the-wild.html Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn’t look at.) on VirusTotal last month, so here is my quick Sunday afternoon lazy analysis.. In my lab, on a vulnerable Fedora, the exploit is successfully dumping /etc/shadow in a couple of minutes. Interestingly, there are checks to detect SMAP and abort if it’s present. I didn’t manage to understand why the exploit was failing in its presence.. Also

therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/ “But while Voisin did not want to name the exploit author, several people were not as shy. Security experts on both Twitter and news aggregation service HackerNews were quick to spot that the new Spectre exploit might be a module for CANVAS, a penetration testing tool developed by Immunity Inc.

Jailbreaking app gets update to support iOS 14.3 and iPhone 12

www.theregister.com/2021/03/01/jailbreaking_app_gets_update_to/ Launched in the early hours of Sunday morning, the latest version of unc0ver exploits a race condition in the Mach voucher system (CVE-2021-1782) that allows it to run code with elevated privileges. Apple patched this bug with the release of iOS 14.4, and has since stopped cryptographically signing iOS 14.3, thus preventing users from downgrading.

Free cybersecurity tool aims to help smaller businesses stay safer online

www.zdnet.com/article/free-cybersecurity-tool-aims-to-help-smaller-businesses-stay-safer-online/ The NCSC’s Cyber Action Plan tool aims to help small businesses improve their resilience to cyber attacks via the aid of a short questionnaire about their current cybersecurity strategy and provides customised advice on how the business could be better protected against cyber crime.

National Security Risks of Late-Stage Capitalism

www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html In todays underregulated markets, its just too easy for software companies like SolarWinds to save money by skimping on security and to hope for the best. Thats a rational decision in todays free-market world, and the only way to change that is to change the economic incentives.

Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact

www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/ By deploying ransomware on these ESXi hosts, adversaries were able to quickly increase the scope of affected systems within the victim environments, resulting in additional pressure on victims to pay a ransom demand. This is a new BGH tactic CrowdStrike refers to as Hypervisor Jackpotting.

China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions

www.recordedfuture.com/redecho-targeting-indian-power-sector/ In this research, we outlined a series of suspected targeted intrusions against Indias power sector that were observed beginning in mid-2020. The intrusions were conducted by a China-linked activity group we track as RedEcho. The group made heavy use of AXIOMATICASYMPTOTE a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat . activity groups, including APT41/Barium, Tonto team, the Icefog cluster, KeyBoy, and Tick.. Report at


Chinese hackers target Indian vaccine makers SII, Bharat Biotech, says security firm

www.reuters.com/article/health-coronavirus-india-china-idUSL2N2KZ13L A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the countrys immunisation campaign, cyber intelligence firm Cyfirma told Reuters.

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/ A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services SuperVPN, GeckoVPN, and ChatVPN with 21 million user records being sold in total.

You might be interested in …

Daily NCSC-FI news followup 2020-11-02

Oracle Releases Out-of-Band Security Alert us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert Oracle has released an out-of-band security alert to address a remote code execution vulnerabilityCVE-2020-14750in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. Read also: www.oracle.com/security-alerts/alert-cve-2020-14750.html Poliisille ilmoitettujen tietomurtojen määrä on liki tuplaantunut parissa vuodessa rikosten todellinen määrä on vielä suurempi […]

Read More

Daily NCSC-FI news followup 2021-09-19

An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/ A U.S. company’s tech was abused by the Indian government, amidst warnings Americans are contributing to a spyware industry already under fire for being out of control. Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign […]

Read More

Daily NCSC-FI news followup 2019-12-07

The Week in Ransomware – December 6th 2019 – ‘We have seen better days’ www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-6th-2019-we-have-seen-better-days/ With this article we are bringing you the latest ransomware news that occurred over the past two weeks. The news is a still a little light due to some of us taking vacations, but we should be back up to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.