Daily NCSC-FI news followup 2021-04-09

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.

Critical Zoom vulnerability triggers remote code execution without user input

www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. . Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge fully owned


Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. . see also


US adds Chinese supercomputing companies to export blacklist

arstechnica.com/tech-policy/2021/04/us-adds-chinese-supercomputing-companies-to-export-blacklist/ The US has placed Chinese groups accused of building supercomputers to help the Chinese military on an export blacklist, the first such move by the Biden administration to make it harder for China to obtain US technology.

Nation-state cyber attacks targeting businesses are on the rise

www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/ Analysis of attacks over the last few years shows that the enterprise is increasingly becoming a target for significant hacking campaigns by government-backed operations. But it’s possible to try to protect your network against attacks.

Voice-Changing Software Found on APT Attackers’ Server

www.darkreading.com/threat-intelligence/voice-changing-software-found-on-apt-attackers-server/d/d-id/1340618 Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.

Attackers deliver legal threats, IcedID malware via contact forms

www.bleepingcomputer.com/news/security/attackers-deliver-legal-threats-icedid-malware-via-contact-forms/ Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.

Cryptomining containers caught coining cryptocurrency covertly


Windows and Linux devices are under attack by a new cryptomining worm

arstechnica.com/gadgets/2021/04/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm/ With new exploits and capabilities, the Sysrv botnet poses a growing threat.

What goes around comes around: hackers leak other hackers data online


A deep dive into Saint Bot, a new downloader

blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/ In this post, we provide a detailed deep-dive of this malware, covering in-depth analysis of the threat from distribution through post-exploitation. In addition to behavioral analysis, we will explore other techniques employed across the stages of infection including obfuscation and anti-analysis techniques, process injection, and command and control infrastructure and communication.

Are text files safe?

www.kaspersky.com/blog/is-txt-file-safe/39256/ Files with the TXT extension are typically considered safe. Are they, though?. Researchers found a way to exploit a vulnerability (now patched) in the format, and they could find more. The file format isnt actually the problem; its the way programs handle TXTs.

Malicious code in APKPure app

securelist.com/apkpure-android-app-store-infected/101845/ Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.

You might be interested in …

Daily NCSC-FI news followup 2020-04-19

www.wired.com/story/apple-google-social-distancing-maps-privacy/ www.zdnet.com/article/hackers-steal-25-million-worth-of-cryptocurrency-from-uniswap-and-lendf-me/ www.zdnet.com/article/hacker-leaks-23-million-usernames-and-passwords-from-webkinz-childrens-game/ www.zdnet.com/article/phishing-kit-prices-skyrocketed-in-2019-by-149/ www.bloomberg.com/news/articles/2020-04-17/data-breach-shows-iranians-use-chat-apps-to-spy-researchers-say www.bleepingcomputer.com/news/security/coronavirus-dark-web-scams-from-infected-blood-to-ventilators/

Read More

Daily NCSC-FI news followup 2021-09-03

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html Bloomberg News investigation has filled in significant new details, including why Sunnyvale, California-based Juniper, a top maker of computer networking equipment, used the NSA algorithm in the first place, and who was behind the attack.. Pentagon tied some future contracts […]

Read More

Daily NCSC-FI news followup 2020-06-09

CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/ A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks. US energy providers hit with new malware in targeted attacks www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/ […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.