Daily NCSC-FI news followup 2021-04-09

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.

Critical Zoom vulnerability triggers remote code execution without user input

www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. . Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge fully owned

nakedsecurity.sophos.com/2021/04/09/pwn2own-2021-zoom-teams-exchange-chrome-and-edge-fully-owned/

Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. . see also

www.bleepingcomputer.com/news/security/cisa-releases-tool-to-review-microsoft-365-post-compromise-activity/

US adds Chinese supercomputing companies to export blacklist

arstechnica.com/tech-policy/2021/04/us-adds-chinese-supercomputing-companies-to-export-blacklist/ The US has placed Chinese groups accused of building supercomputers to help the Chinese military on an export blacklist, the first such move by the Biden administration to make it harder for China to obtain US technology.

Nation-state cyber attacks targeting businesses are on the rise

www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/ Analysis of attacks over the last few years shows that the enterprise is increasingly becoming a target for significant hacking campaigns by government-backed operations. But it’s possible to try to protect your network against attacks.

Voice-Changing Software Found on APT Attackers’ Server

www.darkreading.com/threat-intelligence/voice-changing-software-found-on-apt-attackers-server/d/d-id/1340618 Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.

Attackers deliver legal threats, IcedID malware via contact forms

www.bleepingcomputer.com/news/security/attackers-deliver-legal-threats-icedid-malware-via-contact-forms/ Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.

Cryptomining containers caught coining cryptocurrency covertly

blog.malwarebytes.com/web-threats/2021/04/cryptomining-containers-caught-coining-cryptocurrency-covertly/

Windows and Linux devices are under attack by a new cryptomining worm

arstechnica.com/gadgets/2021/04/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm/ With new exploits and capabilities, the Sysrv botnet poses a growing threat.

What goes around comes around: hackers leak other hackers data online

www.group-ib.com/media/swarmshop-breach/

A deep dive into Saint Bot, a new downloader

blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/ In this post, we provide a detailed deep-dive of this malware, covering in-depth analysis of the threat from distribution through post-exploitation. In addition to behavioral analysis, we will explore other techniques employed across the stages of infection including obfuscation and anti-analysis techniques, process injection, and command and control infrastructure and communication.

Are text files safe?

www.kaspersky.com/blog/is-txt-file-safe/39256/ Files with the TXT extension are typically considered safe. Are they, though?. Researchers found a way to exploit a vulnerability (now patched) in the format, and they could find more. The file format isnt actually the problem; its the way programs handle TXTs.

Malicious code in APKPure app

securelist.com/apkpure-android-app-store-infected/101845/ Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.

You might be interested in …

Daily NCSC-FI news followup 2019-06-23

U.S. Carried Out Cyberattacks on Iran www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attacks.html United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation. The intrusion occurred the same day President Trump called off a strike on […]

Read More

Daily NCSC-FI news followup 2020-09-29

Koronavilkku päivittyi ja esittää tärkeän kysymyksen avattaessa vastaa siihen myöntävästi www.is.fi/digitoday/mobiili/art-2000006652361.html Jokaisen tulisi päivittää Koronavilkku ja avata sovellus kertaalleen. Sovellus ei enää päivityksen jälkeen voi vaipua sen toimintaa häiritsevään horrostilaan. These hackers have spent months hiding out in company networks undetected www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/ A state-sponsored hacking group been creeping around networks for almost a year as […]

Read More

Daily NCSC-FI news followup 2021-07-23

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ Anything that can gain access to machineseven so-called commodity malwarecan bring in more dangerous threats. Weve seen this in banking Trojans serving as entry point for ransomware and hands-on-keyboard attacks. LemonDuck, an actively updated and robust malware thats primarily known […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.