Daily NCSC-FI news followup 2021-04-09

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.

Critical Zoom vulnerability triggers remote code execution without user input

www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. . Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge fully owned

nakedsecurity.sophos.com/2021/04/09/pwn2own-2021-zoom-teams-exchange-chrome-and-edge-fully-owned/

Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. . see also

www.bleepingcomputer.com/news/security/cisa-releases-tool-to-review-microsoft-365-post-compromise-activity/

US adds Chinese supercomputing companies to export blacklist

arstechnica.com/tech-policy/2021/04/us-adds-chinese-supercomputing-companies-to-export-blacklist/ The US has placed Chinese groups accused of building supercomputers to help the Chinese military on an export blacklist, the first such move by the Biden administration to make it harder for China to obtain US technology.

Nation-state cyber attacks targeting businesses are on the rise

www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/ Analysis of attacks over the last few years shows that the enterprise is increasingly becoming a target for significant hacking campaigns by government-backed operations. But it’s possible to try to protect your network against attacks.

Voice-Changing Software Found on APT Attackers’ Server

www.darkreading.com/threat-intelligence/voice-changing-software-found-on-apt-attackers-server/d/d-id/1340618 Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.

Attackers deliver legal threats, IcedID malware via contact forms

www.bleepingcomputer.com/news/security/attackers-deliver-legal-threats-icedid-malware-via-contact-forms/ Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.

Cryptomining containers caught coining cryptocurrency covertly

blog.malwarebytes.com/web-threats/2021/04/cryptomining-containers-caught-coining-cryptocurrency-covertly/

Windows and Linux devices are under attack by a new cryptomining worm

arstechnica.com/gadgets/2021/04/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm/ With new exploits and capabilities, the Sysrv botnet poses a growing threat.

What goes around comes around: hackers leak other hackers data online

www.group-ib.com/media/swarmshop-breach/

A deep dive into Saint Bot, a new downloader

blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/ In this post, we provide a detailed deep-dive of this malware, covering in-depth analysis of the threat from distribution through post-exploitation. In addition to behavioral analysis, we will explore other techniques employed across the stages of infection including obfuscation and anti-analysis techniques, process injection, and command and control infrastructure and communication.

Are text files safe?

www.kaspersky.com/blog/is-txt-file-safe/39256/ Files with the TXT extension are typically considered safe. Are they, though?. Researchers found a way to exploit a vulnerability (now patched) in the format, and they could find more. The file format isnt actually the problem; its the way programs handle TXTs.

Malicious code in APKPure app

securelist.com/apkpure-android-app-store-infected/101845/ Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.

You might be interested in …

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2020-04-15

Pelaavatko lapset työkoneellasi? Se voi olla vakava tietoturvariski, varoittaa F-Securen Mikko Hyppönen yle.fi/uutiset/3-11293842 Tietomurron mahdollisuus kasvaa, mikäli työntekoon käytetään omia laitteita ilman kunnon suojausta. Alert (AA20-106A) – Guidance on the North Korean Cyber Threat www.us-cert.gov/ncas/alerts/aa20-106a The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.