Daily NCSC-FI news followup 2021-04-13

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/ Today is Microsoft’s April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won’t be any easier, so please be nice to your IT staff today.. There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks.. To make matters worse, Microsoft fixed four critical Microsoft Exchange vulnerabilities that the NSA discovered.. see also


Released: April 2021 Exchange Server Security Updates

techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 Vulnerabilities addressed in the April 2021 security updates were responsibly reported to Microsoft by a security partner. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.. While Google has addressed the issue in the latest version of V8, it’s yet to make its way to the stable channel, thereby leaving the browsers vulnerable to attacks.

NAME:WRECK, a potential IoT trainwreck

blog.malwarebytes.com/reports/2021/04/namewreck-a-potential-iot-trainwreck/ A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK.. For an attacker to use these vulnerabilities they have to find a way to send a malicious packet in reply to a legitimate DNS request. So the attacker will have to run a person-in-the-middle attack or be able to use an existing vulnerability like DNSpooq between the target device and the DNS server to pull this off.

Ruotsin turvallisuuspoliisi: Venäjän GRU tietomurtojen sarjan takana

www.is.fi/digitoday/tietoturva/art-2000007916952.html Ruotsin turvallisuuspoliisi Säpo syyttää Venäjän sotilastiedustelu GRU:ta laajoista tietomurroista vuosina 2017 ja 2018.

QBot malware is back replacing IcedID in malspam campaigns

www.bleepingcomputer.com/news/security/qbot-malware-is-back-replacing-icedid-in-malspam-campaigns/ Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain.. In one case, the tango seems to be with QBot and IcedID, two banking trojans that are often seen delivering various ransomware strains as the final payload in the attack.

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor.

Sorry, Joe Biden isnt offering you a work visa, its a scam

blog.malwarebytes.com/malwarebytes-news/2021/04/sorry-joe-biden-isnt-offering-you-a-work-visa-its-a-scam/ A US diplomatic mission in Nigeria warns of a visa scam affecting Nigerian citizens looking to move to the United States. Its an old scam message, dressed up with a fresh coat of paint. Shall we take a look?

CS:GO, Valve Source games vulnerable to hacking using Steam invites

www.bleepingcomputer.com/news/security/cs-go-valve-source-games-vulnerable-to-hacking-using-steam-invites/ A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.

Deep Analysis: New FormBook Variant Delivered in Phishing Campaign Part I

www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the FormBook malware.

You might be interested in …

Daily NCSC-FI news followup 2021-07-31

Experts Uncover Several C&C Servers Linked to WellMess Malware thehackernews.com/2021/07/experts-uncover-several-c-servers.html Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian […]

Read More

Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known […]

Read More

Daily NCSC-FI news followup 2020-10-06

Myöhästyykö odotettu koronarokote? Ongelmat liittyvät keskeiseen sovellukseen www.tivi.fi/uutiset/tv/a758c9c3-96cc-4861-86bd-00adc7544339 New York Times kirjoittaa eResearch Technologyyn (ERT) kohdistuneesta kiristyshaittaohjelmasta. ERT:n ohjelmistoa käyttävät monet lääkevalmistajat muun muassa koronarokotteiden kliinisissä testeissä Euroopassa, Aasiassa ja Pohjois-Amerikassa. Lisäksi: www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html. Lisäksi: threatpost.com/covid-19-clinical-trials-ransomware/159877/ Emotet Malware us-cert.cisa.gov/ncas/alerts/aa20-280a To secure against Emotet, CISA and MS-ISAC recommend implementing the mitigation measures described in this Alert, which […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.