Daily NCSC-FI news followup 2021-04-13

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/ Today is Microsoft’s April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won’t be any easier, so please be nice to your IT staff today.. There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks.. To make matters worse, Microsoft fixed four critical Microsoft Exchange vulnerabilities that the NSA discovered.. see also

msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/

Released: April 2021 Exchange Server Security Updates

techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 Vulnerabilities addressed in the April 2021 security updates were responsibly reported to Microsoft by a security partner. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.. While Google has addressed the issue in the latest version of V8, it’s yet to make its way to the stable channel, thereby leaving the browsers vulnerable to attacks.

NAME:WRECK, a potential IoT trainwreck

blog.malwarebytes.com/reports/2021/04/namewreck-a-potential-iot-trainwreck/ A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK.. For an attacker to use these vulnerabilities they have to find a way to send a malicious packet in reply to a legitimate DNS request. So the attacker will have to run a person-in-the-middle attack or be able to use an existing vulnerability like DNSpooq between the target device and the DNS server to pull this off.

Ruotsin turvallisuuspoliisi: Venäjän GRU tietomurtojen sarjan takana

www.is.fi/digitoday/tietoturva/art-2000007916952.html Ruotsin turvallisuuspoliisi Säpo syyttää Venäjän sotilastiedustelu GRU:ta laajoista tietomurroista vuosina 2017 ja 2018.

QBot malware is back replacing IcedID in malspam campaigns

www.bleepingcomputer.com/news/security/qbot-malware-is-back-replacing-icedid-in-malspam-campaigns/ Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain.. In one case, the tango seems to be with QBot and IcedID, two banking trojans that are often seen delivering various ransomware strains as the final payload in the attack.

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor.

Sorry, Joe Biden isnt offering you a work visa, its a scam

blog.malwarebytes.com/malwarebytes-news/2021/04/sorry-joe-biden-isnt-offering-you-a-work-visa-its-a-scam/ A US diplomatic mission in Nigeria warns of a visa scam affecting Nigerian citizens looking to move to the United States. Its an old scam message, dressed up with a fresh coat of paint. Shall we take a look?

CS:GO, Valve Source games vulnerable to hacking using Steam invites

www.bleepingcomputer.com/news/security/cs-go-valve-source-games-vulnerable-to-hacking-using-steam-invites/ A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.

Deep Analysis: New FormBook Variant Delivered in Phishing Campaign Part I

www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the FormBook malware.

You might be interested in …

Daily NCSC-FI news followup 2020-10-24

Vastaamon asiakkaat ovat saaneet henkilökohtaisia kiristysviestejä, viesteissä vaaditaan 200-500 euron arvosta bitcoineja Poliisi: “Kiristysviestin vaatimuksiin ei tule suostua” www.hs.fi/kotimaa/art-2000006698803.html Jos uhri ei maksa, kiristäjä uhkaa julkaista hänen tietonsa sisältäen henkilötietojen lisäksi tarkan potilaskertomuksen, joka sisältää litteroituna terapeutin kanssa käydyt keskustelut. Myös: Vastaamon asiakkaat saavat nyt kiristysviestejä sähköposteihinsa viesteissä vaaditaan 200-500 euron arvosta bitcoineja – yle.fi/uutiset/3-11612183 […]

Read More

Daily NCSC-FI news followup 2020-02-24

Operation DRBControl www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-drbcontrol-uncovering-a-cyberespionage-campaign-targeting-gambling-companies-in-southeast-asia Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia. The DRBControl campaign attacks its targets using a variety of malware and techniques that coincide with those used in other known cyberespionage campaigns. EU Commission to staff: Switch to Signal messaging app www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/ The European Commission has told its staff to start […]

Read More

Daily NCSC-FI news followup 2019-10-20

Equifax used ‘admin’ as username and password for sensitive data finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html The Pixel 4s face unlock works on sleeping, unconscious people arstechnica.com/gadgets/2019/10/the-pixel-4s-face-unlock-works-on-sleeping-unconscious-people/ NordVPN is investigating a potential certificate leak. Unconfirmed as of now. https://twitter.com/NordVPN/status/1185979592374398976 See also https://twitter.com/cryptostorm_is/status/1185976222364438528

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.