Daily NCSC-FI news followup 2021-04-13

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days

www.bleepingcomputer.com/news/microsoft/microsoft-april-2021-patch-tuesday-fixes-108-flaws-5-zero-days/ Today is Microsoft’s April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won’t be any easier, so please be nice to your IT staff today.. There are also five zero-day vulnerabilities patched today that were publicly disclosed, with one known to be used in attacks.. To make matters worse, Microsoft fixed four critical Microsoft Exchange vulnerabilities that the NSA discovered.. see also

msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/

Released: April 2021 Exchange Server Security Updates

techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 Vulnerabilities addressed in the April 2021 security updates were responsibly reported to Microsoft by a security partner. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.. While Google has addressed the issue in the latest version of V8, it’s yet to make its way to the stable channel, thereby leaving the browsers vulnerable to attacks.

NAME:WRECK, a potential IoT trainwreck

blog.malwarebytes.com/reports/2021/04/namewreck-a-potential-iot-trainwreck/ A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK.. For an attacker to use these vulnerabilities they have to find a way to send a malicious packet in reply to a legitimate DNS request. So the attacker will have to run a person-in-the-middle attack or be able to use an existing vulnerability like DNSpooq between the target device and the DNS server to pull this off.

Ruotsin turvallisuuspoliisi: Venäjän GRU tietomurtojen sarjan takana

www.is.fi/digitoday/tietoturva/art-2000007916952.html Ruotsin turvallisuuspoliisi Säpo syyttää Venäjän sotilastiedustelu GRU:ta laajoista tietomurroista vuosina 2017 ja 2018.

QBot malware is back replacing IcedID in malspam campaigns

www.bleepingcomputer.com/news/security/qbot-malware-is-back-replacing-icedid-in-malspam-campaigns/ Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain.. In one case, the tango seems to be with QBot and IcedID, two banking trojans that are often seen delivering various ransomware strains as the final payload in the attack.

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/ While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor.

Sorry, Joe Biden isnt offering you a work visa, its a scam

blog.malwarebytes.com/malwarebytes-news/2021/04/sorry-joe-biden-isnt-offering-you-a-work-visa-its-a-scam/ A US diplomatic mission in Nigeria warns of a visa scam affecting Nigerian citizens looking to move to the United States. Its an old scam message, dressed up with a fresh coat of paint. Shall we take a look?

CS:GO, Valve Source games vulnerable to hacking using Steam invites

www.bleepingcomputer.com/news/security/cs-go-valve-source-games-vulnerable-to-hacking-using-steam-invites/ A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.

Deep Analysis: New FormBook Variant Delivered in Phishing Campaign Part I

www.fortinet.com/blog/threat-research/deep-analysis-new-formbook-variant-delivered-phishing-campaign-part-I FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the FormBook malware.

You might be interested in …

Daily NCSC-FI news followup 2019-06-29

Toiminta jälleen normaalia kyberhyökkäys lamaannutti Lahden kaupungin tietoverkon www.mtvuutiset.fi/artikkeli/toiminta-jalleen-normaalia-kyberhyokkays-lamaannutti-lahden-kaupungin-tietoverkon/7463758 Lahden kaupungin tietoverkon toiminta on palautunut pääosin normaaliksi, kertoo Lahden kaupunki. Kaupungin tietojärjestelmään tehtiin kyberhyökkäys yli kaksi viikkoa sitten.. Hyökkäyksen seurauksena verkko kuormittui ja ohjelma ehti saastuttaa koneita. Tämä lamaannutti osittain kaupungin toiminnan.. Palveluissa saattaa olla hitautta, ja joitakin toimimattomia yhteyksiä vielä työstetään MongoDB Leak Exposed […]

Read More

Daily NCSC-FI news followup 2020-06-24

Why cloud first is not a security problem www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem When considering moving to the public cloud, one of the first questions is often, Is the cloud secure?. This is a natural question. Although the public cloud offers an impressive array of tools and services, hidden beneath that slick visible layer are the complex layers of […]

Read More

Daily NCSC-FI news followup 2020-10-31

Code of Practice for Cyber Security and Safety in Engineering www.ncsc.gov.uk/news/code-of-practice-cyber-security-and-safety-in-engineering The Institution of Engineering and Technology has published a Code of Practice with the support of the NCSC. A Code of Practice to help the engineering sector implement effective cyber security has been published today. The Code, developed by the Institution of Engineering and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.