Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update

blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater security community. Lisäksi:

www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html. Lisäksi:

www.reuters.com/technology/china-linked-hackers-used-pulse-secure-flaw-target-us-defense-industry-2021-04-20/. Lisäksi:

www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/. Lisäksi:

therecord.media/chinese-hackers-use-new-pulse-secure-vpn-zero-day-to-breach-us-defense-contractors/. Lisäksi

kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755. Lisäksi:


Japanese police say Tick APT is linked to Chinese military

therecord.media/japanese-police-say-tick-apt-is-linked-to-chinese-military/ Japanese law enforcement believes a group of hackers linked to the Chinese military are behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies and organizations since at least 2016.

Remote code execution vulnerabilities uncovered in smart air fryer

www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer In another example of how connectivity can impact our home security, researchers have disclosed two remote code execution (RCE) vulnerabilities in a smart air fryer.

Fake Microsoft Store, Spotify sites spread info-stealing malware

www.bleepingcomputer.com/news/security/fake-microsoft-store-spotify-sites-spread-info-stealing-malware/ Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. The attack was discovered by cybersecurity firm ESET who issued a warning yesterday on Twitter to be on the lookout for the malicious campaign.

Internal Facebook email reveals intent to frame data scraping as normalized, broad industry issue’

www.zdnet.com/article/facebook-internal-email-reveals-intent-to-frame-data-scraping-as-broad-industry-issue-and-normalized An internal email accidentally leaked by Facebook to a journalist has revealed the firm’s intentions to frame a recent data scraping incident as “normalized” and a “broad industry issue.”

Over 750, 000 Users Downloaded New Billing Fraud Apps From Google Play Store

thehackernews.com/2021/04/over-750000-users-download-new-billing.html Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700, 000 downloads before they were discovered and removed from the platform. Lisäksi:

www.mcafee.com/blogs/other-blogs/mcafee-labs/clever-billing-fraud-applications-on-google-play-etinu/. Lisäksi:


The Incredible Rise of North Korea’s Hacking Army

www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped?

IntelBrief: QAnon A U.S. National Security Threat Amplified by Foreign-Based Actors

thesoufancenter.org/intelbrief-2021-april-20/ In testimony last week to the United States Senate Intelligence Committee, FBI Director Christopher Wray highlighted the continuing national security threat posed by adherents of the QAnon conspiracy theory.

You might be interested in …

Daily NCSC-FI news followup 2020-12-16

SunBurst: the next level of stealth blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth SolarWinds compromise exploited through sophistication and patience. ReversingLabs’ research into the anatomy of this supply chain attack unveiled conclusive details showing that Orion software build and code signing infrastructure was compromised. The source code of the affected library was directly modified to include malicious backdoor code, which was […]

Read More

Daily NCSC-FI news followup 2019-10-31

Breaches at NetworkSolutions, Register.com, and Web.com krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/ Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.. thehackernews.com/2019/10/domain-name-registrars-hacked.html How a months-old AMD microcode bug destroyed my weekend arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/ AMD shipped Ryzen 3000 with a serious microcode […]

Read More

Daily NCSC-FI news followup 2020-06-11

Hackers breached A1 Telekom, Austria’s largest ISP www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/ A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers. Snake Ransomware Delivers Double-Strike on Honda, Energy Co. threatpost.com/snake-ransomware-honda-energy/156462/ The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.