Daily NCSC-FI news followup 2021-05-01

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. See also:

threatpost.com/portdoor-espionage-malware-takes-aim-at-russian-defense-sector/165770/. See also:

therecord.media/china-linked-apt-group-targets-russian-nuclear-sub-designer-with-an-undocumented-backdoor/

U.S. government probes VPN hack within federal agencies, races to find clues

www.reuters.com/technology/us-government-probes-vpn-hack-within-federal-agencies-races-find-clues-2021-04-29/ It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a stepping-stone to sensitive government and corporate computer networks. The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into

Office 365 security baseline adds macro signing, JScript protection

www.bleepingcomputer.com/news/security/office-365-security-baseline-adds-macro-signing-jscript-protection/ Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object (GPO) baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.

Python also impacted by critical IP address validation vulnerability

www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ The regression bug crept into Python 3.x’s ipaddress module as a result of a change made in 2019 by Python maintainers. It turns out, the ipaddress standard library introduced in Python 3.3 is also impacted by this vulnerability, as disclosed by multiple researchers this week.

You might be interested in …

Daily NCSC-FI news followup 2021-10-19

Kyberturvallisuuskeskus kartoittaa jälleen suojaamattomia automaatiojärjestelmiä www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kartoitus2021 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus etsii tietoverkoista suojaamattomia automaatiolaitteita. Työn tavoitteena on parantaa tilannekuvaa ja kyberturvallisuutta Suomessa. Saatuja tuloksia verrataan aikaisempien vuosien tuloksiin. Oraclen lokakuun 2021 kriittiset korjaukset www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_33/2021 Oracle on julkaissut ennakkotiedotteen 418 tietoturvapäivityksestä yhteensä 29 eri tuotteeseensa. Mukana on myös useita kymmeniä pienemmän kriittisyysluokan päivityksiä. Suosittelemme päivittämään […]

Read More

Daily NCSC-FI news followup 2021-07-11

Chinas Great Firewall is blocking around 311k domains, 41k by accident therecord.media/chinas-great-firewall-is-blocking-around-311k-domains-41k-by-accident/ In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of Chinas Great Firewall internet censorship capabilities. In a research project that lasted nine months, from April to […]

Read More

Daily NCSC-FI news followup 2019-09-16

Undersøgelsesrapport: Statsstøttet hackergruppe forsøger at kompromittere netværksudstyr fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/undersoegelsesrapport-hackergruppe-forsoeger-kompromittere-netvaerksudstyr.aspx En statsstøttet aktør har forsøgt at gennemføre flere angreb på udvalgte danske myndigheder med henblik på spionage. CFCS udsendte den 18. april 2018 et offentligt varsel i forbindelse med hændelserne, og CFCS arbejdede efterfølgende videre og håndterede sagerne i samarbejde med relevante myndigheder.. [PDF] fe-ddis.dk/cfcs/publikationer/Documents/Undersoegelsesrapport-kompromittering-netvaerksudstyr.pdf Exclusive: Russia […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.