PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. See also:
U.S. government probes VPN hack within federal agencies, races to find clues
www.reuters.com/technology/us-government-probes-vpn-hack-within-federal-agencies-races-find-clues-2021-04-29/ It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a stepping-stone to sensitive government and corporate computer networks. The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into
Office 365 security baseline adds macro signing, JScript protection
www.bleepingcomputer.com/news/security/office-365-security-baseline-adds-macro-signing-jscript-protection/ Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object (GPO) baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.
Python also impacted by critical IP address validation vulnerability
www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ The regression bug crept into Python 3.x’s ipaddress module as a result of a change made in 2019 by Python maintainers. It turns out, the ipaddress standard library introduced in Python 3.3 is also impacted by this vulnerability, as disclosed by multiple researchers this week.