Daily NCSC-FI news followup 2021-05-01

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. See also:

threatpost.com/portdoor-espionage-malware-takes-aim-at-russian-defense-sector/165770/. See also:

therecord.media/china-linked-apt-group-targets-russian-nuclear-sub-designer-with-an-undocumented-backdoor/

U.S. government probes VPN hack within federal agencies, races to find clues

www.reuters.com/technology/us-government-probes-vpn-hack-within-federal-agencies-races-find-clues-2021-04-29/ It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a stepping-stone to sensitive government and corporate computer networks. The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into

Office 365 security baseline adds macro signing, JScript protection

www.bleepingcomputer.com/news/security/office-365-security-baseline-adds-macro-signing-jscript-protection/ Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object (GPO) baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.

Python also impacted by critical IP address validation vulnerability

www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ The regression bug crept into Python 3.x’s ipaddress module as a result of a change made in 2019 by Python maintainers. It turns out, the ipaddress standard library introduced in Python 3.3 is also impacted by this vulnerability, as disclosed by multiple researchers this week.

You might be interested in …

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Daily NCSC-FI news followup 2021-04-12

Israel appears to confirm it carried out cyberattack on Iran nuclear facility www.theguardian.com/world/2021/apr/11/israel-appears-confirm-cyberattack-iran-nuclear-facility Israel appeared to confirm claims that it was behind a cyber-attack on Irans main nuclear facility on Sunday, which Tehrans nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators. Sisä-Suomen poliisilaitoksella on tutkittavana useita WhatsApp-sovelluksen […]

Read More

Daily NCSC-FI news followup 2019-12-16

Inside Evil Corp, a $100M Cybercrime Menace krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/ The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself Evil Corp and stole roughly $100 million from businesses and consumers. As […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.