Daily NCSC-FI news followup 2021-05-20

China could soon have stronger privacy laws than the U.S.

www.protocol.com/china/china-privacy-laws-surpass-usa In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and misuse of personal data by tech companies and even, to some extent, by the government.

Amazon’s Sidewalk Network Is Turned On by Default. Here’s How to Turn It Off

www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html First, let’s talk about Sidewalk. The idea behind is actually really smart–make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn’t located close to your WiFi router, but it happens to near an Echo Dot, it can use Sidewalk to stay connected.

Mobile app developers misconfiguration of third party services leave personal data of over 100 million exposed

research.checkpoint.com/2021/mobile-app-developers-misconfiguration-of-third-party-services-leave-personal-data-of-over-100-million-exposed/ Real-time database allows application developers to store data on the cloud, making sure it is synched in real-time to every connected client. This service solves one of the most encountered problems in application development, while making sure that the database is supported for all client platforms. But what happens if the developer behind the app does not configure their real-time database with . one of the most basic features authentication?

The Full Story of the Stunning RSA Hack Can Finally Be Told

www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/ In 2011, Chinese spies stole the crown jewels of cybersecuritystripping protections from firms and government agencies worldwide. Heres how it happened.

Hetzner cloud server provider bans cryptocurrency mining

www.bleepingcomputer.com/news/cryptocurrency/hetzner-cloud-server-provider-bans-cryptocurrency-mining/ “With storage boxes this leads to problems with the bandwidth on the host systems. With chia mining there is also the problem that the hard drives are extremely stressed by the many read and write processes and will therefore break.”

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

thehackernews.com/2021/05/android-issues-patches-for-4-new-zero.html Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days.

Russian hacker sentenced to 5 years for $1.5 million tax fraud

therecord.media/russian-hacker-sentenced-to-5-years-for-1-5-million-tax-fraud/ Anton Bogdanov, a 35-year-old who is also known online as Kusok, participated in a scheme in which he stole personal information and used it to file fraudulent tax returns on behalf of Americans between June 2014 and November 2016. Bogdanov and his co-conspirators exploited a vulnerability in a remote access program used by the tax preparation firms to allow employees to log in to systems . from home and while traveling, according to an indictment.

Craig Federighi says the Mac has an unacceptable malware problem

9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/ As detailed earlier this afternoon, Craig Federighi is currently testifying during the Apple vs. Epic lawsuit. While facing questioning from Apples lawyers, Federighi made some interesting comments about security, particularly noting that the Mac currently has a level of malware that Apple does not find acceptable.

Apple macOS SMB server signature verification information disclosure vulnerability

talosintelligence.com/vulnerability_reports/TALOS-2021-1237 [Analysis of a patched vuln] An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a malicious packet to the vulnerable server.

Qlocker ransomware shuts down after extorting hundreds of QNAP users

www.bleepingcomputer.com/news/security/qlocker-ransomware-shuts-down-after-extorting-hundreds-of-qnap-users/ The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices.

Look how many cybercriminals love Cobalt Strike

www.intel471.com/blog/cobalt-strike-cybercriminals-trickbot-qbot-hancitor Despite the obfuscation techniques, Intel 471 has collected a wealth of information on how the cybercrime underground has refashioned this security tool to its advantage. The following takes a deeper look at which threat actor groups and malware families are dropping Cobalt Strike for post-exploitation.

Tracking BokBot Infrastructure

team-cymru.com/blog/2021/05/19/tracking-bokbot-infrastructure/ In the past BokBot was itself primarily distributed via the Emotet botnet. Since the takedown of Emotet earlier this year we have been tracking BokBot to see how the actors might react to and seek to exploit the situation for personal gain.

DHS announces program to mitigate vulnerabilities below the operating system

www.scmagazine.com/home/security-news/vulnerabilities/dhs-announces-program-to-mitigate-vulnerabilities-below-the-operating-system/ Officials from the Cybersecurity and Infrastructure Security Agency announced a new initiative to fight firmware vulnerabilities at the RSA Conference Wednesday afternoon.. In cybersecurity, we spend the majority of our time observing, analyzing, and responding to vulnerabilities in operating systems, and at the application layer, said Rohner. And yet, there are categories of vulnerabilities lurking beneath the proverbial surface that we arent dealing with through our vulnerability research efforts and our incident response activities.

go.recordedfuture.com/hubfs/cta-2021-0520.pdf The sharing of information, tools, and manuals by threat actors on dark web forums allows fraudsters to learn tips and tricks from one another and to continue to refine their techniques to successfully engage with victims. This also lowers the barrier of entry so that even novice threat actors can successfully participate in dating fraud.

TV remote turned into a listening device

www.kaspersky.com/blog/rsa2021-tv-remote-listening-device/40022/ Having studied the remotes firmware (with a copy conveniently stored on the set-top boxs hard drive), the researchers were able to determine the alterations that would enable the firmware to command the remote control to turn on the microphone and transmit sound over the radio channel.

SimuLand: Understand adversary tradecraft and improve detection strategies

www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-tradecraft-and-improve-detection-strategies/ SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each . simulation exercise.

www.bleepingcomputer.com/news/security/spammers-flood-pypi-with-pirated-movie-links-and-bogus-packages/ PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or “warez” sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-…. In recent months, the attacks on open-source ecosystems like npm, RubyGems, and PyPI have escalated.

Conti ransomware gives HSE Ireland free decryptor, still selling data

www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/ Today, the ransomware gang posted a link to a free decryptor in their negotiation chat page for the HSE that can be used use to recover encrypted files for free.. However, the threat actors warn that they will still be selling or publishing the stolen private data if a ransom of $19,999,000 is not paid.

Hello, Is It Me Youre Phishing For: Amazon Vishing Attacks

www.armorblox.com/blog/amazon-vishing-voice-phishing-attacks/ In todays Blox Tale, we will look at two Amazon vishing attacks that attempted to steal victims credit card details by sending fake order receipts and including phone numbers to call for processing order returns.

A doctor reveals the human cost of the HSE ransomware attack

blog.malwarebytes.com/ransomware/2021/05/a-doctor-reveals-the-human-cost-of-the-hse-ransomware-attack/ Daniel (not his real name) sat with Malwarebytes Labs on condition of anonymity, to explain how this cyberattack is continuing to affect the lives of vulnerable patients, and the people trying to treat them.

You might be interested in …

Daily NCSC-FI news followup 2021-09-06

Conti affiliates use ProxyShell Exchange exploit in ransomware attacks news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ An investigation into recent attacks by a Conti affiliate reveals that that the attackers initially accessed targeted organizations networks with ProxyShell, an exploit of vulnerabilities in Microsoft Exchange that have been the subject of multiple critical updates over the past several months. The attacker otherwise […]

Read More

Daily NCSC-FI news followup 2020-12-30

DHS orders federal agencies to update SolarWinds Orion platform www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/ The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020. Microsoft: SolarWinds hackers’ goal was the victims’ cloud data www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/ Microsoft says […]

Read More

Daily NCSC-FI news followup 2021-01-08

Sealed U.S. Court Records Exposed in SolarWinds Breach krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/ The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.