Daily NCSC-FI news followup 2021-05-27

Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html In April, Mandiant published information about Pulse Secure devices, in this blog post they update the findings and provide recommendations to defenders

APT hackers breached US local govt by exploiting Fortinet bugs

www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/ FBI: As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government. FBI Flash alert:

www.aha.org/system/files/media/file/2021/05/fbi-flash-tlp-white-apt-actors-exploiting-fortinet-vulnerabilities-to-gain-access-for-malicious-activity-5-27-21.pdf

Analysis report of the Facefish rootkit

blog.netlab.360.com/ssh_stealer_facefish_en/ Indepth analysis of a rootkit/backdoor for Linux called “Facefish” that steals ssh credentials from server and client, and can provide attackers the means to execute commands on the system

Klarna mobile app bug let users log into other customers’ accounts

www.bleepingcomputer.com/news/security/klarna-mobile-app-bug-let-users-log-into-other-customers-accounts/ Klarna Bank suffered a severe technical issue this morning that allowed mobile app users to log into other customers’ accounts and see their stored information.

Japanese government agencies suffer data breaches after Fujitsu hack

www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/ Offices of multiple Japanese agencies were breached via Fujitsu’s “ProjectWEB” information sharing tool. By gaining unauthorized access to government systems via ProjectWEB, attackers were able to obtain at least 76, 000 e-mail addresses, and proprietary information, including the e-mail system settings.

Belgium government discovered 2019 hack during Hafnium investigation

therecord.media/belgium-government-discovers-old-2019-hack-during-hafnium-investigation/ Officials found Exchange servers that were vulnerable and needed patching, but the IT staff at the Federal Public Service Interiorthe country’s interior ministryalso found additional signs of compromise that dated back years, rather than months, when the first Hafnium attacks were spotted.

Cryptocurrency scam attack on Twitter reminds users to check their app connections

www.tripwire.com/state-of-security/featured/cryptocurrency-scam-attack-twitter-check-app-connections/ Internet entrepreneur Carl Pei, the co-founder of smartphone firm OnePlus, has been a victin of cryptocurrency scammers using his Twitter account to send fraudulent message to his 330, 000 followers.

Deep dive into Visual Studio Code extension security vulnerabilities

snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/ Snyk has discovered a new vector for supply chain attacks: IDE plugins. Severe vulnerabilities were found in popular VS Code extensions, enabling attackers to compromise local machines as well as build and deployment systems through a developer’s IDE.

You might be interested in …

Daily NCSC-FI news followup 2020-03-12

Critical Patch Released for ‘Wormable’ SMBv3 Vulnerability Install It ASAP! thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.. see also www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa 48K Windows Hosts Vulnerable […]

Read More

Daily NCSC-FI news followup 2020-08-30

Major internet outage: Dozens of websites and apps are down edition.cnn.com/2020/08/30/tech/internet-outage-cloudflare/index.html Cloudflare, an internet service that is supposed to keep websites up and running, was down itself Sunday, taking dozens of websites and online services along with it. Hulu, the PlayStation Network, Xbox Live, Feedly, Discord, and dozens of other services reported connectivity problems Sunday […]

Read More

Daily NCSC-FI news followup 2019-10-23

NCSC-UK Annual Review 2019 www.ncsc.gov.uk/news/annual-review-2019 Single-page version PDF: www.ncsc.gov.uk/files/NCSC_Annual%20Review_2019%20single%20pagination.pdf Virus Bulletin confernce 2019: Papers on Emotet and Ryuk www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/ Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.