Daily NCSC-FI news followup 2021-07-01

NSA, CISA, NCSC, FBI: Russian military cyber-unit Fancy Bear (APT28) behind large-scale brute-force attacks

therecord.media/fbi-nsa-russian-military-cyber-unit-behind-large-scale-brute-force-attacks/ US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. Direct link to the advisory:


Cyber Espionage on Afghanistan, Kyrgyzstan and Uzbekistan by Chinese-speaking Hacker Group

blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/ Check Point Research (CPR) detects an ongoing cyber espionage operation targeting the Afghan government. Attributed to a Chinese-speaking hacker group, the threat actors impersonated the Office of the President of Afghanistan to infiltrate the Afghan National Security Council (NSC) and used Dropbox to mask their activities.

This major ransomware attack was foiled at the last minute

www.zdnet.com/article/this-ransomware-attack-was-foiled-at-the-last-minute-heres-how-they-spotted-it/ A ransomware gang installed remote desktop software on over 100 machines across a network, and their plans to encrypt the network were only foiled at the last minute when cybersecurity experts were called into a company after suspicious software was found on its network.

Mongolian certificate authority hacked eight times, compromised with malware

decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/ Researchers at Avast noticed that the official website of MonPass, a major certification authority (CA) in Mongolia in East Asia that was backdoored with Cobalt Strike binaries.

Twitter lets users disable SMS 2FA and use only security keys

www.bleepingcomputer.com/news/security/twitter-now-lets-you-use-security-keys-as-the-only-2fa-method/ Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having no backup methods enabled (such as SMS)

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/ Microsoft released a report about finding vulnerabilities in the NETGEAR Router (DGN-2200v1)

Using CVE-2020-9971 to escape Microsoft Office’s app sandbox

perception-point.io/using-cve-2020-9971-to-escape-microsoft-offices-app-sandbox/ Researchers demonstrate how they were able to weaponize a Word document with a published macOS/iOS privilege escalation exploit, lift the app sandbox restrictions and gain higher privileges

You might be interested in …

Daily NCSC-FI news followup 2021-04-14

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.. see […]

Read More

Daily NCSC-FI news followup 2019-09-29

German Cops Raid Cyberbunker 2.0, Arrest 7 in Child Porn, Dark Web Market Sting krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/ German authorities said Friday theyd arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buried inside […]

Read More

Daily NCSC-FI news followup 2020-08-22

Grandoreiro banking trojan impersonates Spains tax agency www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/ Although its been some weeks since the height of the income tax season in many countries around the globe, the year 2020 has been looking less than normal even for cybercriminal activity. For several months, various threat actors have been attempting to impersonate governmental organizations, such as […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.