NSA, CISA, NCSC, FBI: Russian military cyber-unit Fancy Bear (APT28) behind large-scale brute-force attacks
therecord.media/fbi-nsa-russian-military-cyber-unit-behind-large-scale-brute-force-attacks/ US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. Direct link to the advisory:
Cyber Espionage on Afghanistan, Kyrgyzstan and Uzbekistan by Chinese-speaking Hacker Group
blog.checkpoint.com/2021/07/01/cyber-espionage-on-afghanistan-kyrgyzstan-and-uzbekistan-by-chinese-speaking-hacker-group/ Check Point Research (CPR) detects an ongoing cyber espionage operation targeting the Afghan government. Attributed to a Chinese-speaking hacker group, the threat actors impersonated the Office of the President of Afghanistan to infiltrate the Afghan National Security Council (NSC) and used Dropbox to mask their activities.
This major ransomware attack was foiled at the last minute
www.zdnet.com/article/this-ransomware-attack-was-foiled-at-the-last-minute-heres-how-they-spotted-it/ A ransomware gang installed remote desktop software on over 100 machines across a network, and their plans to encrypt the network were only foiled at the last minute when cybersecurity experts were called into a company after suspicious software was found on its network.
Mongolian certificate authority hacked eight times, compromised with malware
decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/ Researchers at Avast noticed that the official website of MonPass, a major certification authority (CA) in Mongolia in East Asia that was backdoored with Cobalt Strike binaries.
Twitter lets users disable SMS 2FA and use only security keys
www.bleepingcomputer.com/news/security/twitter-now-lets-you-use-security-keys-as-the-only-2fa-method/ Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having no backup methods enabled (such as SMS)
Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/ Microsoft released a report about finding vulnerabilities in the NETGEAR Router (DGN-2200v1)
Using CVE-2020-9971 to escape Microsoft Office’s app sandbox
perception-point.io/using-cve-2020-9971-to-escape-microsoft-offices-app-sandbox/ Researchers demonstrate how they were able to weaponize a Word document with a published macOS/iOS privilege escalation exploit, lift the app sandbox restrictions and gain higher privileges