Daily NCSC-FI news followup 2021-08-03

Five Southeast Asian telcos hacked by three different Chinese espionage groups

therecord.media/five-southeast-asian-telcos-hacked-by-three-different-chinese-espionage-groups/ At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups. “These are global telcos with tens of millions of customers, ” Assaf Dahan, Senior Director and Head of Threat Research at security firm Cybereason, told The Record this week. report:

www.cybereason.com/blog/deadringer-exposing-chinese-threat-actors-targeting-major-telcos

Lietsooko joku sotaa Itämerelle? Yhdysvaltojen hävittäjäaluksen sijainti väärennettiin Venäjän merialueelle

www.is.fi/digitoday/art-2000008166319.html Viimeisen vuoden aikana kansainväliseen merenkulun tietokantaan on väärennetty noin sadan sotalaivan paikkatietoja. Väärennökset on luotu todennäköisesti jonkinlaisella AIS-simulaattoriohjelmalla ja syötetty järjestelmään maalla sijaitsevien AIS-vastaanottimien kautta.

DeadRinger’ Targeted Exchange Servers Long Before Discovery

threatpost.com/deadringer-targeted-exchange-servers-before-discovery/168300/ Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.

Princess Latifa campaigner had phone compromised by Pegasus spyware’

www.theguardian.com/world/2021/aug/02/princess-latifa-campaigner-david-haigh-phone-compromised-pegasus-spyware Human rights activist David Haigh targeted in attack suspected to have been ordered by Dubai

Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more

news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/ Cookie and credential stealing malware-as-a-service delivered by dropper-as-a-service now packs a “clipper” to steal crypto-transactions, and can drop other malware.

Huijaussivustot ovat nyt myös S-pankin riesana: “Voin vahvistaa, että meidän asiakkaita on niihin haksahtanut”

yle.fi/uutiset/3-12044949 Hakukoneiden ja netissä olevien mainosten kautta S-pankin asiakkaita on ohjattu aidon näköisille valesivustoille. Hakukoneiden sijaan pankki kehottaa käyttämään mobiilisovellusta tai kirjoittamaan itse nettiselaimen osoiteriville pankin verkkosivujen osoite.

Value of PLC Key Switch Monitoring to Keep Critical Systems More Secure

www.dragos.com/blog/industry-news/value-of-plc-key-switch-monitoring/ Programmable Logic Controllers (PLC) and Safety Instrumented Systems (SIS) Controllers have historically included an external switch, generally in the form of a key, to perform maintenance and troubleshooting. The key switch has become commonplace for automation engineers and technicians who maintain and support these systems and understand the importance of the little switch in overall device operation and affects the underlying process.

WireGuard VPN gets native port to the Windows kernel

www.theregister.com/2021/08/03/wireguard_native_windows_port/ WireGuard, a high performance and easily configured VPN protocol, is getting a native port from Linux to the Windows kernel, and the code has been published as experimental work in progress.

Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

www.theregister.com/2021/08/03/russia_cybercrime_laws/ Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.

NSA, CISA release Kubernetes Hardening Guidance

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/ The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance, ” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.

Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

kb.cert.org/vuls/id/405600 Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. The CERT/CC is currently unaware of a practical solution to this problem. Please see KB5005413 for several workarounds.

Bipartisan report finds agencies plagued by cyber woes

therecord.media/bipartisan-report-finds-agencies-plagued-by-cyber-woes/ Several major federal agencies continue to fail to address recurring cybersecurity vulnerabilities or implement basic standards that would protect the public’s sensitive information, according to the results of a new bipartisan congressional investigation.

Trusted platform module security defeated in 30 minutes, no soldering required

arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/ Sometimes, locking down a laptop with the latest defenses isn’t enough. Microsoft’s BitLocker, meanwhile, doesn’t use any of the encrypted communications features of the latest TPM standard. That meant if the researchers could tap into the connection between the TPM and the CPU, they might be able to extract the key.

You might be interested in …

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Daily NCSC-FI news followup 2019-09-15

Attack Landscape H1 2019: IoT, SMB traffic abound blog.f-secure.com/attack-landscape-h1-2019-iot-smb-traffic-abound/ To no ones surprise, internet of things (IoT) device insecurity has emerged as a top concern and top driver of internet attack traffic in the first half of 2019. According to our new report, Attack Landscape H1 2019, which details traffic measured by F-Secures global network […]

Read More

Daily NCSC-FI news followup 2021-08-01

A Tech Firm Has Blocked Some Governments From Using Its Spyware Over Misuse Claims www.npr.org/2021/07/29/1022409865/nso-suspended-govvernment-contracts-spyware-pegasus-project?t=1627773668726 Israeli spyware company NSO Group has temporarily blocked several government clients around the world from using its technology as the company investigates their possible misuse, a company employee told NPR on Thursday. DarkSide ransomware gang returns as new BlackMatter operation […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.