Microsoft Exchange Used to Hack Diplomats Before 2021 Breach
www.bloomberg.com/news/articles/2021-08-04/microsoft-exchange-used-to-hack-diplomats-before-2021-breach Researchers say attacks a prequel to this year’s cyber-assault. Foreign ministries, energy companies said to be compromised
ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/ IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. LittleLooter, ITG18’s Android Surveillance Tool
New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks
thehackernews.com/2021/08/new-chinese-spyware-being-used-in.html A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research.
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus
thehackernews.com/2021/08/russian-federal-agencies-were-attacked.html An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.
New Cobalt Strike bugs allow takedown of attackers’ servers
www.bleepingcomputer.com/news/security/new-cobalt-strike-bugs-allow-takedown-of-attackers-servers/ Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.
White House sees sign’ in new ransomware group’s pledge
therecord.media/white-house-sees-sign-in-new-ransomware-groups-pledge/ A senior White House official on Wednesday said remarks by a new Russia ransomware gang that it wouldn’t target U.S. critical infrastructure is a sign that the administration’s calls for the Kremlin to crack down on cybercriminals is working.
LockBit ransomware recruiting insiders to breach corporate networks
www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.
Several Malware Families Targeting IIS Web Servers With Malicious Modules
thehackernews.com/2021/08/several-malware-families-targeting-iis.html A systematic analysis of attacks against Microsoft’s Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break
www.theregister.com/2021/08/04/solarwinds_lawsuit_shareholders_motion_dismiss/ Company says it didn’t skimp on security before everything went wrong
Supply Chain Attacks from a Managed Detection and Response Perspective
www.trendmicro.com/en_us/research/21/h/supply-chain-attacks-from-a-managed-detection-and-response-persp.html In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months. Incident #1: Attack on the Kaseya platform. Incident #2: Credential dumping attack on the Active Directory
Hackers target Kubernetes to steal data and processing power. Now the NSA has tips to protect yourself
www.zdnet.com/article/hacker-target-kubernetes-to-steal-data-and-processing-power-now-the-nsa-has-tips-to-protect-yourself/ The National Security Agency (NSA) has released its first Kubernetes hardening guidance to help organizations deploy the open-source platform for managing containerized applications.
Phishing Campaign Dangles SharePoint File-Shares
threatpost.com/phishing-sharepoint-file-shares/168356/ Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms
threatpost.com/security-bugs-takeover-capsule-hotel/168376/ A researcher was able to remotely control the lights, bed and ventilation in “smart” hotel rooms via Nasnos vulnerabilities.
Leaked Document Says Google Fired Dozens of Employees for Data Misuse
www.vice.com/en/article/g5gk73/google-fired-dozens-for-data-misuse Some allegations potentially center around accessing Google user or employee data.
Windows admins now can block external devices via layered Group Policy
www.bleepingcomputer.com/news/microsoft/windows-admins-now-can-block-external-devices-via-layered-group-policy/ Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization’s network.
Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch
www.zdnet.com/article/black-hat-this-is-how-a-naive-nsa-staffer-helped-build-an-offensive-uae-security-branch/ If that job offer looks too good to be true, something else may be afoot. What began as an incredible job offer for a naive, young security analyst turned into an explosive case of former US experts unwittingly helping a foreign service create an offensive security branch.
The State Department and 3 other US agencies earn a D for cybersecurity
arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/ Two years after a damning cybersecurity report, auditors find little has improved.
INFRA:HALT security bugs impact critical industrial control devices
www.bleepingcomputer.com/news/security/infra-halt-security-bugs-impact-critical-industrial-control-devices/ High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market. The stack is commonly found on real-time operating systems (RTOS) powering operational technology (OT) and industrial control system (ICS) devices to provide internet and network functionality. report:
NicheStack TCP/IP-toteutuksesta löytyi useita haavoittuvuuksia
www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2021 Erityisesti sulautetuissa järjestelmissä käytössä olevasta NicheStack TCP/IP -toteutuksesta löytyi 14 haavoittuvuutta. Nyt julkaistuista haavoittuvuuksista kaksi on kriittisiä, jotka mahdollistavat etänä suoritettavat komennot. Useat sulautettuja järjestelmiä tuottavat valmistajat käyttävät kyseistä toteutusta omissa tuotteissaan.
Amazon and Google patch major bug in their DNS-as-a-Service platforms
therecord.media/amazon-and-google-patch-major-bug-in-their-dns-as-a-service-platforms/ At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform’s nodes, intercept some of the incoming DNS traffic, and then map customers’ internal networks. While this data looked innocuous, it was not. The data included internal and external IP addresses for each system, computer names, and in some cases, even employee names.
Cisco fixes critical, high severity pre-auth flaws in VPN routers
www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/ Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. CVE-2021-1609 impacts RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers, while CVE-2021-1602 affects RV160, RV160W, RV260, RV260P, and RV260W VPN routers.