Daily NCSC-FI news followup 2021-08-04

Microsoft Exchange Used to Hack Diplomats Before 2021 Breach

www.bloomberg.com/news/articles/2021-08-04/microsoft-exchange-used-to-hack-diplomats-before-2021-breach Researchers say attacks a prequel to this year’s cyber-assault. Foreign ministries, energy companies said to be compromised

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

securityintelligence.com/posts/itg18-operational-security-errors-plague-iranian-threat-group/ IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. LittleLooter, ITG18’s Android Surveillance Tool

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks

thehackernews.com/2021/08/new-chinese-spyware-being-used-in.html A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research.

Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

thehackernews.com/2021/08/russian-federal-agencies-were-attacked.html An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020.

New Cobalt Strike bugs allow takedown of attackers’ servers

www.bleepingcomputer.com/news/security/new-cobalt-strike-bugs-allow-takedown-of-attackers-servers/ Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.

White House sees sign’ in new ransomware group’s pledge

therecord.media/white-house-sees-sign-in-new-ransomware-groups-pledge/ A senior White House official on Wednesday said remarks by a new Russia ransomware gang that it wouldn’t target U.S. critical infrastructure is a sign that the administration’s calls for the Kremlin to crack down on cybercriminals is working.

LockBit ransomware recruiting insiders to breach corporate networks

www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.

Several Malware Families Targeting IIS Web Servers With Malicious Modules

thehackernews.com/2021/08/several-malware-families-targeting-iis.html A systematic analysis of attacks against Microsoft’s Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

www.theregister.com/2021/08/04/solarwinds_lawsuit_shareholders_motion_dismiss/ Company says it didn’t skimp on security before everything went wrong

Supply Chain Attacks from a Managed Detection and Response Perspective

www.trendmicro.com/en_us/research/21/h/supply-chain-attacks-from-a-managed-detection-and-response-persp.html In this blog entry, we will take a look at two examples of supply chain attacks that our Managed Detection and Response (MDR) team encountered in the past couple of months. Incident #1: Attack on the Kaseya platform. Incident #2: Credential dumping attack on the Active Directory

Hackers target Kubernetes to steal data and processing power. Now the NSA has tips to protect yourself

www.zdnet.com/article/hacker-target-kubernetes-to-steal-data-and-processing-power-now-the-nsa-has-tips-to-protect-yourself/ The National Security Agency (NSA) has released its first Kubernetes hardening guidance to help organizations deploy the open-source platform for managing containerized applications.

Phishing Campaign Dangles SharePoint File-Shares

threatpost.com/phishing-sharepoint-file-shares/168356/ Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

threatpost.com/security-bugs-takeover-capsule-hotel/168376/ A researcher was able to remotely control the lights, bed and ventilation in “smart” hotel rooms via Nasnos vulnerabilities.

Leaked Document Says Google Fired Dozens of Employees for Data Misuse

www.vice.com/en/article/g5gk73/google-fired-dozens-for-data-misuse Some allegations potentially center around accessing Google user or employee data.

Windows admins now can block external devices via layered Group Policy

www.bleepingcomputer.com/news/microsoft/windows-admins-now-can-block-external-devices-via-layered-group-policy/ Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization’s network.

Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch

www.zdnet.com/article/black-hat-this-is-how-a-naive-nsa-staffer-helped-build-an-offensive-uae-security-branch/ If that job offer looks too good to be true, something else may be afoot. What began as an incredible job offer for a naive, young security analyst turned into an explosive case of former US experts unwittingly helping a foreign service create an offensive security branch.

The State Department and 3 other US agencies earn a D for cybersecurity

arstechnica.com/information-technology/2021/08/the-state-department-and-3-other-us-agencies-earn-a-d-for-cybersecurity/ Two years after a damning cybersecurity report, auditors find little has improved.

INFRA:HALT security bugs impact critical industrial control devices

www.bleepingcomputer.com/news/security/infra-halt-security-bugs-impact-critical-industrial-control-devices/ High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market. The stack is commonly found on real-time operating systems (RTOS) powering operational technology (OT) and industrial control system (ICS) devices to provide internet and network functionality. report:

www.forescout.com/resources/infrahalt-discovering-mitigating-large-scale-ot-vulnerabilities/

NicheStack TCP/IP-toteutuksesta löytyi useita haavoittuvuuksia

www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2021 Erityisesti sulautetuissa järjestelmissä käytössä olevasta NicheStack TCP/IP -toteutuksesta löytyi 14 haavoittuvuutta. Nyt julkaistuista haavoittuvuuksista kaksi on kriittisiä, jotka mahdollistavat etänä suoritettavat komennot. Useat sulautettuja järjestelmiä tuottavat valmistajat käyttävät kyseistä toteutusta omissa tuotteissaan.

Amazon and Google patch major bug in their DNS-as-a-Service platforms

therecord.media/amazon-and-google-patch-major-bug-in-their-dns-as-a-service-platforms/ At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform’s nodes, intercept some of the incoming DNS traffic, and then map customers’ internal networks. While this data looked innocuous, it was not. The data included internal and external IP addresses for each system, computer names, and in some cases, even employee names.

Cisco fixes critical, high severity pre-auth flaws in VPN routers

www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/ Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. CVE-2021-1609 impacts RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers, while CVE-2021-1602 affects RV160, RV160W, RV260, RV260P, and RV260W VPN routers.

You might be interested in …

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Daily NCSC-FI news followup 2021-09-19

An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/ A U.S. company’s tech was abused by the Indian government, amidst warnings Americans are contributing to a spyware industry already under fire for being out of control. Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign […]

Read More

Daily NCSC-FI news followup 2020-05-04

F-Secure varoitti äsken haavoittuvuuksista nyt alkoivat hyökkäykset www.tivi.fi/uutiset/tv/45c37640-e8d3-416b-a501-b10979428311 Salt-sovellus ei välttämättä ole tuttu suurelle yleisölle, mutta järjestelmien ylläpitäjille se on. Sitä käytetään palvelinten hallintaan datakeskuksissa, pilvessä ja yritysten omissa konesaleissa. ZDnet kirjoittaa, että viikonlopun aikana hakkerit ovat uutterasti nuuskineet verkosta Salt-asennuksia. Hyökkäyksiä on myös tehty. Kohteiksi ovat joutuneet ainakin LineageOS -mobiilikäyttöjärjestelmän kehittäjät, Ghost-blogialusta sekä sertifikaattiviranomainen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.