Daily NCSC-FI news followup 2021-08-14

Russian cyberspies targeted the Slovak government for months

therecord.media/russian-cyberspies-targeted-slovak-government-for-months/ A Russian cyber-espionage group linked to one of Russia’s intelligence forces has targeted the Slovak government for months, Slovak security firms ESET and IstroSec said this week. The attacks were attributed to a group known as the Dukes, Nobelium, or APT29, which cyber-security agencies from the US and other countries formally linked to the Russian Foreign Intelligence Service, also known as the SVR, earlier this year after its attack on software company SolarWinds. also:

www.istrosec.com/blog/apt-sk-cobalt/

Scanning for Microsoft Exchange eDiscovery

isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ In the past week, I have notice more scans looking for the following Exchange URL over port 443: /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application. Based on this graph, these scans started almost immediately (17 April 2021) after April patch Tuesday and are still ongoing today.

Workers increasingly steal company data during turnover tsunami’

www.ft.com/content/a7a2b5c4-1653-4364-84c1-c322c5b56745 Employees are taking sensitive computer code from their own companies at three times the rate they were a year ago, according to new research into so-called insider threats, as record numbers of disgruntled workers quit their jobs with pandemic restrictions easing. An analysis of data of 700, 000 company devices by the cyber security group Code42 found that there were about 65m attempts made by staff to exfiltrate source code from their corporate network in the three months to the end of June, up from about 20m in each of the previous three quarters.

Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum

www.bleepingcomputer.com/news/security/emails-from-lithuanian-ministry-of-foreign-affairs-for-sale-on-data-trading-forum/ The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum. The cache supposedly consists of 1.6 million emails containing conversations and documents marked as sensitive and highly sensitive in nature.

Indra Group Attack on Iran Highlights the Threats to Global Critical Infrastructure

blog.checkpoint.com/2021/08/14/indra-group-attack-on-iran-highlights-the-threats-to-global-critical-infrastructure/ Check Point Research (CPR) warns governments everywhere of the importance of protecting critical infrastructure, as it learns that the July 9 cyber attack on Iran’s train system was carried out by Indra, a group that identifies itself as regime opposition and has the capability to wipe out data without direct means for recovery.

You might be interested in …

Daily NCSC-FI news followup 2020-11-02

Oracle Releases Out-of-Band Security Alert us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert Oracle has released an out-of-band security alert to address a remote code execution vulnerabilityCVE-2020-14750in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. Read also: www.oracle.com/security-alerts/alert-cve-2020-14750.html Poliisille ilmoitettujen tietomurtojen määrä on liki tuplaantunut parissa vuodessa rikosten todellinen määrä on vielä suurempi […]

Read More

Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026) blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January […]

Read More

Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.