Daily NCSC-FI news followup 2021-09-16

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

us-cert.cisa.gov/ncas/alerts/aa21-259a The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software. Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. CVE-2021-40539, rated critical by the Common Vulnerability Scoring System (CVSS), is an authentication bypass vulnerability affecting representational state transfer (REST) application programming interface (API) URLs that could enable remote code execution.

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/ Bitdefender announced the availability of a universal decryptor for REvil/Sodinokibi. Created in collaboration with a trusted law enforcement partner, this tool helps victims encrypted by REvil ransomware to restore their files and recover from attacks made before July 13, 2021.

Customer Care Giant TTEC Hit By Ransomware

krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/ TTEC, a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack. TTEC’s own message to employees suggests the company’s network may have been hit by the ransomware group “Ragnar Locker”.

Ransomware scammers target artists with fake Krita revenue deals

blog.malwarebytes.com/cybercrime/2021/09/ransomware-scammers-target-artists-with-fake-krita-revenue-deals/ The Krita digital painting application is currently being targeted by ransomware authors. Ransomware scammers send out mails to artists. Those mails claim to be from the team behind the Krita tool, and contain links which redirect potential victims to the real domain. This is to make everything look above board and legitimate. Regardless of how the emails present themselves, there’s one common factor. They claim to link to a “mediabank” which contains icons, screenshots and previous video campaigns. The contents are “confidential”, which is a sneaky way to prevent potential victims telling anybody about it. Some folks have reported the contents of the zip as.scr files masquerading as images/videos.

Anonymous hacks and leaks data from domain registrar Epik

therecord.media/anonymous-hacks-and-leaks-data-from-domain-registrar-epik/ Hacktivist group Anonymous has successfully breached and leaked the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years, such as Gab, Parler, and The Donald. The hack, which based on timestamps in the leaked data took place on February 28, was announced on Monday via a dedicated website and posts on internet forum 4chan.

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

thehackernews.com/2021/09/travis-ci-flaw-exposes-secrets-of.html Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue tracked as CVE-2021-41077 concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the software build process. The problem is said to have lasted during an eight-day window between September 3 and September 10. Felix Lange of Ethereum has been credited with discovering the leakage on September 7, with the company’s Péter Szilágyi pointing out that “anyone could exfiltrate these and gain lateral movement into 1000s of organizations.”

Suomalaiset jakavat kieroa huijausta Facebookissa hairahduksen hinta 67 /kk

www.is.fi/digitoday/tietoturva/art-2000008267817.html Facebookissa on käynnissä huijauskampanja, jolla houkutellaan suomalaisia tilausansaan. Huijauksen takana on Finnkino Suomi -niminen valesivu Facebookissa. Sivu on väärennetty, ja sillä käytetään Finnkinon tuotemerkkiä. Sekä mainos että huijausviesti ovat hyvää suomen kieltä. Huijaus on kauttaaltaan poikkeuksellisen uskottava.

New Windows security updates break network printing

www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Windows administrators report wide-scale network printing problems after installing this week’s September 2021 Patch Tuesday security updates. On Tuesday, Microsoft released sixty security updates and fixes for numerous bugs as part of their monthly Patch Tuesday updates, including a fix for the last remaining PrintNightmare vulnerability tracked as CVE-2021-36958. However, many Windows system administrators are now reporting that their computers can no longer print to network printers after installing the PrintNightmare fixes on their print servers.

You might be interested in …

Daily NCSC-FI news followup 2021-06-07

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments unit42.paloaltonetworks.com/siloscape/ In March 2021, I uncovered the first known malware targeting Windows containers, a development that is not surprising given the massive surge in cloud adoption over the past few years. I named the malware Siloscape (sounds like silo escape) because its primary goal […]

Read More

Daily NCSC-FI news followup 2020-03-16

Coronavirus-themed phishing attacks and hacking campaigns are on the rise www.zdnet.com/article/coronavirus-themed-phishing-attacks-and-hacking-campaigns-are-on-the-rise/ Opportunist crooks are exploiting coronavirus as part of their phishing attacks, malware, ransomware and more. The National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. Experts at the NCSC the […]

Read More

Daily NCSC-FI news followup 2020-09-12

IT staffing firm Artech says ransomware attack led to data breach www.bleepingcomputer.com/news/security/it-staffing-firm-artech-says-ransomware-attack-led-to-data-breach/ Artech Information Systems, one of the largest US IT staffing companies, has disclosed a data breach caused by a ransomware attack that affected some of its systems during early January 2020. Its No Giggle: Managing Expectations for Vulnerability Disclosure threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ Vulnerability-disclosure policies (VDPs), […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.