Daily NCSC-FI news followup 2021-10-30

Hackers Breach iOS 15, Windows 10, Google Chrome During Massive Cyber Security Onslaught

www.forbes.com/sites/daveywinder/2021/10/30/hackers-breach-ios-15-windows-10-google-chrome-during-massive-cyber-security-onslaught/ During the weekend of 16-17 October, Chinese hackers went on something of a rampage that saw all but three of the 15 target products breached during the exploit onslaught that was the Tianfu Cup. This annual competition, held in the Sichuan province of Chengdu, has been the go-to for China’s elite hackers since they were banned from participating in similar competitive hacking events outside of the country.

APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm

www.darkreading.com/threat-intelligence/apts-teleworking-and-advanced-vpn-exploits-the-perfect-storm A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.

Security News This Week: The SolarWinds Hackers Are Looking for Their Next Big Score

www.wired.com/story/solarwinds-hackers-iran-gas-station-hack-ransomware-security-news/ Plus: Gas station hacks in Iran, ransomware arrests in Europe, and more of the week’s top security news.

Remote Desktop Protocol (RDP) Discovery

isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ I have noticed a surge in probe against the RDP service in the past 2 weeks. In August, a remote code execution (RCE) critical patch was released to fix an exploit related to CVE-2021-34535 which include a POC to exploit this vulnerability. This vulnerability is also affecting Microsoft Hyper-V Manager “Enhanced Session Mode” [5] and Microsoft Defender’s Application Guard (WDAG).

Chaos ransomware targets gamers via fake Minecraft alt lists

www.bleepingcomputer.com/news/security/chaos-ransomware-targets-gamers-via-fake-minecraft-alt-lists/ The Chaos Ransomware gang encrypts gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.

TA575 criminal group using ‘Squid Game’ lures for Dridex malware

www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/ The emails come with subject lines saying things like “Squid Game is back, watch new season before anyone else, ” or pretend to offer victims a spot in the cast of the show’s second season.

Ransomware Has Disrupted Almost 1, 000 Schools in the US This Year

www.vice.com/en/article/4awyvp/ransomware-has-disrupted-almost-1000-schools-in-the-us-this-year There have been more than 70 ransomware attacks affecting around 1, 000 U.S. schools this year, and it may get worse before it gets better. This week is busier than normal for a week that does not include 2nd Tuesday, so we are going with a two-part listing. For Part 1 we have ten vendor disclosures from B&R Automation (3), PEPPERL+FUCHS, MB Connect, CODESYS (4), and Dell.

You might be interested in …

Daily NCSC-FI news followup 2021-08-30

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16 blog.malwarebytes.com/podcast/2021/08/hackers-tractors-and-a-few-delayed-actors-how-hacker-sick-codes-learned-too-much-about-john-deere-lock-and-code-s02e16/ No one ever wants a group of hackers to say about their company: We had the keys to the kingdom.. But thats exactly what the hacker Sick Codes said on this weeks episode […]

Read More

Daily NCSC-FI news followup 2021-07-31

Experts Uncover Several C&C Servers Linked to WellMess Malware thehackernews.com/2021/07/experts-uncover-several-c-servers.html Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian […]

Read More

Daily NCSC-FI news followup 2021-06-20

Norway says Chinese group APT31 is behind catastrophic 2018 government hack therecord.media/norway-says-chinese-group-apt31-is-behind-catastrophic-2018-government-hack/ Norway’s police secret service said this week that APT31, a cyber-espionage group operating on behalf of China, was responsible for a 2018 breach of the government’s IT network. According to the Norwegian Police Security Service (PST), the 2018 hack was as bad as […]

Read More