Daily NCSC-FI news followup 2021-11-27

Hackers are targeting this Microsoft Windows Installer flaw, say security researchers

www.zdnet.com/article/hackers-are-targeting-this-microsoft-windows-installer-flaw-say-security-researchers/ Flaw can be exploited to give an attacker administrator rights on a compromised system, despite efforts to fix the problem. Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer. Microsoft released a patch for CVE-2021-41379, an elevation of privilege flaw in the Windows Installer component for enterprise application deployment. It had an “important” rating and a severity score of just 5.5 out of 10. It wasn’t actively being exploited at the time, but it is now, according to Cisco’s Talos malware researchers. And Cisco reports that the bug can be exploited even on systems with the November patch to give an attacker administrator-level privileges.

Marine services provider Swire Pacific Offshore hit by ransomware

www.bleepingcomputer.com/news/security/marine-services-provider-swire-pacific-offshore-hit-by-ransomware/ Marine services giant Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that allowed threat actors to steal company data. Swire Pacific Offshore discovered an unauthorized network infiltration onto its IT systems, resulting in the compromise of some employee data.

Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090

isc.sans.edu/diary/rss/28072 Over the past 7 days, my honeypot captured a few hundred POST for a vulnerability which appeared to be tracked as a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. If successfully exploited, could allow unauthenticated remote actors to bypass authentication and add the router to the botnet Mirai botnet.

You might be interested in …

Daily NCSC-FI news followup 2020-01-14

Russians Hacked Ukrainian Gas Company at Center of Impeachment www.nytimes.com/2020/01/13/us/politics/russian-hackers-burisma-ukraine.html It is not yet clear what the hackers found, or precisely what they were searching for. But the experts say the timing and scale of the attacks suggest that the Russians could be searching for potentially embarrassing material on the Bidens the same kind of […]

Read More

Daily NCSC-FI news followup 2020-08-06

Australia’s 2020 Cyber Security Strategy www.pm.gov.au/media/australias-2020-cyber-security-strategy The Morrison Governments 2020 Cyber Security Strategy outlines how we will keep Australian families and businesses secure online, protect and strengthen the security and resilience of Australias critical infrastructure and ensure law enforcement agencies have the powers and technical capabilities to detect, target, investigate and disrupt cybercrime, including on […]

Read More

Daily NCSC-FI news followup 2021-08-06

Angry Affiliate Leaks Conti Ransomware Gang Playbook threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/ A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service (RaaS) operation, according to a report. Data revealed by the post included the IP addresses for the group’s Cobalt Strike command-and-control […]

Read More