Daily NCSC-FI news followup 2022-01-06

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

thehackernews.com/2022/01/north-korean-hackers-start-new-year.html A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation’s Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. “This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks, ” researchers from Lumen Technologies’ Black Lotus Labs said in an analysis shared with The Hacker News. The Konni group’s tactics, techniques, and procedures (TTPs) are known to overlap with threat actors belonging to the broader Kimsuky umbrella, which is also tracked by the cybersecurity community under the monikers Velvet Chollima, ITG16, Black Banshee, and Thallium.

Log4j flaw hunt shows how complicated the software supply chain really is

www.zdnet.com/article/log4j-flaw-hunt-shows-how-complicated-the-software-supply-chain-really-is/ Open source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge with the Log4j flaw (also known as Log4Shell) is not only that admins need to patch the flaw — which got a ‘critical’ rating of 10 out of 10 — but that IT folk can’t easily discover whether a product or system is affected by the vulnerability in the component. Google has calculated that approximately 17, 000 Java packages in the Maven Central repository – the most significant Java package repository – were found to contain the vulnerable log4j-core library as a direct or transitive dependency. It found that overall, direct inclusion of Log4j code in artefacts is not as common as the use of Log4j through dependencies. However, it still adds up to hundreds of packages – around 400 – which directly include Log4j code, opening these packages to Log4j vulnerabilities.

Apache Log4j: Mitigation for DevOps

www.trendmicro.com/en_us/devops/22/a/apache-log4j-mitigation-for-devops.html What can DevOps teams do to mitigate Apache Log4j risks? Explore how to secure your apps for today and against future vulnerabilities.

Microsoft: KB5008212 Windows security update breaks Outlook search

www.bleepingcomputer.com/news/microsoft/microsoft-kb5008212-windows-security-update-breaks-outlook-search/ Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that leads to search issues in Outlook for Microsoft 365. “After you install update KB5008212, recent emails may not appear in search results, ” Microsoft explained in a recently published Office support document. The company said it’s currently investigating this issue and will provide more information and an update as soon as possible.

Attackers Exploit Flaw in Google Docs’ Comments Feature

threatpost.com/attackers-exploit-flaw-google-docs-comments/177412/ Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security firm Avanan, a CheckPoint company, first observed “a new, massive wave of hackers leveraging the comment feature in Google Docs” in December, Avanan Cybersecurity Researcher/Analyst Jeremy Fuchs wrote in a report published Thursday. Avanan first identified that the Comments feature of Google Docs, Sheets and Slides could be exploited to send spam emails in October, but so far Google has not responded to the issue, Fuchs wrote.

Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected

blog.malwarebytes.com/reports/2022/01/intercepting-2fa-over-1200-man-in-the-middle-phishing-toolkits-detected/ Two-factor authentication (2FA) has been around for a while now and

You might be interested in …

Daily NCSC-FI news followup 2021-06-20

Norway says Chinese group APT31 is behind catastrophic 2018 government hack therecord.media/norway-says-chinese-group-apt31-is-behind-catastrophic-2018-government-hack/ Norway’s police secret service said this week that APT31, a cyber-espionage group operating on behalf of China, was responsible for a 2018 breach of the government’s IT network. According to the Norwegian Police Security Service (PST), the 2018 hack was as bad as […]

Read More

Daily NCSC-FI news followup 2020-03-24

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. […]

Read More

Daily NCSC-FI news followup 2020-05-22

Ragnar Locker ransomware deploys virtual machine to dodge security news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ A new ransomware attack method takes defense evasion to a new leveldeploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine.. […]

Read More