Daily NCSC-FI news followup 2021-09-18

Researchers compile list of vulnerabilities abused by ransomware gangs www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/ Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks. All this started with a call to action made by Allan Liska, a member of Recorded Future’s CSIRT, on Twitter over the […]

Read More

[SANS ISC] Simple Analysis Of A CVE-2021-40444 .docx Document, (Sat, Sep 18th)

Analysing a malicious Word document like prod.docx that exploits %%cve:2021-40444%% is not difficult. We need to find the malicious URL in this document. As I’ve shown before, this is quite simple: extract all XML files from the ZIP container (.docx files are OOXML files, that’s a ZIP container with (mostly) XML files) and use a […]

Read More

Daily NCSC-FI news followup 2021-09-17

NSO Group iMessage Zero-Click Exploit Captured in the Wild citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail. Mitigating […]

Read More

[TheRecord] ‘Yes, we are breaking the law:’ An interview with the operator of a marketplace for stolen data

Editor’s Note: A website called Marketo emerged earlier this year, billing itself as a marketplace where people can buy leaked data. Although Marketo isn’t a ransomware group, it appears to borrow key strategies from those types of threat actors.  In late August, the group wrote that it was selling confidential data from Japanese tech firm […]

Read More

[TheRecord] Google will extend Permission Auto-Reset feature to older Android versions

Google announced plans today to port its Permission Auto-Reset feature from Android 11 to older versions of its mobile operating system, as far back as Android 6. Launched last fall, the Permission Auto-Reset feature works by automatically withdrawing user permissions from an app that hasn’t been opened and used for a few months. “Starting in […]

Read More