Daily NCSC-FI news followup 2021-04-09

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. Critical Zoom vulnerability […]

Read More

Daily NCSC-FI news followup 2021-04-08

Researchers uncover a new Iranian malware used in recent cyberattacks thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting […]

Read More

Daily NCSC-FI news followup 2021-04-07

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/ During the first day of Pwn2Own 2021, contestants won $440, 000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the […]

Read More

Daily NCSC-FI news followup 2021-04-06

Spy Operations Target Vietnam with Sophisticated RAT threatpost.com/spy-operations-vietnam-rat/165243/ An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT) known […]

Read More

Daily NCSC-FI news followup 2021-04-05

Supply chain attacks: what we know about the SolarWinds Sunburst’ exploit, and why it still matters blog.checkpoint.com/2021/04/05/supply-chain-attacks-what-we-know-about-the-solarwinds-sunburst-exploit-and-why-it-still-matters/ In a press conference, more than 2 months after the incident, the U.S. deputy national security advisor said that investigators were still in the “beginning stages” of understanding the scope and scale of the attack. What makes the […]

Read More

Daily NCSC-FI news followup 2021-04-04

Malware attack is preventing car inspections in eight US states www.bleepingcomputer.com/news/security/malware-attack-is-preventing-car-inspections-in-eight-us-states/ A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. Applus Technologies cannot provide a time frame for when they will restore service as State governments require them to […]

Read More

Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial […]

Read More

Daily NCSC-FI news followup 2021-04-02

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. FBI and CISA warn of […]

Read More

Daily NCSC-FI news followup 2021-04-01

www.zdnet.com/article/google-north-korean-hackers-targeting-researchers-now-pretend-to-be-from-offensive-security-firm/ BazarCall malware uses malicious call centers to infect victims www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/ Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs […]

Read More

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More