Infosec News 20210304
Top News
-
Nation-State Hackers are Now Hiring Mercenary APT Groups
"A Blackberry report unveiled that state-backed actors often collaborate with mercenary APT groups to excel in attacks. Simultaneously, it helps state-backed actors lie low with their game plan. "
TLP1 : Green
-
CISA Orders Federal Agencies to Patch Microsoft Exchange Servers After Recent Attacks
"The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered federal agencies to immediately investigate, patch or disconnect their systems"
TLP1 : Green
-
Microsoft: Windows 10 'Known Issue Rollback' auto-fixes update bugs
"Microsoft has shared details on Known Issue Rollback (KIR), a Windows 10 capability used to revert buggy non-security fixes delivered through Windows Update. "
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Countering cyber proliferation: Zeroing in on Access-as-a-Service
"The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace. "
TLP1 : Green
-
Lazarus Group Tied to TFlower Ransomware
"The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware, using its MATA malware framework, security firm Sygnia reports."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Medal of Honor Holders’ Identities Stolen
"A threat actor stole the personally identifiable information of recipients of the US Congressional Medal of Honor and used their personal data to purchase goods from American military exchanges. "
TLP1 : Green
-
Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak
"The information leaked included approximately 8,000,000 voice recordings, 13,000,000 phone numbers, and hundreds of millions of call logs and metadata. In total, nearly 2 billion records were leaked. "
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
GRUB2 boot loader reveals multiple high severity vulnerabilities
"Flaws like these in boot loaders allow circumvention of UEFI Secure Boot, a verification mechanism for ensuring that code executed by a computer's UEFI firmware is trusted and not malicious. "
TLP1 : Green
-
Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)
"Security researcher Alexander Popov has discovered and fixed five similar issues, tracked together as CVE-2021-26708 in the virtual socket implementation of the Linux kernel. "
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Recovering from the SolarWinds hack could take 18 months
"Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery. "
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Hackers Using Tricky SEO Technique to Deliver Malware Payloads
"Gootloader appears to have expanded its payloads further as it now uses SEO poisoning to deliver an array of malware payloads against users in South Korea, Germany, France, and the U.S. "
TLP1 : Green
-
Teatime - An RPC Attack Framework For Blockchain Nodes
"Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.