Comments on: Cyber security news February 2021

By: túi lọc bụi

túi lọc bụi — Tue, 09 Mar 2021 08:11:30 +0000

This article is extremely quality from the content to the image, hope you will continue to share it in the coming time. Thank you and respect you very much.

By: Tomi Engdahl

Tomi Engdahl — Tue, 02 Mar 2021 18:14:32 +0000

Chinese hackers cloned attack tool belonging to NSA’s Equation Group
Updated: The Jian tool was used to exploit a Windows zero-day vulnerability years before a patch was issued.
https://www.zdnet.com/article/chinese-hackers-cloned-attack-tools-belonging-to-nsas-equation-group/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

By: Tomi Engdahl

Tomi Engdahl — Tue, 02 Mar 2021 12:24:35 +0000

Home › SCADA / ICS
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers
By Eduard Kovacs on February 26, 2021
https://www.securityweek.com/unprotected-private-key-allows-remote-hacking-rockwell-controllers

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.

The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:45:10 +0000

SHAREit fixes security bugs in app with 1 billion download
https://www.bleepingcomputer.com/news/security/shareit-fixes-security-bugs-in-app-with-1-billion-downloads/
Singapore-based Smart Media4U Technology said today that it fixed
SHAREit vulnerabilities that may have allowed attackers to execute
arbitrary code remotely on users’ devices. The security bugs impact
the company’s SHAREit Android app, an application that downloaded more
than 1 billion times, according to Google Play Store statistics.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:44:42 +0000

Python programming language hurries out update to tackle remote code
vulnerability
https://www.zdnet.com/article/python-programming-language-hurries-out-update-to-tackle-remote-code-vulnerability
The Python Software Foundation (PSF) has rushed out Python 3.9.2 and
3.8.8 to address two notable security flaws, including one that is
remotely exploitable but in practical terms can only be used to knock
a machine offline.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:43:44 +0000

Jian The Chinese Double-edged Cyber Sword
https://blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/
In the last few months, Check Point Research (CPR) focused on recent
Windows Local Privilege Escalation (LPE) exploits attributed to
Chinese actors. An LPE is used by attackers to acquire Administrator
rights on a Windows machine. During this investigation, our malware
and vulnerability researchers managed to unravel the hidden story and
origins behind “Jian”, an exploit that was previously attributed to
the Chinese-affiliated attack group named APT31 (Zirconium)

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:42:54 +0000

Google shares PoC exploit for critical Windows 10 Graphics RCE bug
https://www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/
Project Zero, Google’s 0day bug-hunting team, shared technical details
and proof-of-concept (PoC) exploit code for a critical remote code
execution (RCE) bug affecting a Windows graphics component.. They
reported the bug to the Microsoft Security Response Center in
November. The company released security updates to address it on all
vulnerable platforms on February 9, during this month’s Patch Tuesday.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:42:31 +0000

Microsoft fixes Windows 10 drive corruption bug what you need to know
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-drive-corruption-bug-what-you-need-to-know/
With this week’s release of Windows 10 Insider build 21322, Microsoft
has included an undocumented fix that prevents the path from being
accessed.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:42:15 +0000

https://www.forbes.com/sites/thomasbrewster/2021/02/25/exclusive-hackers-break-into-biochemical-systems-at-oxford-uni-lab-studying-covid-19/
Oxford University confirmed on Thursday it had detected and isolated
an incident at the Division of Structural Biology (known as Strubi)
after Forbes disclosed that hackers were showing off access to a
number of systems. These included machines used to prepare biochemical
samples, though the university said it couldnt comment further on the
scale of the breach. It has contacted the . National Cyber Security
Center (NCSC), a branch of the British intelligence agency GCHQ, which
will now investigate the attack.. The crew, according to [Hold
Security's Alex] Holden, is highly sophisticated and has been
privately selling stolen data from a number of its victims, and has
previously sold to advanced persistent threat groups, a term for
nation-state-backed hackers. He noted that the hackers spoke
Portuguese. Some of the groups other victims include Brazilian
universities, Holden added, and they also . use ransomware to extort
some victims.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Mar 2021 08:40:20 +0000

Former SolarWinds CEO blames intern for ‘solarwinds123′ password leak
https://edition.cnn.com/2021/02/26/politics/solarwinds123-password-intern/
The researcher who discovered the leaked password, Vinoth Kumar,
previously told CNN that before the company corrected the issue in
November 2019, the password had been accessible online since at least
June 2018.. Emails between Kumar and SolarWinds showed that the leaked
password allowed Kumar to log in and successfully deposit files on the
company’s server. Using that tactic, Kumar warned the company, any
hacker could upload malicious programs to SolarWinds.