BU-CERT News

From kalilinuxtutorials.com

You may have heard of software as a service before, which some people abbreviate as SaaS. Not as many people know about DaaS, or desktop as a service. However, this is becoming a more popular product these days, and you should know about it.

Some individuals also use the term virtual desktop infrastructure when they talk about DaaS. Desktop virtualization involves software technology. You separate the associated application software and the desktop environment. You therefore do not need a physical client device to access it.

We’ll explain a little bit more about this service and some of its benefits below.

Read more…

From scmagazine.com

Microsoft has won praise from security researchers by making its  CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds hack or similar supply chain attacks.  

CodeQL queries code as if it were data, which lets developers write a query that finds all the variants of a vulnerability, and then share it with others.

Read more…

From bleepingcomputer.com

A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.

The ransomware gang first targeted Ecuador’s Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course.

Read more…

From gbhackers.com

Proofpoint Threat Research has tracked low-volume phishing campaigns targeting Tibetan organizations globally. In January and February 2021, experts observed threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts.

Proofpoint has named this malicious browser extension “FriarFox” and attributes this activity to TA413, who in addition to the FriarFox browser extension, was also observed delivering both Scanbox and Sepulcher malware to Tibetan organizations in early 2021.

Read more…

From ehackingnews.com

Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation that are marketed under the Logix brand. These gadgets, which range from the size of a little toaster to a huge bread box or considerably bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs utilizing Rockwell software called Studio 5000 Logix Designer. 

Read more…

From bleepingcomputer.com

American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.

SIM swap fraud (or SIM hijacking) allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters.

Subsequently, they receive the victims’ messages and calls which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.

The criminals can then log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts.

Read more…

From thehackernews.com

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.

Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual gamut of financially-motivated crimes to fund the cash-strapped regime.

This broadening of its strategic interests happened in early 2020 by leveraging a tool called ThreatNeedle, researchers Vyacheslav Kopeytsev and Seongsu Park said in a Thursday write-up.

Read more…