BU-CERT – Bournemouth University Computer Emergency Response Team

Abusing Legitimate Software to Avoid Detection – ‘NAIKON’ APT Caught Running Cyber-Espionage Campaign Against Asian Military Organizations

Posted on 13 May 2021

From businessinsights.bitdefender.com

Advanced Persistent Threat (APT) groups are at the heart of today’s cyber-espionage efforts. Unlike one-off hackers, APTs distinguish themselves through novel attack techniques, cunning lateral movement across the victim’s infrastructure, swift malware deployment, efficient data exfiltration and – perhaps most importantly – stealthy operation to avoid detection by cybersecurity tools.

Bitdefender is proud to publish the results of an investigation into the notorious APT group known as NAIKON, whose recent campaigns focused on stealing data from military organizations in South Asia.

DivideAndScan: efficiently automate port scanning routine

Posted on 13 May 2021

From securityonline.info

DivideAndScan

DivideAndScan is used to efficiently automate the port scanning routine by splitting it into 3 phases:

Discover open ports for a bunch of targets.
Run Nmap individually for each target with version grabbing and NSE actions.
Merge the results into a single Nmap report (different formats available).

For the 1st phase, a fast port scanner is intended to be used (Masscan / RustScan / Naabu), whose output is parsed and stored in a database (TinyDB). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with nMap_Merger.

Microsoft bins Azure Blockchain without explanation, gives users four months to move

Posted on 13 May 2021

From theregister.com

On September 10, 2021, Azure Blockchain will be retired. Please migrate ledger data from Azure Blockchain Service to an alternative offering based on your development status in production or evaluation.

The document offers no explanation for Microsoft’s decision.

But it does offer some hints and tips for what to do next (after you finish cursing the beast of Redmond for pulling the rug out from under your cloud-hosted blockchain on four months’ notice.)

However, that advice is likely to get you cursing again because it opens:

The first step when planning a migration is to evaluate alternative offerings. Evaluate the following alternatives based on your development status of being in production or evaluation.

Whaaaat? Buyers should survey the market for the products they need? Thanks, Microsoft. We wouldn’t have figured that out without your wise counsel.

incremental improvements are not enough as Biden signs order boosting US cyber posture

Posted on 13 May 2021

From zdnet.com

United States President Joe Biden signed an executive order on Wednesday to boost the cyber posture of the federal government.

The order points to recent incidents including the ransomware attack on Colonial Pipeline, Exchange vulnerabilities that led to the FBI removing web shells from US servers, and the SolarWinds attack.

The order said the federal government must lead by example.

“Incremental improvements will not give us the security we need; instead, the federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life,” the order states.

Russian researchers developed methodology to predict cyber risks

Posted on 13 May 2021

From ehackingnews.com

Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the “smart intersection” test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Phishing, ransomware, Web app attacks dominate data breaches in 2021, says Verizon Business DBIR

Posted on 13 May 2021

From zdnet.com

Beware!! Avaddon Ransomware Attack Organizations in a variety of Sectors Around The Globe

Web applications represented 39% of all data breaches in the last year with phishing attacks jumping 11% and ransomware up 6% from a year ago, according to the Verizon Business Data Breach Investigations Report.

The report, based on 5,358 breaches from 83 contributors around the world, highlights how the COVID-19 pandemic move to the cloud and remote work opened up a few avenues for cybercrime.

Verizon Business found that 61% of all breaches involved credential data. Consistent with previous years, human negligence was the biggest threat to security.

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

Posted on 13 May 2021

From contrastsecurity.com

Blog_Jan-Feb 2021 Bimonthly_2021_Figure1

Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic Table of the Elements. It was named for the city where it was discovered in 1923—Copenhagen, Denmark, whose Latin name is Hafnia. Chemically similar to zirconium, it is used for control rods in nuclear reactors.

But some readers of this blog are keenly aware of a newer use of this word. Hafnium is also the name of a state-sponsored threat actor said to be connected to the Chinese government. Its goal is to exfiltrate data from Western organizations of all types, including government and military secrets, medical research, and information on critical infrastructure.