google-site-verification: googlee9447d3b266da5de.html

NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity


Weekly Threat Report - 29th May 2020

Exim flaw highlighted by NSA

The US National Security Agency has published an advisory this week relating to the ongoing exploitation of Exim vulnerability CVE-2019-10149.

Russian military cyber actors, known as Sandworm, have been exploiting a vulnerability in Exim mail transfer agent. To mitigate the CVE -2019-10149 vulnerability, providers should update Exim immediately by installing version 4.93 or newer.

The NCSC published a statement in support of the NSA’s findings and has previously published an advisory which provides details and mitigation advice on a number of Exim vulnerabilities.

The UK and its allies have previously exposed numerous campaigns by the GRU of indiscriminate and reckless cyber attacks. Earlier this year, the UK government publicly condemned an unacceptable campaign of cyber attacks against Georgia. The NCSC assessed with the highest level of probability that the Russian GRU was behind these attacks


Researchers disclose new features of latest ComRAT malware

In a whitepaper published this week, cyber security firm ESET detail how new features of the ComRAT v4 malware are being used to target political institutions.

TURLA, one of Russia’s most notorious hacker groups, has targeted two ministries of Foreign Affairs and a national parliament using the ComRAT v4 malware.

The malware uses a complex backdoor to steal sensitive documents and upload these to a public cloud service.

Hackers are now using ComRAT to collect antivirus logs from infected computers. They also noted that ComRAT can use the Gmail web interface to receive commands and exfiltrate data.

This means hackers can take over a victim’s web browser to load malware that takes commands from emails that hackers send to the victim. This is different to the traditional method of using HTTP to execute instructions to victim’s devices.

ComRAT has been used to target political institutions in the past and this appears to be continuing. ESET’s whitepaper provides insight into the attacker’s activity and helpfully provides a list of MITRE ATT&CK techniques.

Our Cyber Assessment Framework (CAF) contains a section on building resilient networks and systems against cyber attacks but these other pieces of guidance might be useful:



Topics Cyber threat

Personal data

PhishingDevices

Cyber attack


National Cyber Security Centre Weekly Threat Reports

ASKET Cyber Security Resources


10 views
ASKET Social Media
  • Grey LinkedIn Icon
  • Grey Twitter Icon
  • Grey Facebook Icon

SOCIAL MEDIA

ASKET Contact

CONTACT

UK Tel: +44 7827 012195

UAE Tel: +971 5283 33164

Email: broker@asket.co.uk

ASKET Address

ADDRESS

ASKET Ltd​

86-90 Paul Street​

London​

EC2A 4NE

Company NO: 08763474