Security information (January 31, 2020)

[German]To conclude the month of January 2020, here is some information on security issues that have come to my attention in the last few hours.


NEC hacked in 2016

The Japanese manufacturer NEC (electronics and IT) was hacked in 2016 and data was pulled. Hackers stole 27,445 files from the defense division. The hack has only now been made public.

NEC confirms that some of the internal servers used by the company's defense division are subject to unauthorized third-party access. Based on investigations by the company and external professional organizations, no damage such as information leaks have been confirmed to date.

July 2018, we succeeded in decrypting the encrypted communication with an infected server and an external server that was carrying out unauthorized communication, and storing it on our internal server for information exchange with other departments of our Defense division. It was discovered that 27,445 files were accessed illegally.

Bleeping Computer addressed this issues within the following tweet. The tweet shows outlines from the NEC press release.

Catalin Cimpanu has published also an article on, as he writes in the following tweet.


Hong Kong universities infected with malware

According to the subsequent tweet from Bleeping Computer, Hong Kong universities have been infected with malware. The infection is said to have been caused by the malware Winnti.

The attacks were discovered in November 2019, after the security company's Augur machine learning engine detected malware samples from ShadowPad Launcher on several devices at the two universities, following the discovery of Winnti malware infections two weeks earlier, in October.

These attacks were very targeted as the Winnti malware and the multi-modular ShadowPad backdoor contained both command and control URLs as well as campaign identifiers associated with the names of the affected universities.

Magento has a RCE vulnerability

The eCommerce shop software Magento has a remote code execution vulnerability up to versions, as the following tweet reports:

Microsoft Azure was vulnerable to attack via vulnerability

Cyber security researchers at Check Point have revealed details of two recently patched, potentially dangerous vulnerabilities in Microsoft Azure services. These would have allowed attackers to target several companies running their web and mobile applications on Azure. The Hacker News has compiled details in this article

New attack method via Excel

Microsoft has discovered a new attack vector in the analysis of the TA505 phishing campaign that takes advantage of Excel files.

Blog reader 1ST1 referred to this fact in this comment and linked to the article by Bleeping Computer.

Trickbot uses UAC bypass trick

The Malware Trickbot uses a new trick to bypass user account control and gain admin rights. Bleeping Computer points out the topic in the following tweet.

There are some German blog posts on the topic of UAC bypassing (see the article list at the end of the post).

Nicolas Krassas refers in the link above to an article with information about UAC bypassing.

About Active Directory Dumping by Trickbot I would like to point out this PDF document

Does Amazon track its Kindle users?

A few hours ago I came across a weird tweet. Adrianne Jeffries requested the data on his devices from Amazon.

She has the impression that on her Kindle every tap on the screen is recorded.

Similar articles (German):
Windows10: Neue UAC-Bypassing-Methode (fodhelper.exe)
Windows UAC über SilentCleanup ausgehebelt
Erebus Ransomware und die ausgetrickste UAC

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *