SUNBURST Additional Technical Details
www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452.
CrowdStrike releases free Azure security tool after failed hack
www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/ Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company’s emails through compromised by Microsoft Azure credentials.. see also
thehackernews.com/2020/12/microsoft-warns-crowdstrike-of-hackers.html
CISA Releases Free Detection Tool for Azure/M365 Environment
us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.. The tool: github.com/cisagov/Sparrow
Russian crypto-exchange Livecoin hacked after it lost control of its servers
www.zdnet.com/article/russian-crypto-exchange-livecoin-hacked-after-it-lost-control-of-its-servers/ Hackers gained access to the Livecoin portal and modified exchange rates to 10-15 times their normal values.
Microsoft, Citrix Help Form New Task Force To Take On Global Ransomware Scourge
www.forbes.com/sites/leemathews/2020/12/24/microsoft-citrix-help-form-new-task-force-to-take-on-global-ransomware-scourge/ Ransomware has plagued computer networks around the world for more than a decade and a half. For many, an attack can seem inevitable a matter of when and not if. The Ransomware Task Force has formed to change all that.
