Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details

www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452.

CrowdStrike releases free Azure security tool after failed hack

www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/ Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company’s emails through compromised by Microsoft Azure credentials.. see also

thehackernews.com/2020/12/microsoft-warns-crowdstrike-of-hackers.html

CISA Releases Free Detection Tool for Azure/M365 Environment

us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.. The tool: github.com/cisagov/Sparrow

Russian crypto-exchange Livecoin hacked after it lost control of its servers

www.zdnet.com/article/russian-crypto-exchange-livecoin-hacked-after-it-lost-control-of-its-servers/ Hackers gained access to the Livecoin portal and modified exchange rates to 10-15 times their normal values.

Microsoft, Citrix Help Form New Task Force To Take On Global Ransomware Scourge

www.forbes.com/sites/leemathews/2020/12/24/microsoft-citrix-help-form-new-task-force-to-take-on-global-ransomware-scourge/ Ransomware has plagued computer networks around the world for more than a decade and a half. For many, an attack can seem inevitable a matter of when and not if. The Ransomware Task Force has formed to change all that.

You might be interested in …

Daily NCSC-FI news followup 2020-04-15

Pelaavatko lapset työkoneellasi? Se voi olla vakava tietoturvariski, varoittaa F-Securen Mikko Hyppönen yle.fi/uutiset/3-11293842 Tietomurron mahdollisuus kasvaa, mikäli työntekoon käytetään omia laitteita ilman kunnon suojausta. Alert (AA20-106A) – Guidance on the North Korean Cyber Threat www.us-cert.gov/ncas/alerts/aa20-106a The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory […]

Read More

Daily NCSC-FI news followup 2020-01-04

Police Tracked a Terror Suspect Until His Phone Went Dark After a Facebook Warning www.morningstar.com/news/dow-jones/202001026663/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning WhatsApp, Facebook Inc.’s popular messaging tool, had just notified about 1,400 users — among them the suspected terrorist — that their phones had been hacked by an “advanced cyber actor.” An elite surveillance team was using spyware from NSO Group, […]

Read More

Daily NCSC-FI news followup 2019-09-03

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming krebsonsecurity.com/2019/09/feds-allege-adconion-employees-hijacked-ip-addresses-for-spamming/ Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.