Daily NCSC-FI news followup 2021-02-10

Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

www.zdnet.com/article/following-oldsmar-attack-fbi-warns-about-using-teamviewer-and-windows-7/ An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.

French MNH health insurance company hit by RansomExx ransomware

www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/ French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company’s operations.

North Korean attacks on crypto exchanges reportedly netted $316m in two years

www.theregister.com/2021/02/10/north_korea_cryptocurrency/ United Nations sanctions made silly by sloppy security. North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei.

Adobe patches wave of critical bugs in Magento, Acrobat, Reader

www.zdnet.com/article/adobe-patches-wave-of-critical-bugs-in-magento-acrobat-reader/ Some of the vulnerabilities were reported through a hacking contest.

Hybrid, Older Users Most-Targeted by Gmail Attackers

threatpost.com/hybrid-older-users-gmail-attackers/163826/ Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.

SIM hijackers arrested after stealing millions from US celebrities

www.bleepingcomputer.com/news/security/sim-hijackers-arrested-after-stealing-millions-from-us-celebrities/ Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium.

Microsoft now forces secure RPC to block Windows Zerologon attacks

www.bleepingcomputer.com/news/security/microsoft-now-forces-secure-rpc-to-block-windows-zerologon-attacks/ Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month’s Patch Tuesday security updates.

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Daily NCSC-FI news followup 2019-11-12

BlueKeep freakout had little to no impact on patching, say experts www.theregister.co.uk/2019/11/11/bluekeep_didnt_boost_patching/ According to SANS, those reports did not do much to get people motivated. The security institute says that the rate of BlueKeep-vulnerable boxes it tracks on Shodan has been on a pretty steady downward slope since May, and the media’s rush to sound […]

Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of […]