Daily NCSC-FI news followup 2021-02-15

Sandworm intrusion set campaign targeting Centreon systems

www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-005/ ANSSI has been informed of an intrusion campaign targeting the monitoring software Centreon distributed by the French company CENTREON which resulted in the breach of several French entities.. see full report


Microsoft: SolarWinds attack took more than 1,000 engineers to create

www.zdnet.com/article/microsoft-solarwinds-attack-took-more-than-1000-engineers-to-create/ The months-long hacking campaign that affected US government agencies and cybersecurity vendors was “the largest and most sophisticated attack the world has ever seen,” Microsoft president Brad Smith has said, and involved a vast number of developers.. Microsoft, which was also breached by the bad Orion update, assigned 500 engineers to investigate the attack said Smith, but the (most likely Russia-backed) team behind the attack had more than double the engineering resources.

Oululainen Kati sai huonolla hetkellä tulleesta tekstarista 630 euron laskun sitten puhelimeen kilahti 10 sekunnissa satoja viestejä

www.is.fi/digitoday/tietoturva/art-2000007799834.html 630 euron lasku syntyi hetkessä huijausviestin osuttua todella uskottavaan saumaan.

Valkohattuhakkeri paljasti suomalaisten suosimat salasanat älä missään nimessä käytä mitään tältä listalta

www.is.fi/digitoday/tietoturva/art-2000007804375.html Suomalaisten salasanat ovat saaneet kansainvälistä väriä kahdessa vuodessa.

270 addresses are responsible for 55% of all cryptocurrency money laundering

www.zdnet.com/article/270-addresses-are-responsible-for-55-of-all-cryptocurrency-money-laundering/ Most cryptocurrency money laundering is concentrated in a few online services, opening the door for law enforcement actions.

Google Chrome, Microsoft Edge getting this Intel security feature

www.bleepingcomputer.com/news/security/google-chrome-microsoft-edge-getting-this-intel-security-feature/ Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities.

22-vuotias kiukustui asumisyksikön sääntöihin tilasi nettihyökkäyksen ja jumitti järjestelmän

www.is.fi/digitoday/tietoturva/art-2000007804798.html Vastaajan mielestä asumisyksikkö rajoitti kavereiden menemisiä liikaa.

Microsoft will alert Office 365 admins of Forms phishing attempts

www.bleepingcomputer.com/news/security/microsoft-will-alert-office-365-admins-of-forms-phishing-attempts/ Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.

Spam and phishing in 2020


The weirdest hacking techniques youve never heard of


You might be interested in …

Daily NCSC-FI news followup 2020-07-04

Hackers are trying to steal admin passwords from F5 BIG-IP devices www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/#ftag=RSSbaffb68 In an interview earlier today, [NCC group researcher] Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices. New Behave! extension warns of website port scans, local attacks www.bleepingcomputer.com/news/security/new-behave-extension-warns-of-website-port-scans-local-attacks/ A new browser […]

Read More

Daily NCSC-FI news followup 2021-03-03

HAFNIUM targeting Exchange Servers with 0-day exploits www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional […]

Read More

Daily NCSC-FI news followup 2021-06-17

Black Kingdom ransomware securelist.com/black-kingdom-ransomware/102873/ Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.