Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html “”. Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the “CL0P^_- LEAKS”.onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell. Lisäksi:
www.zdnet.com/article/fireeye-links-0-day-attacks-on-fta-servers-extortion-campaign-to-fin11-group. Lisäksi:
thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html
Information about ransomware attack in Norway
www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2021/02/information-about-ransomware-attack-in-norway/ Monday 22nd of February 2021 TietoEVRY experienced technical challenges in several services that we deliver to 25 customers within retail, manufacturing and service-related industries. Investigations showed that the incident was caused by a ransomware attack, and hence we consider it as a serious criminal act. Lisäksi:
www.bleepingcomputer.com/news/security/finnish-it-giant-tietoevry-discloses-ransomware-attack/. Lisäksi:
www.tivi.fi/uutiset/tv/14c047ae-8727-4770-9b7e-9d48976dca0f
The bitcoin blockchain is helping keep a botnet from being taken down
arstechnica.com/information-technology/2021/02/crooks-use-the-bitcoin-blockchain-to-protect-their-botnets-from-takedown/ Wallet transactions camouflage the IP address of the botnet’s control server. When hackers corral infected computers into a botnet, they take special care to ensure they don’t lose control of the server that sends commands and updates to the compromised devices. The precautions are designed to thwart security defenders who routinely dismantle botnets by taking over the command-and-control server that administers them in a process known as sinkholing.
How Does Triton Attack Triconex Industrial Safety Systems?
blogs.cisco.com/security/how-does-triton-attack-triconex-industrial-safety-systems Triton is malware developed to affect industrial systems, particularly the Triconex safety system from Schneider. This is deployed at over 15, 000 sites across the world, but the malware allegedly only targeted a critical energy industrial site in the Middle East in 2017.
Ukraine: DDoS attacks on govt sites originated from Russia
www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/ The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th. The National Coordination Center for Cybersecurity (NCCC) at the NSDC state that these DDoS attacks have been massive and have targeted government websites in the defense and security sector.
Keybase secure messaging fixes photo-leaking bug patch now!
nakedsecurity.sophos.com/2021/02/23/keybase-secure-messaging-fixes-photo-leaking-bug-patch-now/ Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
thehackernews.com/2021/02/shadow-attacks-let-attackers-replace.html Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.