Daily NCSC-FI news followup 2021-03-08

A Basic Timeline of the Exchange Mass-Hack

krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.. When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?

Poison packages Supply Chain Risks user hits Python community with 4000 fake modules

nakedsecurity.sophos.com/2021/03/07/poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules/ If youve ever used the Python programming language, or installed software written in Python, youve probably used PyPI, even if you didnt realise it at the time. PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 of them when we checked [2021-03-07T00:10Z]).. The ease with which trusting users download and install new Python (and Node.js, and Ruby, etc.) components has led to a range of cybercriminal attacks against package managers.

International Womens Day: Women in Cybersecurity

www.pandasecurity.com/en/mediacenter/panda-security/women-in-cybersecurity/ Over the last few years, the role of women in the world of science and technology has been written about repeatedly. Despite the fact that progress and the fight for equality are mantras that are repeated and that we frequently recall, progress in this sector seems to have reached a disappointing ceiling that has remained fixed for the last three years. When we talk about positions linked to the IT world, we find that women account for 25% of the total staff, a figure that is repeated in the field of cybersecurity according to the latest report by the International Information Systems Security Certification Consortium (ISC)².

Kyberturvallisuuskeskus varoittaa: Sadat organisaatiot ovat riskissä päätyä tai ovat jo päätyneet sähköpostipalvelinten tietomurron kohteeksi

yle.fi/uutiset/3-11827028 Kyberturvallisuuskeskus varoittaa, että Suomessa sadat organisaatiot ovat riskissä päätyä tai jo päätyneet sähköpostipalvelinten tietomurron kohteeksi. Ongelma on laajuudeltaan ja vakavuudeltaan suurin Suomessa ainakin pariin vuosikymmeneen, arvioi keskuksen erityisasiantuntija Juha Tretjakov. Ongelma koskee osaa tahoista, jotka käyttävät Microsoftin Exchange-palvelinta. Kyberturvallisuuskeskus kertoo sivuillaan(siirryt toiseen palveluun) päivittäneensä maanantaina punaisen varoituksen Exchange-sähköpostipalvelimen osalta todeten, että pelkkä palvelimen päivitys ei ole riittävä toimi.. Myös:




Going dark: Service disruptions at stock exchanges and brokerages

www.welivesecurity.com/2021/03/08/going-dark-service-disruptions-stock-exchanges-brokerages/ Given the dependence of todays societies and economies on technology along with the skyrocketing interest in day trading of late, its only natural that concerns about the increasing number and severity of security loopholes in all manner of software applications should rise in lockstep. Given the dependence of todays societies and economies on technology along with the skyrocketing interest in day trading of late, its only natural that concerns about the increasing number and severity of security loopholes in all manner of software applications should rise in lockstep. And thats on top of numerous other cyberthreats that require the continued attention of organizations and . And thats on top of numerous other cyberthreats that require the continued attention of organizations and people, including those involved with stock trading.

Pornokiristäjä vaatii suomalaisilta 1450 euron lunnaita muutama jo maksanut

www.is.fi/digitoday/tietoturva/art-2000007847062.html Suomalaisille lähetetään taas aktiivisesti pornokiritysviestejä. Kaava on pitkälti sama kuin aiemminkin, eli sähköpostin lähettäjä väittää tunkeutuneensa haittaohjelmalla vastaanottajan nettilaitteeseen ja seuranneensa tämän toimia verkossa. Kiristäjä väittää tehneensä tallenteita laitteen nettikameralla uhrin masturboidessa aikuisviihdesivuilla. Kiristäjä uhkaa lähettää videot kaikille uhrin yhteystiedoille, ellei tämä maksa vaadittua noin 1450 euron arvoista summaa bitcoineina.

European Banking Authority discloses Exchange server hack

www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/ The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector.. “The Agency has swiftly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” EBA said.

Hackers hiding Supernova malware in SolarWinds Orion linked to China

www.bleepingcomputer.com/news/security/hackers-hiding-supernova-malware-in-solarwinds-orion-linked-to-china/ Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. Security researchers named the hacker group Spiral and correlated findings from two intrusions in 2020 on the same victim network to determine activity from the same intruder.

Microsoft Exchange Cyber Attack What Do We Know So Far?

thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said “it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM,” signaling an escalation that the breaches are no longer “limited and targeted” as was previously deemed.

YARA and CyberChef

isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ If you prefer a graphical user interface to match YARA rules, you can try CyberChef. YARA is a pattern matching tool, known as “The pattern matching swiss knife”. CyberChef is a web app for all kinds of (file) analysis techniques, known as “The Cyber Swiss Army Knife”. And what do you get when you combine 2 Swiss Knifes? One really big Swiss Knife 🙂

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks

www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/ Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web (OWA) servers. These vulnerabilities are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.

thehackernews.com/2021/03/malware-can-exploit-new-flaw-in-intel.html Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks. A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.

Intel And Microsoft Collaborate On DARPA Program That Pioneers A New Frontier Of Ultra-Secure Computing

www.forbes.com/sites/davealtavilla/2021/03/08/intel-and-microsoft-collaborate-on-darpa-program-that-pioneers-a-new-frontier-of-ultra-secure-computing/ In the Tech sector there are few areas of the market that are as critical and burgeoning with opportunity as security. Simply put, the more connected we become and the more data we amass, the more we need to secure that data and our connections. As such, data encryption technologies have been advancing over the years in an effort to meet the need to fend off large scale hacks and breaches. But what if I told you there are also new encryption processing technologies being developed that will some day allow us to perform compute and other functions on encrypted data, without the need to decrypt said data? Say what?

The Accellion Breach Keeps Getting Worseand More Expensive

www.wired.com/story/accellion-breach-victims-extortion/ THE DRUMBEAT OF data breach disclosures is unrelenting, with new organizations chiming in all the time. But a series of breaches in December and January that have come to light in recent weeks has quietly provided an object lesson in how bad things can get when hackers find an inroad to dozens of potential targetsand they’re out for profit. Firewall vendor Accellion quietly released a patch in late December, and then more fixes in January, to address a cluster of vulnerabilities in one of its network equipment offerings.

You might be interested in …

Daily NCSC-FI news followup 2021-04-07

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own www.bleepingcomputer.com/news/security/microsofts-windows-10-exchange-and-teams-hacked-at-pwn2own/ During the first day of Pwn2Own 2021, contestants won $440, 000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the […]

Read More

Daily NCSC-FI news followup 2020-07-30

Hackers Broke Into Real News Sites to Plant Fake Stories www.wired.com/story/hackers-broke-into-real-news-sites-to-plant-fake-stories-anti-nato/ A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. FireEye’s finding that all of those operations to plant fake news were carried out by a single group comes on the heels […]

Read More

Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment www.justice.gov/opa/press-release/file/1328521/download. see also www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.