Daily NCSC-FI news followup 2021-03-08

A Basic Timeline of the Exchange Mass-Hack

krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.. When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?

Poison packages Supply Chain Risks user hits Python community with 4000 fake modules

nakedsecurity.sophos.com/2021/03/07/poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules/ If youve ever used the Python programming language, or installed software written in Python, youve probably used PyPI, even if you didnt realise it at the time. PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 of them when we checked [2021-03-07T00:10Z]).. The ease with which trusting users download and install new Python (and Node.js, and Ruby, etc.) components has led to a range of cybercriminal attacks against package managers.

International Womens Day: Women in Cybersecurity

www.pandasecurity.com/en/mediacenter/panda-security/women-in-cybersecurity/ Over the last few years, the role of women in the world of science and technology has been written about repeatedly. Despite the fact that progress and the fight for equality are mantras that are repeated and that we frequently recall, progress in this sector seems to have reached a disappointing ceiling that has remained fixed for the last three years. When we talk about positions linked to the IT world, we find that women account for 25% of the total staff, a figure that is repeated in the field of cybersecurity according to the latest report by the International Information Systems Security Certification Consortium (ISC)².

Kyberturvallisuuskeskus varoittaa: Sadat organisaatiot ovat riskissä päätyä tai ovat jo päätyneet sähköpostipalvelinten tietomurron kohteeksi

yle.fi/uutiset/3-11827028 Kyberturvallisuuskeskus varoittaa, että Suomessa sadat organisaatiot ovat riskissä päätyä tai jo päätyneet sähköpostipalvelinten tietomurron kohteeksi. Ongelma on laajuudeltaan ja vakavuudeltaan suurin Suomessa ainakin pariin vuosikymmeneen, arvioi keskuksen erityisasiantuntija Juha Tretjakov. Ongelma koskee osaa tahoista, jotka käyttävät Microsoftin Exchange-palvelinta. Kyberturvallisuuskeskus kertoo sivuillaan(siirryt toiseen palveluun) päivittäneensä maanantaina punaisen varoituksen Exchange-sähköpostipalvelimen osalta todeten, että pelkkä palvelimen päivitys ei ole riittävä toimi.. Myös:




Going dark: Service disruptions at stock exchanges and brokerages

www.welivesecurity.com/2021/03/08/going-dark-service-disruptions-stock-exchanges-brokerages/ Given the dependence of todays societies and economies on technology along with the skyrocketing interest in day trading of late, its only natural that concerns about the increasing number and severity of security loopholes in all manner of software applications should rise in lockstep. Given the dependence of todays societies and economies on technology along with the skyrocketing interest in day trading of late, its only natural that concerns about the increasing number and severity of security loopholes in all manner of software applications should rise in lockstep. And thats on top of numerous other cyberthreats that require the continued attention of organizations and . And thats on top of numerous other cyberthreats that require the continued attention of organizations and people, including those involved with stock trading.

Pornokiristäjä vaatii suomalaisilta 1450 euron lunnaita muutama jo maksanut

www.is.fi/digitoday/tietoturva/art-2000007847062.html Suomalaisille lähetetään taas aktiivisesti pornokiritysviestejä. Kaava on pitkälti sama kuin aiemminkin, eli sähköpostin lähettäjä väittää tunkeutuneensa haittaohjelmalla vastaanottajan nettilaitteeseen ja seuranneensa tämän toimia verkossa. Kiristäjä väittää tehneensä tallenteita laitteen nettikameralla uhrin masturboidessa aikuisviihdesivuilla. Kiristäjä uhkaa lähettää videot kaikille uhrin yhteystiedoille, ellei tämä maksa vaadittua noin 1450 euron arvoista summaa bitcoineina.

European Banking Authority discloses Exchange server hack

www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/ The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector.. “The Agency has swiftly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” EBA said.

Hackers hiding Supernova malware in SolarWinds Orion linked to China

www.bleepingcomputer.com/news/security/hackers-hiding-supernova-malware-in-solarwinds-orion-linked-to-china/ Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. Security researchers named the hacker group Spiral and correlated findings from two intrusions in 2020 on the same victim network to determine activity from the same intruder.

Microsoft Exchange Cyber Attack What Do We Know So Far?

thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said “it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM,” signaling an escalation that the breaches are no longer “limited and targeted” as was previously deemed.

YARA and CyberChef

isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ If you prefer a graphical user interface to match YARA rules, you can try CyberChef. YARA is a pattern matching tool, known as “The pattern matching swiss knife”. CyberChef is a web app for all kinds of (file) analysis techniques, known as “The Cyber Swiss Army Knife”. And what do you get when you combine 2 Swiss Knifes? One really big Swiss Knife 🙂

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks

www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/ Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. On March 2nd, Microsoft disclosed that four Exchange Server zero-day vulnerabilities were being used in attacks against exposed Outlook on the web (OWA) servers. These vulnerabilities are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.

thehackernews.com/2021/03/malware-can-exploit-new-flaw-in-intel.html Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks. A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August.

Intel And Microsoft Collaborate On DARPA Program That Pioneers A New Frontier Of Ultra-Secure Computing

www.forbes.com/sites/davealtavilla/2021/03/08/intel-and-microsoft-collaborate-on-darpa-program-that-pioneers-a-new-frontier-of-ultra-secure-computing/ In the Tech sector there are few areas of the market that are as critical and burgeoning with opportunity as security. Simply put, the more connected we become and the more data we amass, the more we need to secure that data and our connections. As such, data encryption technologies have been advancing over the years in an effort to meet the need to fend off large scale hacks and breaches. But what if I told you there are also new encryption processing technologies being developed that will some day allow us to perform compute and other functions on encrypted data, without the need to decrypt said data? Say what?

The Accellion Breach Keeps Getting Worseand More Expensive

www.wired.com/story/accellion-breach-victims-extortion/ THE DRUMBEAT OF data breach disclosures is unrelenting, with new organizations chiming in all the time. But a series of breaches in December and January that have come to light in recent weeks has quietly provided an object lesson in how bad things can get when hackers find an inroad to dozens of potential targetsand they’re out for profit. Firewall vendor Accellion quietly released a patch in late December, and then more fixes in January, to address a cluster of vulnerabilities in one of its network equipment offerings.

You might be interested in …

Daily NCSC-FI news followup 2020-12-24

Windows zero-day with bad patch gets new public exploit code www.bleepingcomputer.com/news/security/windows-zero-day-with-bad-patch-gets-new-public-exploit-code/ Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.. The issue, which advanced hackers exploited as a zero-day in […]

Read More

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Daily NCSC-FI news followup 2020-02-10

App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696 The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.