Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity
security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html One of the fundamental security issues with open source is that its difficult to know where the software comes from or how it was built, making it susceptible to supply chain attacks. A few recent examples of this include dependency confusion attack and malicious RubyGems package to steal cryptocurrency. Today we welcome the announcement of sigstore, a new project in the Linux Foundation that aims to solve this issue by improving software supply chain integrity and verification.
Warning the World of a Ticking Time Bomb
krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/ On Mar. 5, KrebsOnSecurity broke the news that at least 30,000 organizations and hundreds of thousands globally had been hacked. The same sources who shared those figures say the victim list has grown considerably since then, with many victims compromised by multiple cybercrime groups. Security experts are now trying to alert and assist these victims before malicious hackers launch what many refer to with a mix of dread and anticipation as Stage 2, when the bad guys revisit all these hacked servers and seed them with ransomware or else additional hacking tools for crawling even deeper into victim networks.
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies whose footage was exposed include carmaker Tesla Inc. and software provider Cloudflare Inc. In addition, hackers were able to view video from inside womens health clinics, psychiatric hospitals and the offices of Verkada itself.
OVH cloud datacenter destroyed by fire
blog.malwarebytes.com/malwarebytes-news/2021/03/ovh-cloud-datacenter-destroyed-by-fire/ A fire in one of the OVH datacenters has destroyed one datacenter and knocked two others offline. It took 100 firefighters and 43 fire trucks to fight the fire in the five-story building. Even though the fire department was quick to respond, and the fire was brought under control relatively quickly, the impact has been big. In a press statement OVH promised to communicate as transparently as possible on the progress of our analyses and the implementation of solutions.. Also:
Ad blocker with miner included
securelist.com/ad-blocker-with-miner-included/101105/ Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. They are distributed through malicious websites that may turn up in the victims search results. By the look of it, it appears to be a continuation of the summer campaign covered by our colleagues from Avast. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer.
Exchange servers under siege from at least 10 APT groups
www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world. On 2021-03-02, Microsoft released out-of-band patches for Microsoft Exchange Server 2013, 2016 and 2019. These security updates fixed a pre-authentication remote code execution (RCE) vulnerability chain (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows an attacker to take over any reachable Exchange server, without even knowing any valid account credentials. We have already detected webshells on more than 5,000 email servers as of the time of writing, and according to public sources, several important organizations, such as the European Banking Authority, suffered from this attack.
Ryuk ransomware hits 700 Spanish government labor agency offices
www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/ The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. “Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to citizens, companies, benefit and employment offices,” an announcement on the agency’s website reads.
FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server
us-cert.cisa.gov/ncas/current-activity/2021/03/10/fbi-cisa-joint-advisory-compromise-microsoft-exchange-server CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.
Norjan suurkäräjät joutui uuden tietomurron kohteeksi Microsoft Exchange -haavoittuvuuksien kautta
www.hs.fi/talous/art-2000007852716.html NORJAN suurkäräjät on joutunut uuden tietomurron kohteeksi. Edellinen isku tehtiin seitsemän kuukautta sitten ja pantiin tuolloin venäläisen Fancy Bear -nimellä tunnetun hakkeriryhmän kontolle. Suurkäräjät kertoo lausunnossaan, ettei uuden murron laajuutta tai tekijöitä vielä tiedetä, mutta sillä ei uskota olevan yhteyttä edelliseen iskuun. Murtautujat ovat käyttäneet hyväkseen Microsoft Exchange -palvelinten haavoittuvuuksia.
Researchers Unveil New Linux Malware Linked to Chinese Hackers
thehackernews.com/2021/03/researchers-unveil-new-linux-malware.html Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that’s believed to be the work of Chinese nation-state actors. Dubbed “RedXOR” by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, XOR.DDOS and Groundhog.
Cyber criminals targeting hospitals are ‘playing with lives’ and must be stopped, report warns
www.zdnet.com/article/cyber-criminals-targeting-hospitals-are-playing-with-lives-and-must-be-stopped-report-warns/ Cyberattacks targeting healthcare are putting patients at unnecessary risk and more must be done to hold the cyber criminals involved to account, warns the CyberPeace Institute, an international body dedicated to protecting the vulnerable in cyberspace. The healthcare industry has been under increased strain over the past year due to the impact of the COVID-19 pandemic, which has prompted some cyber criminals to conduct ransomware campaigns and other cyberattacks.
Supo: Ulkomaiset tiedustelupalvelut käyttävät suomalaisten reitittimiä kybervakoiluun
www.is.fi/digitoday/tietoturva/art-2000007851807.html SUOJELUPOLIISI sanoo, että ulkomaiset tiedustelupalvelut ovat käyttäneet kymmenien suomalaisten yritysten ja yksityishenkilöiden verkkoreitittimiä kybervakoiluun. Reitittimien ja muiden verkkoon kytkettyjen laitteiden asetukset kannattaa tarkistaa, supo kehottaa. Supo on jo ollut yhteydessä osaan niistä yrityksistä ja henkilöistä, joiden laitteille on murtauduttu. Supon mukaan tekijät ovat käyttäneet laitteita vain välineinä päästäkseen varsinaiseen vakoilun kohteeseen eikä laitteiden sisältämän tiedon hankkiminen ole ollut heidän tavoitteenaan.. Myös:
Windowsin oletusselaimissa vakava haavoittuvuus päivitä heti
www.tivi.fi/uutiset/tv/61267ef1-7e3d-4ec9-ba30-f37f32df14cb Kyberturvallisuuskeskus tiedottaa Internet Explorer- ja Edge – -selaimista löytyneestä haavoittuvuudesta, joka voi johtaa muistikorruptioon. Selaimet ovat Windows-käyttöjärjestelmän oletusselaimia. Haavoittuvuuden avulla hyökkääjät voivat suorittaa mielivaltaisia komentoja käyttäjän koneella ja hankkia luottamuksellista tietoa. Microsoft julkaisi maaliskuun 2021 päivityskoosteessa Edge- ja Internet Explorer -selaimiin (versiot 9 ja 11) korjaavia päivityksiä, joilla haavoittuvuus korjataan.. Also:
Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
us-cert.cisa.gov/ncas/current-activity/2021/03/09/guidance-remediating-networks-affected-solarwinds-and-active Since December 2020, CISA has been responding to a significant cybersecurity incident involving an advanced persistent threat (APT) actor targeting networks of multiple U.S. government agencies, critical infrastructure entities, and private sector organizations. The APT actor added malicious code to multiple versions of the SolarWinds Orion platform and leveraged itas well as other techniques, includingfor initial access to enterprise networks. After gaining persistent, invasive access to select organizations enterprise networks, the APT actor targeted their federated identity solutions and their Active Directory/M365 environments.
Cyberattackers Exploiting Critical WordPress Plugin Bug
threatpost.com/cyberattackers-exploiting-critical-wordpress-plugin-bug/164663/ The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued. The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website. First reported as a zero-day bug, researchers said its being actively attacked in the wild. The plugin, which has more than 30,000 active installations according to its developer, allows site owners to create various user-facing widgets for their websites, including user logins and registration forms that can be added to an Elementor page. Elementor is a site-building tool for WordPress.
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
unit42.paloaltonetworks.com/china-chopper-webshell/ Microsoft recently released patches for a number of zero-day Microsoft Exchange Server vulnerabilities that are actively being exploited in the wild by HAFNIUM, a suspected state-sponsored group operating out of China. We provide an overview of the China Chopper webshell, a backdoor which has been observed being dropped in these attacks. We also analyze incidental artifacts, such as metadata, created by the attacks themselves, which allow us to collect information and better understand the nature and methodology of the attackers.
WE OFTEN HEAR about cyberattacks, cyber operations, and malware infections that target computer systems or smartphones. Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime
www.wired.com/story/dire-possibility-cyberattacks-weapons-systems/ But there is another type of high stakes system that gets much less attention: weapons systems. These include guided missiles, missile, and anti-missile systems, tanks, fighter jets, and moreall of which are computerized and possibly networked. We can imagine that weapons systems contain security vulnerabilities similar to most other information systems, including serious ones.