Daily NCSC-FI news followup 2021-03-13

Protecting on-premises Exchange Servers against recent attacks

www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/ For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although larger organizations with on-premises Exchange servers have also been affected. This is now what we consider a broad attack, and the severity of these exploits means protecting your systems is critical. While Microsoft has regular methods for providing tools to update software, this extraordinary situation calls for a heightened approach.

Kyberhyökkäys näkyy Telialla firmojen sähköpostit nurin kolmatta päivää

www.is.fi/digitoday/tietoturva/art-2000007856648.html Teleoperaattori Telian omistaman hosting- ja nettipalveluyritys Telia Inmics-Nebulan sähköpostipalvelut ja kalenteri ovat poissa käytössä kolmatta päivää, eikä katkon pituuden jatkumisesta ole tietoa. Tilanne koskee tuhansia palvelua käyttäviä yrityskäyttäjiä. Telian tiedote:

www.inmicsnebula.fi/fi/tiedotteet/kriittinen-microsoft-exchange-haavoittuvuus-havaittu-telia-inmics-nebulan

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

threatpost.com/europol-arrests-cracked-sky-ecc/164744/ Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70, 000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private communications, denies that the messages on its platform were decrypted. However, sweeping arrests across Belgium, France and the Netherlands reported by Europol, in coordination with those countries’ law-enforcement authorities, seem to indicate otherwise.

Chinese universities connected to known APTs are conducting AI/ML cybersecurity research

therecord.media/chinese-universities-connected-to-known-apts-are-conducting-ai-ml-cybersecurity-research/ At least six major Chinese universities with previous connections to government-backed hacking groups have been conducting research on the intersection of cybersecurity and machine learning. In a paper titled “Academics, AI, and APTs, ” the Center for Security and Emerging Technology at Georgetown University warns that the research conducted today in these Chinese universities today could soon be integrated into the techniques used by Chinese state-sponsored hackers (APTs). also (PDF):

cset.georgetown.edu/wp-content/uploads/CSET-Academics-AI-and-APTs.pdf

15-year-old Linux kernel bugs let attackers gain root privileges

www.bleepingcomputer.com/news/security/15-year-old-linux-kernel-bugs-let-attackers-gain-root-privileges/ Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector.

Laura Ristimäen 16-vuotiaana syttynyt nettiromanssi päättyi hyvin, mutta toisenlaisiakin tarinoita riittää peitetehtävissä toiminut ex-poliisi kertoo, miten huijarin tunnistaa

yle.fi/uutiset/3-11810570 Ihastumisen tunnekuohussa kannattaa kysyä, mitä jos tämä tapahtuisi ystävälleni? Iloitsisinko vai varoittaisin?

You might be interested in …

Daily NCSC-FI news followup 2020-01-16

APT40 is run by the Hainan department of the Chinese Ministry of State Security intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/ Either a Hainan intelligence officer has a side-hustle running a business empire of at least 13 fast-growing, high-tech information security companies, and that business empire has a side-hustle recruiting people with knowledge of the languages spoken in APT40 target countries […]

Read More

Daily NCSC-FI news followup 2021-04-08

Researchers uncover a new Iranian malware used in recent cyberattacks thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting […]

Read More

Daily NCSC-FI news followup 2020-10-14

German authorities raid FinFisher offices www.zdnet.com/article/german-authorities-raid-finfisher-offices/ German authorities have raided the offices of FinFisher, a German software company that makes surveillance tools, accused in the past of providing software to oppressive regimes. FinFisher markets its tools as meant for law enforcement investigations and intelligence agencies. Known customers include the German federal police and Berlin police […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.