Daily NCSC-FI news followup 2021-03-13

Protecting on-premises Exchange Servers against recent attacks

www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/ For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although larger organizations with on-premises Exchange servers have also been affected. This is now what we consider a broad attack, and the severity of these exploits means protecting your systems is critical. While Microsoft has regular methods for providing tools to update software, this extraordinary situation calls for a heightened approach.

Kyberhyökkäys näkyy Telialla firmojen sähköpostit nurin kolmatta päivää

www.is.fi/digitoday/tietoturva/art-2000007856648.html Teleoperaattori Telian omistaman hosting- ja nettipalveluyritys Telia Inmics-Nebulan sähköpostipalvelut ja kalenteri ovat poissa käytössä kolmatta päivää, eikä katkon pituuden jatkumisesta ole tietoa. Tilanne koskee tuhansia palvelua käyttäviä yrityskäyttäjiä. Telian tiedote:

www.inmicsnebula.fi/fi/tiedotteet/kriittinen-microsoft-exchange-haavoittuvuus-havaittu-telia-inmics-nebulan

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

threatpost.com/europol-arrests-cracked-sky-ecc/164744/ Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70, 000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private communications, denies that the messages on its platform were decrypted. However, sweeping arrests across Belgium, France and the Netherlands reported by Europol, in coordination with those countries’ law-enforcement authorities, seem to indicate otherwise.

Chinese universities connected to known APTs are conducting AI/ML cybersecurity research

therecord.media/chinese-universities-connected-to-known-apts-are-conducting-ai-ml-cybersecurity-research/ At least six major Chinese universities with previous connections to government-backed hacking groups have been conducting research on the intersection of cybersecurity and machine learning. In a paper titled “Academics, AI, and APTs, ” the Center for Security and Emerging Technology at Georgetown University warns that the research conducted today in these Chinese universities today could soon be integrated into the techniques used by Chinese state-sponsored hackers (APTs). also (PDF):

cset.georgetown.edu/wp-content/uploads/CSET-Academics-AI-and-APTs.pdf

15-year-old Linux kernel bugs let attackers gain root privileges

www.bleepingcomputer.com/news/security/15-year-old-linux-kernel-bugs-let-attackers-gain-root-privileges/ Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector.

Laura Ristimäen 16-vuotiaana syttynyt nettiromanssi päättyi hyvin, mutta toisenlaisiakin tarinoita riittää peitetehtävissä toiminut ex-poliisi kertoo, miten huijarin tunnistaa

yle.fi/uutiset/3-11810570 Ihastumisen tunnekuohussa kannattaa kysyä, mitä jos tämä tapahtuisi ystävälleni? Iloitsisinko vai varoittaisin?

You might be interested in …

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More

Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of […]

Read More

Daily NCSC-FI news followup 2020-03-29

Source code of Dharma ransomware pops up for sale on hacking forums www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/ The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend.. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.