Protecting on-premises Exchange Servers against recent attacks
www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/ For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized businesses, although larger organizations with on-premises Exchange servers have also been affected. This is now what we consider a broad attack, and the severity of these exploits means protecting your systems is critical. While Microsoft has regular methods for providing tools to update software, this extraordinary situation calls for a heightened approach.
Kyberhyökkäys näkyy Telialla firmojen sähköpostit nurin kolmatta päivää
www.is.fi/digitoday/tietoturva/art-2000007856648.html Teleoperaattori Telian omistaman hosting- ja nettipalveluyritys Telia Inmics-Nebulan sähköpostipalvelut ja kalenteri ovat poissa käytössä kolmatta päivää, eikä katkon pituuden jatkumisesta ole tietoa. Tilanne koskee tuhansia palvelua käyttäviä yrityskäyttäjiä. Telian tiedote:
Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild
thehackernews.com/2021/03/another-google-chrome-0-day-bug-found.html Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month. While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.
Europol Credits Sweeping Arrests to Cracked Sky ECC Comms
threatpost.com/europol-arrests-cracked-sky-ecc/164744/ Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70, 000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private communications, denies that the messages on its platform were decrypted. However, sweeping arrests across Belgium, France and the Netherlands reported by Europol, in coordination with those countries’ law-enforcement authorities, seem to indicate otherwise.
Chinese universities connected to known APTs are conducting AI/ML cybersecurity research
therecord.media/chinese-universities-connected-to-known-apts-are-conducting-ai-ml-cybersecurity-research/ At least six major Chinese universities with previous connections to government-backed hacking groups have been conducting research on the intersection of cybersecurity and machine learning. In a paper titled “Academics, AI, and APTs, ” the Center for Security and Emerging Technology at Georgetown University warns that the research conducted today in these Chinese universities today could soon be integrated into the techniques used by Chinese state-sponsored hackers (APTs). also (PDF):
15-year-old Linux kernel bugs let attackers gain root privileges
www.bleepingcomputer.com/news/security/15-year-old-linux-kernel-bugs-let-attackers-gain-root-privileges/ Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector.
Laura Ristimäen 16-vuotiaana syttynyt nettiromanssi päättyi hyvin, mutta toisenlaisiakin tarinoita riittää peitetehtävissä toiminut ex-poliisi kertoo, miten huijarin tunnistaa
yle.fi/uutiset/3-11810570 Ihastumisen tunnekuohussa kannattaa kysyä, mitä jos tämä tapahtuisi ystävälleni? Iloitsisinko vai varoittaisin?