Daily NCSC-FI news followup 2021-03-14

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone

www.bleepingcomputer.com/news/security/new-poc-for-microsoft-exchange-bugs-puts-attacks-in-reach-of-anyone/ A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities. Will Dorman, a Vulnerability Analyst at the CERT/CC, tested the vulnerability on a Microsoft exchange server and told BleepingComputer that it worked with very little modification. “It’s within the reach of “script kiddie” now, ” warned Dorman in our discussion about the PoC.

Threat Assessment: DearCry Ransomware

unit42.paloaltonetworks.com/dearcry-ransomware/ Last week, Microsoft reported that attackers compromised Exchange Mail Servers with the use of four zero-day vulnerabilities. While patches have been released by Microsoft, adversaries are still attacking vulnerable versions of Microsoft Exchange Servers with malicious tools, malware and data exfiltration. Further, Microsoft has confirmed the existence of a ransomware variant leveraging these vulnerabilities, which has been dubbed “DearCry.”. It is reasonable to suspect that the ransomware authors were paying homage to an unrelated yet infamous ransomware family, “WannaCry, ” which was used as a payload within an orchestrated attack campaign leveraging known Microsoft vulnerabilities to infect victims en masse.

Microsoft Probes Whether Leak Played Role in Suspected Chinese Hack

www.wsj.com/articles/microsoft-probing-whether-leak-played-role-in-suspected-chinese-hack-11615575793 Microsoft Corp. is investigating whether the hackers behind a world-wide cyberattack may have obtained sensitive information necessary to launch the attack from private disclosures it made with some of its security partners, according to people familiar with the matter.

Huawei Listed Anew as Threat to US National Security

www.securityweek.com/huawei-listed-anew-threat-us-national-security US regulators on Friday listed Huawei among Chinese telecom gear firms deemed a threat to national security, signaling that a hoped for softening of relations is not in the cards.

Tuntuuko sinustakin, että internet on pilalla? Ylen haastattelussa Wikipedian johtaja, joka uskoo, että nyt alkaa uusi aika: “Tilinteko on todennäköinen”

yle.fi/uutiset/3-11770643 “Viestintävälineitä voidaan hyödyntää kuin aseita. Aiemmin sellainen oli mahdollista vain hallituksille”, Ryan Merkley sanoo.

You might be interested in …

Daily NCSC-FI news followup 2019-11-25

Livingston School District in New Jersey Hit With Ransomware www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/ Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. Hidden Cam Above […]

Read More

Daily NCSC-FI news followup 2020-03-18

Spanish operators beg customers not to screw the network up telecoms.com/503106/spanish-operators-beg-customers-not-to-screw-the-network-up/ All the major Spanish telcos have unveiled a joint statement to customers, asking for fair and reasonable use of the internet during over the foreseeable future. […] Microsoft has said it has seen a 100% growth in usage of its enterprise productivity application Teams. […]

Read More

Daily NCSC-FI news followup 2020-02-03

TERVEYSTALON SÄHKÖISEEN VERKKOAJANVARAUKSEEN ON KOHDISTUNUT TIETOJENKALASTELUA www.terveystalo.com/fi/Sijoittajat/Tiedotteet/?crid=2AECEBB792F63309 Terveystalon sähköiseen verkkoajanvaraukseen on kohdistunut tietojenkalastelua. Tämän seurauksena yksittäisten henkilöiden henkilötunnus on todennäköisesti saatu selvitettyä. Verkkoajanvarauksessa ei käsitellä potilastietoja, ainoastaan nimi- ja henkilötunnustietoja. Potilastietoja verkkoajanvarauksen kautta ei saa selvitettyä.. Lue myös yle.fi/uutiset/3-11189706, www.hs.fi/kotimaa/art-2000006393563.html, www.is.fi/digitoday/tietoturva/art-2000006394014.html ja www.is.fi/digitoday/tietoturva/art-2000006394067.html Hakkerointi on yhtä murhaava ase kuin ohjusisku, sanoo Israelin armeijan tiedustelun veteraani […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.