Daily NCSC-FI news followup 2021-03-14

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone

www.bleepingcomputer.com/news/security/new-poc-for-microsoft-exchange-bugs-puts-attacks-in-reach-of-anyone/ A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities. Will Dorman, a Vulnerability Analyst at the CERT/CC, tested the vulnerability on a Microsoft exchange server and told BleepingComputer that it worked with very little modification. “It’s within the reach of “script kiddie” now, ” warned Dorman in our discussion about the PoC.

Threat Assessment: DearCry Ransomware

unit42.paloaltonetworks.com/dearcry-ransomware/ Last week, Microsoft reported that attackers compromised Exchange Mail Servers with the use of four zero-day vulnerabilities. While patches have been released by Microsoft, adversaries are still attacking vulnerable versions of Microsoft Exchange Servers with malicious tools, malware and data exfiltration. Further, Microsoft has confirmed the existence of a ransomware variant leveraging these vulnerabilities, which has been dubbed “DearCry.”. It is reasonable to suspect that the ransomware authors were paying homage to an unrelated yet infamous ransomware family, “WannaCry, ” which was used as a payload within an orchestrated attack campaign leveraging known Microsoft vulnerabilities to infect victims en masse.

Microsoft Probes Whether Leak Played Role in Suspected Chinese Hack

www.wsj.com/articles/microsoft-probing-whether-leak-played-role-in-suspected-chinese-hack-11615575793 Microsoft Corp. is investigating whether the hackers behind a world-wide cyberattack may have obtained sensitive information necessary to launch the attack from private disclosures it made with some of its security partners, according to people familiar with the matter.

Huawei Listed Anew as Threat to US National Security

www.securityweek.com/huawei-listed-anew-threat-us-national-security US regulators on Friday listed Huawei among Chinese telecom gear firms deemed a threat to national security, signaling that a hoped for softening of relations is not in the cards.

Tuntuuko sinustakin, että internet on pilalla? Ylen haastattelussa Wikipedian johtaja, joka uskoo, että nyt alkaa uusi aika: “Tilinteko on todennäköinen”

yle.fi/uutiset/3-11770643 “Viestintävälineitä voidaan hyödyntää kuin aseita. Aiemmin sellainen oli mahdollista vain hallituksille”, Ryan Merkley sanoo.

You might be interested in …

Daily NCSC-FI news followup 2021-10-04

Facebookin palveluissa poikkeuksellisia ongelmia ympäri maailman F-Securen Hyppönen: tiettävästi palveluiden ylläpitäjän tekemä virhe yle.fi/uutiset/3-12128258 Somejätti Facebookin palveluissa on ollut illan aikana ongelmia ympäri maailman, kertovat useat kansainväliset mediat. Uutistoimisto Reutersin mukaan ongelmia on ilmennyt myös Twitterillä, Googlella ja Amazonilla. myös: www.hs.fi/talous/art-2000008309670.html. myös: www.iltalehti.fi/digiuutiset/a/e9d571df-f2b7-48d7-87e6-5836f0425624. myös: www.is.fi/digitoday/art-2000008309646.html Facebook Outage: Yes, its DNS (sort of). A super quick […]

Read More

Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, […]

Read More

Daily NCSC-FI news followup 2020-09-08

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities www.zdnet.com/article/microsoft-september-2020-patch-tuesday-fixes-129-vulnerabilities/ Twenty critical remote code execution bugs have been patched this month, including in Windows and SharePoint enterprise servers. See also: isc.sans.edu/diary/rss/26544 Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/ Adobe patched 11 bugs overall in its Experience Manager; five of those are rated […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.