Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack

www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, we need to realise that the stakes are increasing – and rapidly.

How Quickly Are We Patching Microsoft Exchange Servers?

blog.paloaltonetworks.com/2021/03/patching-microsoft-exchange-servers/ Fifteen years ago, if you accidentally exposed a device on the Internet, it might go unnoticed by attackers for months or even years. Things are different today – attackers scrutinize your attack surface daily. With open source software anyone can download, an attacker can communicate with every public-facing IP address in IPv4 space in hours. Any unpatched system, misconfiguration or accidental exposure is likely to be discovered very quickly. The internet is tiny.

HAFNIUM, China Chopper and ASP.NET Runtime

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hafnium-china-chopper-and-aspnet-runtime/ The China Chopper server-side ASPX web shell is extremely small and typically, the entire thing is just one line. There are multiple versions of this web shell for executing code in different languages such as ASP, ASPX, PHP, JSP, and CFM. In this blog, we will cover the JScript version; however, they all are very similar aside from the language used.

Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm

redcanary.com/blog/microsoft-exchange-attacks/ Red Canary Intel is tracking multiple activity clusters exploiting vulnerable Microsoft Exchange servers to drop web shells, including one we’ve dubbed “Sapphire Pigeon.”

Verkossa on käynnissä hiljainen katastrofi “kymmeniä tai satoja Vastaamon tyyppisiä tietomurtoja”

www.is.fi/digitoday/tietoturva/art-2000007861992.html ProxyLogon-nimellä tunnettu, Microsoftin sähköpostipalvelimiin kohdistuva tietomurto on laaja, ja tietoa varastetaan koko ajan. Suomalaisten mahdollisuudet vastata uhkaan vaihtelevat.

Telia Inmics-Nebula sulki yrittäjien sähköposteja katko kestänyt jo yli 4 päivää

www.tivi.fi/uutiset/tv/32465f1b-8d6d-47df-a01c-9d943517f284 Päiväkausia kestävä katkos sähköpostin toiminnassa voi tehdä olon tukalaksi. Tukalaa on nyt joillakin Telia Inmics-Nebulan yritysasiakkailla.

COVID-19: Examining the threat landscape a year later

securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154/ On the anniversary of the global shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic and what that means for users in the years to come.

Hus korjasi digipalveluidensa ongelman toistamiseen

www.tivi.fi/uutiset/tv/c9246f37-dd9a-4c1e-b7eb-461ccccbdf5e Husin sähköiset palvelut toimivat jälleen normaalisti maanantaisen katkon jälkeen. myös:


Phishing sites now detect virtual machines to bypass detection

www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/ Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.

Verkada Breach Demonstrates Danger of Overprivileged Users

www.darkreading.com/vulnerabilities—threats/verkada-breach-demonstrates-danger-of-overprivileged-users/d/d-id/1340403 In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.

PayPal fraud: What merchants should know

www.welivesecurity.com/2021/03/15/paypal-fraud-what-merchants-should-know/ – From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for?

Rising Demand for DDoS Protection Software Market By 2020-2028

thehackernews.com/2021/03/rising-demand-for-ddos-protection.html Demand for the DDoS software market is on the rise due to the exponential increase in multi-vector DDoS attacks and the ease with which DDoS-for-hire services are available today.

How Facebook got addicted to spreading misinformation

www.technologyreview.com/2021/03/11/1020600/facebook-responsible-ai-misinformation/ The companys AI algorithms gave it an insatiable habit for lies and hate speech. Now the man who built them can’t fix the problem.

Haluatko lisätä tietoturvaa helposti? Näin kaksivaiheinen tunnistautuminen tapahtuu helpoimmin

www.kauppalehti.fi/uutiset/haluatko-lisata-tietoturvaa-helposti-nain-kaksivaiheinen-tunnistautuminen-tapahtuu-helpoimmin/c7e1ef81-e46a-422d-885b-8bf82f3a9c8b Osaatko pitää tietosi turvassa verkossa? Käyttäjätilin turvallisuutta voi helposti lisätä kaksivaiheisella tunnistuksella. [TILAAJILLE]

Microsoft 365 outage knocks down Teams, Exchange Online

www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-teams-exchange-online/ A Microsoft 365 outage is preventing users from logging into Microsoft Teams, Exchange Online, Forms, Xbox Live, and Yammer.. Based on reports from users, this appears to be a worldwide outage.

You might be interested in …

Daily NCSC-FI news followup 2019-12-27

Yli puolet haittaohjelmista muhii kodin älylaitteissa – kaksi asiaa, joilla tukit helpoimmat vuotopaikat yle.fi/uutiset/3-11127237?origin=rss Kotirauhaasi häiritsevät uhat ovat varsin yksinkertaisia haittaohjelmia. Kun perusasiat ovat kunnossa, saadaan tietoturva paljon paremmaksi. Muista nämä: salasana ja laitteen päivitykset.. Nämä kaksi kriteeriä ovat myös tietoturvamerkin ehtoja laitevalmistajille – tietoturvamerkki.fi/ Kunnilla heikkoja salasanoja ja huteria palomuureja – Lahti maksoi kyberhyökkäyksen […]

Read More

Daily NCSC-FI news followup 2021-06-12

Tracking ransomware cryptocurrency payments: What now for Bitcoin? www.welivesecurity.com/2021/06/11/tracking-ransomware-cryptocurrency-payments/ Earlier this week, the Department of Justice announced it seized around $2.3 million worth of bitcoin (BTC 63.7) collected in the BTC 75 payment for Colonial Pipeline ransomware. Does this mean Bitcoin is hackable given enough computation horsepower?. For years Bitcoins weaknesses (or strengths, depending on […]

Read More

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.