Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack

www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, we need to realise that the stakes are increasing – and rapidly.

How Quickly Are We Patching Microsoft Exchange Servers?

blog.paloaltonetworks.com/2021/03/patching-microsoft-exchange-servers/ Fifteen years ago, if you accidentally exposed a device on the Internet, it might go unnoticed by attackers for months or even years. Things are different today – attackers scrutinize your attack surface daily. With open source software anyone can download, an attacker can communicate with every public-facing IP address in IPv4 space in hours. Any unpatched system, misconfiguration or accidental exposure is likely to be discovered very quickly. The internet is tiny.

HAFNIUM, China Chopper and ASP.NET Runtime

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hafnium-china-chopper-and-aspnet-runtime/ The China Chopper server-side ASPX web shell is extremely small and typically, the entire thing is just one line. There are multiple versions of this web shell for executing code in different languages such as ASP, ASPX, PHP, JSP, and CFM. In this blog, we will cover the JScript version; however, they all are very similar aside from the language used.

Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm

redcanary.com/blog/microsoft-exchange-attacks/ Red Canary Intel is tracking multiple activity clusters exploiting vulnerable Microsoft Exchange servers to drop web shells, including one we’ve dubbed “Sapphire Pigeon.”

Verkossa on käynnissä hiljainen katastrofi “kymmeniä tai satoja Vastaamon tyyppisiä tietomurtoja”

www.is.fi/digitoday/tietoturva/art-2000007861992.html ProxyLogon-nimellä tunnettu, Microsoftin sähköpostipalvelimiin kohdistuva tietomurto on laaja, ja tietoa varastetaan koko ajan. Suomalaisten mahdollisuudet vastata uhkaan vaihtelevat.

Telia Inmics-Nebula sulki yrittäjien sähköposteja katko kestänyt jo yli 4 päivää

www.tivi.fi/uutiset/tv/32465f1b-8d6d-47df-a01c-9d943517f284 Päiväkausia kestävä katkos sähköpostin toiminnassa voi tehdä olon tukalaksi. Tukalaa on nyt joillakin Telia Inmics-Nebulan yritysasiakkailla.

COVID-19: Examining the threat landscape a year later

securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154/ On the anniversary of the global shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic and what that means for users in the years to come.

Hus korjasi digipalveluidensa ongelman toistamiseen

www.tivi.fi/uutiset/tv/c9246f37-dd9a-4c1e-b7eb-461ccccbdf5e Husin sähköiset palvelut toimivat jälleen normaalisti maanantaisen katkon jälkeen. myös:

www.tivi.fi/uutiset/husin-it-palvelut-kyykkasivat-taas-ei-aikoja-koronatesteihin-tai-rokotuksiin/38b10b66-7023-427e-9fab-4913b57da293

Phishing sites now detect virtual machines to bypass detection

www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/ Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.

Verkada Breach Demonstrates Danger of Overprivileged Users

www.darkreading.com/vulnerabilities—threats/verkada-breach-demonstrates-danger-of-overprivileged-users/d/d-id/1340403 In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.

PayPal fraud: What merchants should know

www.welivesecurity.com/2021/03/15/paypal-fraud-what-merchants-should-know/ – From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for?

Rising Demand for DDoS Protection Software Market By 2020-2028

thehackernews.com/2021/03/rising-demand-for-ddos-protection.html Demand for the DDoS software market is on the rise due to the exponential increase in multi-vector DDoS attacks and the ease with which DDoS-for-hire services are available today.

How Facebook got addicted to spreading misinformation

www.technologyreview.com/2021/03/11/1020600/facebook-responsible-ai-misinformation/ The companys AI algorithms gave it an insatiable habit for lies and hate speech. Now the man who built them can’t fix the problem.

Haluatko lisätä tietoturvaa helposti? Näin kaksivaiheinen tunnistautuminen tapahtuu helpoimmin

www.kauppalehti.fi/uutiset/haluatko-lisata-tietoturvaa-helposti-nain-kaksivaiheinen-tunnistautuminen-tapahtuu-helpoimmin/c7e1ef81-e46a-422d-885b-8bf82f3a9c8b Osaatko pitää tietosi turvassa verkossa? Käyttäjätilin turvallisuutta voi helposti lisätä kaksivaiheisella tunnistuksella. [TILAAJILLE]

Microsoft 365 outage knocks down Teams, Exchange Online

www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-teams-exchange-online/ A Microsoft 365 outage is preventing users from logging into Microsoft Teams, Exchange Online, Forms, Xbox Live, and Yammer.. Based on reports from users, this appears to be a worldwide outage.

You might be interested in …

Daily NCSC-FI news followup 2021-07-25

Shortcomings With Financial Market Infrastructure Companies Business Continuity And Cybersecurity Plans Need To Be Resolved www.forbes.com/sites/mayrarodriguezvalladares/2021/07/25/shortcomings-with-financial-market-infrastructure-companies-business-continuity-and-cybersecurity-plans-need-to-be-resolved/ [A report released this week] shows that it is doubtful that [financial markets infrastructure companies] business continuity plans (BCPs) are designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events and […]

Read More

Daily NCSC-FI news followup 2019-11-17

Indian officials acknowledged on October 30th that a cyberattack occurred at the countrys Kudankulam nuclear power plant. thebulletin.org/2019/11/lessons-from-the-cyberattack-on-indias-largest-nuclear-power-plant/ While reactor operations at Kudankulam were reportedly unaffected, this incident should serve as yet another wake-up call that the nuclear power industry needs to take cybersecurity more seriously.. The problem of cybersecurity is not new to the […]

Read More

Daily NCSC-FI news followup 2019-12-26

Happy Holidays and big thanks to everyone whos working these holidays! nakedsecurity.sophos.com/2019/12/25/happy-holidays-and-big-thanks-to-everyone-whos-working-today/ Lots of us have the day off today, but there are plenty of people who dont, including a veritable army of of IT techies, helpdesk staff, sysadmins and others. Hats off to you! Say GDP-aaaR: UK’s Information Commissioner pours £275k fine into London […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.