Daily NCSC-FI news followup 2021-03-15

Welcome to the era of the mega-hack

www.zdnet.com/article/welcome-to-the-era-of-the-mega-hack/ We’re now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs – – and use them to create attacks that compromise the computer systems of thousands of organisations, all at once. Right now, we need to realise that the stakes are increasing – and rapidly.

How Quickly Are We Patching Microsoft Exchange Servers?

blog.paloaltonetworks.com/2021/03/patching-microsoft-exchange-servers/ Fifteen years ago, if you accidentally exposed a device on the Internet, it might go unnoticed by attackers for months or even years. Things are different today – attackers scrutinize your attack surface daily. With open source software anyone can download, an attacker can communicate with every public-facing IP address in IPv4 space in hours. Any unpatched system, misconfiguration or accidental exposure is likely to be discovered very quickly. The internet is tiny.

HAFNIUM, China Chopper and ASP.NET Runtime

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hafnium-china-chopper-and-aspnet-runtime/ The China Chopper server-side ASPX web shell is extremely small and typically, the entire thing is just one line. There are multiple versions of this web shell for executing code in different languages such as ASP, ASPX, PHP, JSP, and CFM. In this blog, we will cover the JScript version; however, they all are very similar aside from the language used.

Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm

redcanary.com/blog/microsoft-exchange-attacks/ Red Canary Intel is tracking multiple activity clusters exploiting vulnerable Microsoft Exchange servers to drop web shells, including one we’ve dubbed “Sapphire Pigeon.”

Verkossa on käynnissä hiljainen katastrofi “kymmeniä tai satoja Vastaamon tyyppisiä tietomurtoja”

www.is.fi/digitoday/tietoturva/art-2000007861992.html ProxyLogon-nimellä tunnettu, Microsoftin sähköpostipalvelimiin kohdistuva tietomurto on laaja, ja tietoa varastetaan koko ajan. Suomalaisten mahdollisuudet vastata uhkaan vaihtelevat.

Telia Inmics-Nebula sulki yrittäjien sähköposteja katko kestänyt jo yli 4 päivää

www.tivi.fi/uutiset/tv/32465f1b-8d6d-47df-a01c-9d943517f284 Päiväkausia kestävä katkos sähköpostin toiminnassa voi tehdä olon tukalaksi. Tukalaa on nyt joillakin Telia Inmics-Nebulan yritysasiakkailla.

COVID-19: Examining the threat landscape a year later

securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154/ On the anniversary of the global shutdown, Kaspersky experts decided to take a look back at how the threat landscape has evolved since the beginning of the pandemic and what that means for users in the years to come.

Hus korjasi digipalveluidensa ongelman toistamiseen

www.tivi.fi/uutiset/tv/c9246f37-dd9a-4c1e-b7eb-461ccccbdf5e Husin sähköiset palvelut toimivat jälleen normaalisti maanantaisen katkon jälkeen. myös:

www.tivi.fi/uutiset/husin-it-palvelut-kyykkasivat-taas-ei-aikoja-koronatesteihin-tai-rokotuksiin/38b10b66-7023-427e-9fab-4913b57da293

Phishing sites now detect virtual machines to bypass detection

www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/ Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.

Verkada Breach Demonstrates Danger of Overprivileged Users

www.darkreading.com/vulnerabilities—threats/verkada-breach-demonstrates-danger-of-overprivileged-users/d/d-id/1340403 In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.

PayPal fraud: What merchants should know

www.welivesecurity.com/2021/03/15/paypal-fraud-what-merchants-should-know/ – From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for?

Rising Demand for DDoS Protection Software Market By 2020-2028

thehackernews.com/2021/03/rising-demand-for-ddos-protection.html Demand for the DDoS software market is on the rise due to the exponential increase in multi-vector DDoS attacks and the ease with which DDoS-for-hire services are available today.

How Facebook got addicted to spreading misinformation

www.technologyreview.com/2021/03/11/1020600/facebook-responsible-ai-misinformation/ The companys AI algorithms gave it an insatiable habit for lies and hate speech. Now the man who built them can’t fix the problem.

Haluatko lisätä tietoturvaa helposti? Näin kaksivaiheinen tunnistautuminen tapahtuu helpoimmin

www.kauppalehti.fi/uutiset/haluatko-lisata-tietoturvaa-helposti-nain-kaksivaiheinen-tunnistautuminen-tapahtuu-helpoimmin/c7e1ef81-e46a-422d-885b-8bf82f3a9c8b Osaatko pitää tietosi turvassa verkossa? Käyttäjätilin turvallisuutta voi helposti lisätä kaksivaiheisella tunnistuksella. [TILAAJILLE]

Microsoft 365 outage knocks down Teams, Exchange Online

www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-knocks-down-teams-exchange-online/ A Microsoft 365 outage is preventing users from logging into Microsoft Teams, Exchange Online, Forms, Xbox Live, and Yammer.. Based on reports from users, this appears to be a worldwide outage.

You might be interested in …

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Read More

Daily NCSC-FI news followup 2020-11-21

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is […]

Read More

Daily NCSC-FI news followup 2019-11-01

Safe downloading habits: What to teach your kids www.welivesecurity.com/2019/11/01/safe-downloading-habits-teach-kids/ Even if you are careful about what you click and download, chances are your children will be less cautious. Heres how you can help them and your entire family stay safe. Life without the internet is rather difficult to fathom, and particularly for children the online […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.