Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

One-Click Microsoft Exchange On-Premises Mitigation Tool March 2021

msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.

The Microsoft Exchange hacks: How they started and where we are

www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/ With patches released and proof-of-concept (PoC) exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.

McAfee Defender’s Blog: Operation Dianxun

www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-dianxun In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably this threat is targeting people working in the telecommunications industry and has been used for espionage purposes to access sensitive data and to spy on companies related to 5G technology.

Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion

www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-used-sunburst-malware-for-initial-intrusion/ Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion. Mimecast Incident Report: www.mimecast.com/incident-report/

A Hacker Got All My Texts for $16

www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

New Mirai Variant Targeting Network Security Devices

unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.

Microsoft’s latest cloud authentication outage: What went wrong

www.zdnet.com/article/microsofts-latest-cloud-authentication-outage-what-went-wrong/ Microsoft is saying a ‘rotation of keys’ that handle authentication was to blame for a roughly 14-hour Azure outage that took down Office 365, Dynamics 365, Xbox Live and other Microsoft services on March 15.. also: status.azure.com/en-us/status/history/

Top 10 Cloud Malware Threats

www.intezer.com/blog/cloud-security/top-10-cloud-malware-threats/ For a long time Linux has not been seen as a serious target of threat actors. This operating system makes up such a small percentage of the desktop market share compared to Windows, it’s no surprise why threat actors would focus most of their attention on attacking Windows endpoints. Times are quickly changing though as the next major battleground moves from traditional on-premise Windows endpoints to Linux-based servers and containers in the cloud. For perspective 90% of the public cloud runs Linux. Attackers are taking note. Some have started to write new malware from scratch exclusively for Linux, while others are adapting their existing Windows malware to target Linux.

Magecart Attackers Save Stolen Credit-Card Data in.JPG File

threatpost.com/magecart-attackers-stolen-data-jpg/164815/ Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a.JPG file on a website they’ve injected with malicious code. “The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner, ” he wrote.

Haittaohjelmien tekijät ovat ajan hermolla, selviää tietoturvayhtiö Kasperskyn tuoreesta raportista

www.tivi.fi/uutiset/tv/8531ef10-ab0d-43ab-ae9c-4e25980e8aeb Applen uudet M1-suorittimet ovat saaneet paljon ylistystä suorituskyvystään, mikä tietysti näkyy lisääntyneenä suosiona. Suosio taas saa haittaohjelmien tekijät liikkeelle. Kaspersky kertoo kolmesta haittaohjelmasta, jotka kaikki ovat uusille M1-Maceille suunnattuja. also:

securelist.com/malware-for-the-new-apple-silicon-platform/101137/

No, Your iPhone Is Not More Secure Than Android, Warns Cyber Billionaire

www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/ One of the world’s leading cybersecurity experts has just warned that the alarming new surge in malicious apps is a much more serious threat to iPhone users than you might think. iPhones, he says, have a surprising security vulnerability.

Future Focused: Encryption and Visibility Can Co-Exist

blogs.cisco.com/security/future-focused-encryption-and-visibility-can-co-exist Along with others in the networking industry, we at Cisco are working to continually improve both security and privacy, without an advance in one area harming the other. In this blog I’ll describe two recent privacy advancesDNS over HTTPS (DoH) and QUICand what we’re doing to maintain visibility.

50 years of malware? Not really. 50 years of computer worms? That’s a different story…

isc.sans.edu/forums/diary/50+years+of+malware+Not+really+50+years+of+computer+worms+Thats+a+different+story/27208/

You might be interested in …

Daily NCSC-FI news followup 2021-04-03

Ransomware gang leaks data from Stanford, Maryland universities www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/ Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine’s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial […]

Read More

Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored […]

Read More

Daily NCSC-FI news followup 2020-02-22

Slickwraps Data Breach Exposes Financial and Customer Info www.bleepingcomputer.com/news/security/slickwraps-data-breach-exposes-financial-and-customer-info/ Slickwraps has suffered a data breach after a security researcher was able to access their systems and after receiving no response to emails, publicly disclosed how they gained access to the site and the data that was exposed.. Slickwraps is a mobile device case retailer who […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.