Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

One-Click Microsoft Exchange On-Premises Mitigation Tool March 2021

msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.

The Microsoft Exchange hacks: How they started and where we are

www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/ With patches released and proof-of-concept (PoC) exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.

McAfee Defender’s Blog: Operation Dianxun

www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-dianxun In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably this threat is targeting people working in the telecommunications industry and has been used for espionage purposes to access sensitive data and to spy on companies related to 5G technology.

Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion

www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-used-sunburst-malware-for-initial-intrusion/ Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion. Mimecast Incident Report: www.mimecast.com/incident-report/

A Hacker Got All My Texts for $16

www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

New Mirai Variant Targeting Network Security Devices

unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.

Microsoft’s latest cloud authentication outage: What went wrong

www.zdnet.com/article/microsofts-latest-cloud-authentication-outage-what-went-wrong/ Microsoft is saying a ‘rotation of keys’ that handle authentication was to blame for a roughly 14-hour Azure outage that took down Office 365, Dynamics 365, Xbox Live and other Microsoft services on March 15.. also: status.azure.com/en-us/status/history/

Top 10 Cloud Malware Threats

www.intezer.com/blog/cloud-security/top-10-cloud-malware-threats/ For a long time Linux has not been seen as a serious target of threat actors. This operating system makes up such a small percentage of the desktop market share compared to Windows, it’s no surprise why threat actors would focus most of their attention on attacking Windows endpoints. Times are quickly changing though as the next major battleground moves from traditional on-premise Windows endpoints to Linux-based servers and containers in the cloud. For perspective 90% of the public cloud runs Linux. Attackers are taking note. Some have started to write new malware from scratch exclusively for Linux, while others are adapting their existing Windows malware to target Linux.

Magecart Attackers Save Stolen Credit-Card Data in.JPG File

threatpost.com/magecart-attackers-stolen-data-jpg/164815/ Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a.JPG file on a website they’ve injected with malicious code. “The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner, ” he wrote.

Haittaohjelmien tekijät ovat ajan hermolla, selviää tietoturvayhtiö Kasperskyn tuoreesta raportista

www.tivi.fi/uutiset/tv/8531ef10-ab0d-43ab-ae9c-4e25980e8aeb Applen uudet M1-suorittimet ovat saaneet paljon ylistystä suorituskyvystään, mikä tietysti näkyy lisääntyneenä suosiona. Suosio taas saa haittaohjelmien tekijät liikkeelle. Kaspersky kertoo kolmesta haittaohjelmasta, jotka kaikki ovat uusille M1-Maceille suunnattuja. also:

securelist.com/malware-for-the-new-apple-silicon-platform/101137/

No, Your iPhone Is Not More Secure Than Android, Warns Cyber Billionaire

www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/ One of the world’s leading cybersecurity experts has just warned that the alarming new surge in malicious apps is a much more serious threat to iPhone users than you might think. iPhones, he says, have a surprising security vulnerability.

Future Focused: Encryption and Visibility Can Co-Exist

blogs.cisco.com/security/future-focused-encryption-and-visibility-can-co-exist Along with others in the networking industry, we at Cisco are working to continually improve both security and privacy, without an advance in one area harming the other. In this blog I’ll describe two recent privacy advancesDNS over HTTPS (DoH) and QUICand what we’re doing to maintain visibility.

50 years of malware? Not really. 50 years of computer worms? That’s a different story…

isc.sans.edu/forums/diary/50+years+of+malware+Not+really+50+years+of+computer+worms+Thats+a+different+story/27208/

You might be interested in …

Daily NCSC-FI news followup 2020-06-11

Hackers breached A1 Telekom, Austria’s largest ISP www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/ A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers. Snake Ransomware Delivers Double-Strike on Honda, Energy Co. threatpost.com/snake-ransomware-honda-energy/156462/ The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American […]

Read More

Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi. Detecting and Preventing Emotet 2019 Campaign media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the […]

Read More

Daily NCSC-FI news followup 2021-05-20

China could soon have stronger privacy laws than the U.S. www.protocol.com/china/china-privacy-laws-surpass-usa In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.