Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.
One-Click Microsoft Exchange On-Premises Mitigation Tool March 2021
msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.
The Microsoft Exchange hacks: How they started and where we are
www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/ With patches released and proof-of-concept (PoC) exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.
McAfee Defender’s Blog: Operation Dianxun
www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-dianxun In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably this threat is targeting people working in the telecommunications industry and has been used for espionage purposes to access sensitive data and to spy on companies related to 5G technology.
Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion
www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-used-sunburst-malware-for-initial-intrusion/ Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion. Mimecast Incident Report: www.mimecast.com/incident-report/
A Hacker Got All My Texts for $16
www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.
New Mirai Variant Targeting Network Security Devices
unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.
Microsoft’s latest cloud authentication outage: What went wrong
www.zdnet.com/article/microsofts-latest-cloud-authentication-outage-what-went-wrong/ Microsoft is saying a ‘rotation of keys’ that handle authentication was to blame for a roughly 14-hour Azure outage that took down Office 365, Dynamics 365, Xbox Live and other Microsoft services on March 15.. also: status.azure.com/en-us/status/history/
Top 10 Cloud Malware Threats
www.intezer.com/blog/cloud-security/top-10-cloud-malware-threats/ For a long time Linux has not been seen as a serious target of threat actors. This operating system makes up such a small percentage of the desktop market share compared to Windows, it’s no surprise why threat actors would focus most of their attention on attacking Windows endpoints. Times are quickly changing though as the next major battleground moves from traditional on-premise Windows endpoints to Linux-based servers and containers in the cloud. For perspective 90% of the public cloud runs Linux. Attackers are taking note. Some have started to write new malware from scratch exclusively for Linux, while others are adapting their existing Windows malware to target Linux.
Magecart Attackers Save Stolen Credit-Card Data in.JPG File
threatpost.com/magecart-attackers-stolen-data-jpg/164815/ Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a.JPG file on a website they’ve injected with malicious code. “The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner, ” he wrote.
Haittaohjelmien tekijät ovat ajan hermolla, selviää tietoturvayhtiö Kasperskyn tuoreesta raportista
www.tivi.fi/uutiset/tv/8531ef10-ab0d-43ab-ae9c-4e25980e8aeb Applen uudet M1-suorittimet ovat saaneet paljon ylistystä suorituskyvystään, mikä tietysti näkyy lisääntyneenä suosiona. Suosio taas saa haittaohjelmien tekijät liikkeelle. Kaspersky kertoo kolmesta haittaohjelmasta, jotka kaikki ovat uusille M1-Maceille suunnattuja. also:
No, Your iPhone Is Not More Secure Than Android, Warns Cyber Billionaire
www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/ One of the world’s leading cybersecurity experts has just warned that the alarming new surge in malicious apps is a much more serious threat to iPhone users than you might think. iPhones, he says, have a surprising security vulnerability.
Future Focused: Encryption and Visibility Can Co-Exist
blogs.cisco.com/security/future-focused-encryption-and-visibility-can-co-exist Along with others in the networking industry, we at Cisco are working to continually improve both security and privacy, without an advance in one area harming the other. In this blog I’ll describe two recent privacy advancesDNS over HTTPS (DoH) and QUICand what we’re doing to maintain visibility.