Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

One-Click Microsoft Exchange On-Premises Mitigation Tool March 2021

msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.

The Microsoft Exchange hacks: How they started and where we are

www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/ With patches released and proof-of-concept (PoC) exploit code surfacing online, thousands of Microsoft Exchange servers worldwide continue to remain vulnerable and the number of attacks is still at a worrying level.

McAfee Defender’s Blog: Operation Dianxun

www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-operation-dianxun In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably this threat is targeting people working in the telecommunications industry and has been used for espionage purposes to access sensitive data and to spy on companies related to 5G technology.

Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion

www.bleepingcomputer.com/news/security/mimecast-solarwinds-hackers-used-sunburst-malware-for-initial-intrusion/ Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion. Mimecast Incident Report: www.mimecast.com/incident-report/

A Hacker Got All My Texts for $16

www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

New Mirai Variant Targeting Network Security Devices

unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.

Microsoft’s latest cloud authentication outage: What went wrong

www.zdnet.com/article/microsofts-latest-cloud-authentication-outage-what-went-wrong/ Microsoft is saying a ‘rotation of keys’ that handle authentication was to blame for a roughly 14-hour Azure outage that took down Office 365, Dynamics 365, Xbox Live and other Microsoft services on March 15.. also: status.azure.com/en-us/status/history/

Top 10 Cloud Malware Threats

www.intezer.com/blog/cloud-security/top-10-cloud-malware-threats/ For a long time Linux has not been seen as a serious target of threat actors. This operating system makes up such a small percentage of the desktop market share compared to Windows, it’s no surprise why threat actors would focus most of their attention on attacking Windows endpoints. Times are quickly changing though as the next major battleground moves from traditional on-premise Windows endpoints to Linux-based servers and containers in the cloud. For perspective 90% of the public cloud runs Linux. Attackers are taking note. Some have started to write new malware from scratch exclusively for Linux, while others are adapting their existing Windows malware to target Linux.

Magecart Attackers Save Stolen Credit-Card Data in.JPG File

threatpost.com/magecart-attackers-stolen-data-jpg/164815/ Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a.JPG file on a website they’ve injected with malicious code. “The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner, ” he wrote.

Haittaohjelmien tekijät ovat ajan hermolla, selviää tietoturvayhtiö Kasperskyn tuoreesta raportista

www.tivi.fi/uutiset/tv/8531ef10-ab0d-43ab-ae9c-4e25980e8aeb Applen uudet M1-suorittimet ovat saaneet paljon ylistystä suorituskyvystään, mikä tietysti näkyy lisääntyneenä suosiona. Suosio taas saa haittaohjelmien tekijät liikkeelle. Kaspersky kertoo kolmesta haittaohjelmasta, jotka kaikki ovat uusille M1-Maceille suunnattuja. also:

securelist.com/malware-for-the-new-apple-silicon-platform/101137/

No, Your iPhone Is Not More Secure Than Android, Warns Cyber Billionaire

www.forbes.com/sites/zakdoffman/2021/03/16/iphone-12-pro-max-and-iphone-13-not-more-secure-than-google-and-samsung-android-warns-cyber-billionaire/ One of the world’s leading cybersecurity experts has just warned that the alarming new surge in malicious apps is a much more serious threat to iPhone users than you might think. iPhones, he says, have a surprising security vulnerability.

Future Focused: Encryption and Visibility Can Co-Exist

blogs.cisco.com/security/future-focused-encryption-and-visibility-can-co-exist Along with others in the networking industry, we at Cisco are working to continually improve both security and privacy, without an advance in one area harming the other. In this blog I’ll describe two recent privacy advancesDNS over HTTPS (DoH) and QUICand what we’re doing to maintain visibility.

50 years of malware? Not really. 50 years of computer worms? That’s a different story…

isc.sans.edu/forums/diary/50+years+of+malware+Not+really+50+years+of+computer+worms+Thats+a+different+story/27208/

You might be interested in …

Daily NCSC-FI news followup 2021-05-17

Lukiolaiskolmikko huomasi tietoturva-aukon sähköisessä yo-kirjoitus­järjestelmässä: Oli iso yllätys, että saimme toimimaan näin ison hyökkäys­ketjun www.hs.fi/kotimaa/art-2000007980520.html TÄMÄN kevään ylioppilaskirjoitusten aikana maaliskuun loppupuolella Ylioppilastutkintolautakunta (YTL) sai vinkin, että sen Abitti-järjestelmässä on erittäin vakava tietoturva-aukko. Abitti on nykyisin sähköisissä ylioppilaskirjoituksissa käytettävä järjestelmä.. Alkuperäinen blogikirjoitus www.abitti.fi/blogi/2021/05/abitista-on-korjattu-kaksi-tietoturvahaavoittuvuutta/. Abitista on korjattu kaksi vakavaa tietoturva-aukkoa. Ensimmäinen, merkitykseltään vähäisempi haavoittuvuus koskee kokelaan tikkua. […]

Read More

Daily NCSC-FI news followup 2020-11-24

TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416. Historic campaigns by this actor have also been publicly attributed to Mustang Panda and RedDelta. This new activity appears to be a […]

Read More

Daily NCSC-FI news followup 2021-10-03

Sandhills online machinery markets shut down by ransomware attack www.bleepingcomputer.com/news/security/sandhills-online-machinery-markets-shut-down-by-ransomware-attack/ Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations. Sandhills Global is a US-based trade publication and hosting company catering to the transportation, agriculture, aircraft, heavy machinery, and technology industries. Numerous sources have […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.