Identifying suspicious credential usage
www.ncsc.gov.uk/blog-post/identifying-suspicious-credential-usage How NCSC guidance can help organisations detect and protect themselves from credential abuse.
Weekly Threat Report 19th March 2021
www.ncsc.gov.uk/report/weekly-threat-report-19th-march-2021 The NCSC’s weekly threat report is drawn from recent open source reporting.
“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users
arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/ A team of advanced hackers exploited no fewer than 11 zero-day vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Also:
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects. XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism. The backdoor has functionality for recording the victim’s microphone, camera and keyboard, as well as the ability to upload and download files. The XcodeSpy infection vector could be used by other threat actors, and all Apple Developers using Xcode are advised to exercise caution when adopting shared Xcode projects.
Trust your surveillance? Why hacked cameras are very bad
www.welivesecurity.com/2021/03/19/trust-your-surveillance-why-hacked-cameras-are-very-bad/ When a breach captures a part of us that is unchangeable, does it mean that we have allowed technology to pry too deeply into our lives?
FBI: Cybercrime losses topped US$4.2 billion in 2020
www.welivesecurity.com/2021/03/18/fbi-cybercrime-losses-topped-us42billion-2020/ The Bureau received over 28, 000 reports of COVID-19-themed scams last year
Facebook outage affecting WhatsApp, Messenger and Instagram
www.bleepingcomputer.com/news/technology/facebook-outage-affecting-whatsapp-messenger-and-instagram/ When attempting to access Facebook services, users worldwide have stated that the application will display a continuous “Connecting” message. In BleepingComputer tests here in the USA and India, we confirmed the outage and are unable to connect to the messaging platforms.
Critical F5 BIG-IP vulnerability now targeted in ongoing attacks
www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-now-targeted-in-ongoing-attacks/ On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.
REvil ransomware says they hit Acer, Acer reports “abnormal situations”
www.bleepingcomputer.com/news/security/revil-ransomware-says-they-hit-acer-acer-reports-abnormal-situations/ The REvil ransomware operation claims to have stolen unencrypted data after hacking electronics and computer giant Acer.
FBI warns of BEC attacks increasingly targeting US govt orgs
www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attacks-increasingly-targeting-us-govt-orgs/ The Federal Bureau of Investigation (FBI) is warning US private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.
Russian pleads guilty to Tesla hacking and extortion attempt
www.bleepingcomputer.com/news/security/russian-pleads-guilty-to-tesla-hacking-and-extortion-attempt/ Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory.
Mysterious bug is deleting Microsoft Teams, SharePoint files
www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/ Microsoft SharePoint and Microsoft Teams users report files are missing or moved to the Recycle Bin after the recent Azure Active Directory outage this week.
CISA releases new SolarWinds malicious activity detection tool
www.bleepingcomputer.com/news/security/cisa-releases-new-solarwinds-malicious-activity-detection-tool/ The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program (CHIRP), the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems. Also:
Statement on Microsoft Exchange vulnerabilities
www.enisa.europa.eu/news/enisa-news/statement-on-microsoft-exchange-vulnerabilities The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.
Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities
www.zdnet.com/article/microsoft-defender-antivirus-now-patches-exchange-server-vulnerabilities/ Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.
poliisi.fi/-/bitcoin-kiristysviestit-jatkuvat Hämeen poliisilaitos on saanut tietoonsa jälleen kymmeniä yksityishenkilöille lähetettyjä kiristysviestejä, joissa vaaditaan vastaanottajaa maksamaan 1450 euron arvosta Bitcoineja kiristäjän lompakkoon tai muuten hänestä levitetään arkaluonteista tietoa. Myös:
Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military
www.vice.com/en/article/k7adn9/car-location-data-telematics-us-military-ulysses-group 15 billion car locations. Nearly any country on Earth. The Ulysses Group’ is pitching a powerful surveillance technology to the U.S. government.
Microsoft Releases Exchange On-premises Mitigation Tool
us-cert.cisa.gov/ncas/current-activity/2021/03/16/microsoft-releases-exchange-premises-mitigation-tool Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates.
Uhkat Ruotsia kohtaan kasvavat eivätkä nykyiset vastatoimet riitä, arvioi Ruotsin turvallisuuspoliisi Säpo
yle.fi/uutiset/3-11844771 Ruotsiin kohdistuvat uhkat ulkomailta ja väkivaltaisista ääriliikkeistä jatkavat kasvuaan, arvioi turvallisuuspoliisi Säpo.
Norjan parlamenttia vastaan tehtiin kyberhyökkäys toista kertaa noin puolen vuoden aikana
yle.fi/uutiset/3-11831255 Verkkohyökkäys suurkäräjille käytti hyväkseen Microsoft Exchangen haavoittuvuuksia, kertoo NRK.
Safeguarding critical infrastructure
medium.com/e-tech/protecting-the-healthcare-sector-from-cyber-attacks-7b1851538e27 A UN report highlights the vulnerability of the healthcare sector and suggests a cybersecurity code of conduct for nation states
FBI warns of escalating Pysa ransomware attacks on education orgs
www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/ The CP-000142-MW flash alert issued by the FBI today was coordinated with DHS-CISA and it provides indicators of compromise to help guard against the malicious actions of this ransomware gang. Also:
Highlights from the 2021 Unit 42 Ransomware Threat Report
unit42.paloaltonetworks.com/ransomware-threat-report-highlights/ Ransomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks.. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends and security best practices so we can understand and manage the threat.
Polish State Websites Hacked and Used to Spread False Info
www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info Two Polish government websites were hacked Wednesday and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack.
China-Linked Cyber-Espionage Group Mustang Panda is Targeting Telecommunications
cybersguards.com/china-linked-cyber-espionage-group-mustang-panda-is-targeting-telecommunications/ According to McAfee security researchers, the China-linked cyber-espionage organisation Mustang Panda is targeting telecommunications companies in Asia, Europe, and the United States for espionage purposes. Also:
Beware Android trojan posing as Clubhouse app
www.welivesecurity.com/2021/03/18/beware-android-trojan-posing-clubhouse-app/ The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication
NIS2 Proposal: First feedback on the normative text
cert.at/en/blog/2021/3/nis2-proposal-first-feedback-on-the-normative-text Feedback on the normative text of the NIS2 proposal.