Daily NCSC-FI news followup 2021-03-27

Google’s top security teams unilaterally shut down a counterterrorism operation

www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ Google’s Project Zero and Threat Analysis Group teams found the hacking group exploiting 11 zero-day vulnerabilities in just nine months, a high number of exploits over a short period. Software that was attacked included the Safari browser on iPhones but also many Google products, including the Chrome browser on Android phones and Windows computers. MIT Technology Review has learned that the hackers in question were actually Western government operatives actively conducting a counterterrorism operation. Google’s notes –

googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html

Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft

www.reuters.com/article/us-usa-biden-cyber-exclusive-idUSKBN2BH37I A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.

FBI exposes weakness in Mamba ransomware, DiskCryptor

www.bleepingcomputer.com/news/security/fbi-exposes-weakness-in-mamba-ransomware-diskcryptor/ Mamba ransomware (a.k.a. HDDCryptor) relies on an open-source software solution named DiskCryptor to encrypt victim computers in the background with a key defined by the attacker. The agency further notes that the encryption key and the shutdown time variable are stored in DiskCryptor’s configuration, a plaintext file named myConf.txt. Because there is no protection around the encryption key, as it is saved in plaintext, the FBI says that this two-hour gap is an opportunity for organizations hit by Mamba ransomware to recover it.

Webshells Observed in Post-Compromised Exchange Servers

us-cert.cisa.gov/ncas/current-activity/2021/03/25/webshells-observed-post-compromised-exchange-servers CISA has added two new Malware Analysis Reports (MARs) identifying webshells observed in post-compromised Microsoft Exchange Servers.

You might be interested in …

Daily NCSC-FI news followup 2020-04-18

German government loses tens of millions of euros in COVID-19 phishing attack www.zdnet.com/article/german-government-loses-tens-of-millions-of-euros-in-covid-19-phishing-attack/ The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding. The funds were lost following a classic phishing […]

Read More

Daily NCSC-FI news followup 2020-06-10

Ransomware attacks spike by 140%, 57% of organizations agree to pay atlasvpn.com/blog/ransomware-attacks-spike-by-140-57-of-organizations-agree-to-pay Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 […]

Read More

Daily NCSC-FI news followup 2021-01-16

BugTraq Shutdown www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also: www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years/ Massive stolen credit card shop Joker’s Stash shuts down www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.