Google’s top security teams unilaterally shut down a counterterrorism operation
www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/ Google’s Project Zero and Threat Analysis Group teams found the hacking group exploiting 11 zero-day vulnerabilities in just nine months, a high number of exploits over a short period. Software that was attacked included the Safari browser on iPhones but also many Google products, including the Chrome browser on Android phones and Windows computers. MIT Technology Review has learned that the hackers in question were actually Western government operatives actively conducting a counterterrorism operation. Google’s notes –
googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft
www.reuters.com/article/us-usa-biden-cyber-exclusive-idUSKBN2BH37I A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.
FBI exposes weakness in Mamba ransomware, DiskCryptor
www.bleepingcomputer.com/news/security/fbi-exposes-weakness-in-mamba-ransomware-diskcryptor/ Mamba ransomware (a.k.a. HDDCryptor) relies on an open-source software solution named DiskCryptor to encrypt victim computers in the background with a key defined by the attacker. The agency further notes that the encryption key and the shutdown time variable are stored in DiskCryptor’s configuration, a plaintext file named myConf.txt. Because there is no protection around the encryption key, as it is saved in plaintext, the FBI says that this two-hour gap is an opportunity for organizations hit by Mamba ransomware to recover it.
Webshells Observed in Post-Compromised Exchange Servers
us-cert.cisa.gov/ncas/current-activity/2021/03/25/webshells-observed-post-compromised-exchange-servers CISA has added two new Malware Analysis Reports (MARs) identifying webshells observed in post-compromised Microsoft Exchange Servers.