Krebs: No, I Did Not Hack Your MS Exchange Server
krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks such as those we’ve seen targeting Exchange servers. In an unrelated case a reader found that a cryptominer had been dropped, pointing to XXX-XX-XXX[.]krebsonsecurity[.]top — where the Xs of the subdomain make up [Brian Krebs’] Social Security number.
A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts
www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/ The hackers used the data stolen in the attack to contact customers and urge them to make the company pay. Emails sent to the store’s customers look a bit like a breach notification. – the note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.
CompuCom MSP expects over $20M in losses after ransomware attack
www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/ The MSP’s workforce of over 8, 000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s. The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers). “In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”
Online vaccine scams: Homeland Security Investigations, INTERPOL issue public warning
www.ice.gov/news/releases/online-vaccine-scams-homeland-security-investigations-interpol-issue-public-warning Homeland Security Investigations (HSI)and INTERPOL have joined forces to warn the public against purchasing alleged COVID-19 vaccines and treatments online.
New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html
InfoSec Handlers Diary Blog – Office macro execution evidence
isc.sans.edu/diary.html?n&storyid=27244 Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.