Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server

krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks such as those we’ve seen targeting Exchange servers. In an unrelated case a reader found that a cryptominer had been dropped, pointing to XXX-XX-XXX[.]krebsonsecurity[.]top — where the Xs of the subdomain make up [Brian Krebs’] Social Security number.

A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/ The hackers used the data stolen in the attack to contact customers and urge them to make the company pay. Emails sent to the store’s customers look a bit like a breach notification. – the note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.

CompuCom MSP expects over $20M in losses after ransomware attack

www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/ The MSP’s workforce of over 8, 000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s. The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers). “In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

Online vaccine scams: Homeland Security Investigations, INTERPOL issue public warning

www.ice.gov/news/releases/online-vaccine-scams-homeland-security-investigations-interpol-issue-public-warning Homeland Security Investigations (HSI)and INTERPOL have joined forces to warn the public against purchasing alleged COVID-19 vaccines and treatments online.

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

InfoSec Handlers Diary Blog – Office macro execution evidence

isc.sans.edu/diary.html?n&storyid=27244 Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.

You might be interested in …

Daily NCSC-FI news followup 2020-07-12

TrickBot malware mistakenly warns victims that they are infected www.bleepingcomputer.com/news/security/trickbot-malware-mistakenly-warns-victims-that-they-are-infected/ The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. Testissä 6 salasanojen hallintasovellusta – näillä helpotat elämää tuntuvasti www.tivi.fi/uutiset/tv/b5c602b4-8ed5-46d9-aa32-8bc76ce4298a Satojen eri käyttäjätunnusten ja salasanojen yhdistelmiä on lähes mahdoton muistaa. Miksi edes pitäisi […]

Read More

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Read More

Daily NCSC-FI news followup 2021-04-10

FBI arrests man for plan to kill 70% of Internet in AWS bomb attack www.bleepingcomputer.com/news/security/fbi-arrests-man-for-plan-to-kill-70-percent-of-internet-in-aws-bomb-attack/ The FBI arrested a Texas man on Thursday for allegedly planning to “kill of about 70% of the internet” in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. No password […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.