Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server

krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks such as those we’ve seen targeting Exchange servers. In an unrelated case a reader found that a cryptominer had been dropped, pointing to XXX-XX-XXX[.]krebsonsecurity[.]top — where the Xs of the subdomain make up [Brian Krebs’] Social Security number.

A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/ The hackers used the data stolen in the attack to contact customers and urge them to make the company pay. Emails sent to the store’s customers look a bit like a breach notification. – the note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.

CompuCom MSP expects over $20M in losses after ransomware attack

www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/ The MSP’s workforce of over 8, 000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s. The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers). “In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

Online vaccine scams: Homeland Security Investigations, INTERPOL issue public warning

www.ice.gov/news/releases/online-vaccine-scams-homeland-security-investigations-interpol-issue-public-warning Homeland Security Investigations (HSI)and INTERPOL have joined forces to warn the public against purchasing alleged COVID-19 vaccines and treatments online.

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

InfoSec Handlers Diary Blog – Office macro execution evidence

isc.sans.edu/diary.html?n&storyid=27244 Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.

You might be interested in …

Daily NCSC-FI news followup 2020-08-17

Hackers Stole 1 Terabyte Of Data From Billion-Dollar U.S. Liquor Maker www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/ The REvil ransomware gang has struck again. This time the victim is Brown-Forman, the 150-year-old Kentucky-based company behind such brands as Jack Daniels, Finlandia vodka and Korbel champagne.. see also www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/ Tea at the Ritz soured by credit card scammers www.bbc.co.uk/news/technology-53793922 Diners at […]

Read More

Daily NCSC-FI news followup 2019-08-28

Avast and French police take over malware botnet and disinfect 850,000 computers decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ Cybercrime: Ransomware attacks have more than doubled this year www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/ TrickBot Modifications Target U.S. Mobile Users www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users TrickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims voice and text communications. WootCloud Discovers ARES […]

Read More

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.