Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server

krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks such as those we’ve seen targeting Exchange servers. In an unrelated case a reader found that a cryptominer had been dropped, pointing to XXX-XX-XXX[.]krebsonsecurity[.]top — where the Xs of the subdomain make up [Brian Krebs’] Social Security number.

A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/ The hackers used the data stolen in the attack to contact customers and urge them to make the company pay. Emails sent to the store’s customers look a bit like a breach notification. – the note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.

CompuCom MSP expects over $20M in losses after ransomware attack

www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/ The MSP’s workforce of over 8, 000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s. The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers). “In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

Online vaccine scams: Homeland Security Investigations, INTERPOL issue public warning

www.ice.gov/news/releases/online-vaccine-scams-homeland-security-investigations-interpol-issue-public-warning Homeland Security Investigations (HSI)and INTERPOL have joined forces to warn the public against purchasing alleged COVID-19 vaccines and treatments online.

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

InfoSec Handlers Diary Blog – Office macro execution evidence

isc.sans.edu/diary.html?n&storyid=27244 Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.

You might be interested in …

[NCSC-FI News] When Nokia Pulled Out of Russia, a Vast Surveillance System Remained

Nokia said this month that it would stop its sales in Russia and denounced the invasion of Ukraine. But the Finnish company didn’t mention what it was leaving behind: equipment and software connecting the government’s most powerful tool for digital surveillance to the nation’s largest telecommunications network. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Spanish PM, defense minister latest Pegasus spyware victims

Spain’s prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities. Source: Read More (NCSC-FI daily news followup)

Read More

[NCSC-FI News] Chinese APT Hackers Targeting Betting Companies in Southeast Asia

A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong Lisäksi: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/ Source: Read More (NCSC-FI daily news followup)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.