Daily NCSC-FI news followup 2021-03-28

Krebs: No, I Did Not Hack Your MS Exchange Server

krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ The Shadowserver Foundation says it has found 21, 248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top. The malware runs Windows Defender, which is a security product Microsoft ships with Windows devices that can help block attacks such as those we’ve seen targeting Exchange servers. In an unrelated case a reader found that a cryptominer had been dropped, pointing to XXX-XX-XXX[.]krebsonsecurity[.]top — where the Xs of the subdomain make up [Brian Krebs’] Social Security number.

A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts

www.forbes.com/sites/leemathews/2021/03/28/a-ransomware-gang-is-asking-victims-customers-to-aid-in-extortion-efforts/ The hackers used the data stolen in the attack to contact customers and urge them to make the company pay. Emails sent to the store’s customers look a bit like a breach notification. – the note mentions that the recipient’s personal data was stolen and that it will soon be leaked on a Dark Web site. “Call or write this store and ask to protect your privacy!” the note urges.

CompuCom MSP expects over $20M in losses after ransomware attack

www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/ The MSP’s workforce of over 8, 000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s. The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers). “In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

Online vaccine scams: Homeland Security Investigations, INTERPOL issue public warning

www.ice.gov/news/releases/online-vaccine-scams-homeland-security-investigations-interpol-issue-public-warning Homeland Security Investigations (HSI)and INTERPOL have joined forces to warn the public against purchasing alleged COVID-19 vaccines and treatments online.

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

InfoSec Handlers Diary Blog – Office macro execution evidence

isc.sans.edu/diary.html?n&storyid=27244 Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.

You might be interested in …

Daily NCSC-FI news followup 2021-04-27

EU selvittää väärinkäytön mahdollisuutta koronasovellusten käyttämässä rajapinnassa – Koronavilkun käyttö edelleen turvallista thl.fi/fi/-/eu-selvittaa-vaarinkayton-mahdollisuutta-koronasovellusten-kayttamassa-rajapinnassa-koronavilkun-kaytto-edelleen-turvallista- EU selvittää mahdollista tietoturva-aukkoa Android-puhelinten koronasovelluksissa, jotka hyödyntävät Googlen valmistamaa rajapintaa ja Google Play -palveluita. Toistaiseksi ei ole tullut ilmi, että rajapintaa olisi käytetty vääriin tarkoituksiin. Myös Suomessa käytössä oleva Koronavilkku-sovellus käyttää kyseistä rajapintaa. “Koronavilkkua voi edelleen käyttää turvallisesti. Tietoomme ei ole […]

Read More

Daily NCSC-FI news followup 2020-07-23

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen [maksumuurin takana] www.tivi.fi/uutiset/tv/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä […]

Read More

Daily NCSC-FI news followup 2020-10-15

Introducing a new phishing technique for compromising Office 365 accounts o365blog.com/post/phishing/ Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/ U.S. Bookstore giant Barnes & Noble has disclosed that they […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.