FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
FBI and CISA warn of state hackers attacking Fortinet FortiOS servers
www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. The attackers are enumerating servers unpatched against CVE-2020-12812 and CVE-2019-5591, and scanning for CVE-2018-13379 vulnerable devices on ports 4443, 8443, and 10443.
Android “System Update” malware steals photos, videos, GPS location
blog.malwarebytes.com/cybercrime/mobile/2021/04/android-system-update-malware-steals-photos-videos-gps-location/ A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type appsit can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location databut the infrastructure behind the malware obscures its developer’s primary motivations.
Browser lockers: extortion disguised as a fine
securelist.com/browser-lockers-extortion-disguised-as-a-fine/101735/ Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details.
Ransomware gang wanted $40 million in Florida schools cyberattack
www.bleepingcomputer.com/news/security/ransomware-gang-wanted-40-million-in-florida-schools-cyberattack/ Last month, Florida’s Broward County Public Schools had to shut down their IT systems after suffering what was reported as a cyberattack. Screenshots revealed that the threat actors initially demanded a $40, 000, 000 ransom from the district, which left the BCPS representative shocked that the threat actors thought they could afford that much money. The $40 million ransom in the Broward County Public Schools cyber attack is the second-most largest demand seen to date.
Asteelflash electronics maker hit by REvil ransomware attack
www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/ Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. This page shows that the REvil ransomware group, also known as Sodin and Sodinokibi, was initially demanding a $12 million ransom, but as the time limit expired, the ransom doubled to $24 million.
HS: Kahdelle pitkät vankilatuomiot pimeässä verkossa tehdyistä huumekaupoista
www.tivi.fi/uutiset/tv/80d4f2e8-d98f-492e-a001-634fc31209ec Kaksi miestä on tuomittu vuosiksi vankilaan huumekaupoista, joita pyöritettiin Tor-verkossa, uutisoi Helsingin Sanomat.
If you can’t log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage
www.theregister.com/2021/04/01/microsoft_azure_dns_outage/ Starting at approximately 21:30 UTC on 01 Apr 2021, customers may experience intermittent issues accessing Microsoft services, including Azure, Dynamics, and Xbox Live. Microsoft rerouted traffic to our resilient DNS capabilities and are seeing improvement in service availability. We are continuing to investigate the cause of the DNS issue.
Privet, you have just been hacked
vsquare.org/privet-you-have-just-been-hacked/ For months now, someone has been hacking into the email and social media accounts used by Polish ministers, MPs, journalists and soldiers. The evidence, as VSquare has established, is leading to a hacker group known as “Ghostwriters”.
Zero click vulnerability in Apple’s macOS Mail
mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c An attacker can modify victim’s Mail configuration including mail redirects which enables takeover of victim’s other accounts via password resets. This vulnerability can be used to change the victim’s configuration so that victims will be propagating the attack to their correspondents in a worm-like fashion. Apple has patched this vulnerability in 202007.