Daily NCSC-FI news followup 2021-04-02

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. The attackers are enumerating servers unpatched against CVE-2020-12812 and CVE-2019-5591, and scanning for CVE-2018-13379 vulnerable devices on ports 4443, 8443, and 10443.

Android “System Update” malware steals photos, videos, GPS location

blog.malwarebytes.com/cybercrime/mobile/2021/04/android-system-update-malware-steals-photos-videos-gps-location/ A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type appsit can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location databut the infrastructure behind the malware obscures its developer’s primary motivations.

Browser lockers: extortion disguised as a fine

securelist.com/browser-lockers-extortion-disguised-as-a-fine/101735/ Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details.

Ransomware gang wanted $40 million in Florida schools cyberattack

www.bleepingcomputer.com/news/security/ransomware-gang-wanted-40-million-in-florida-schools-cyberattack/ Last month, Florida’s Broward County Public Schools had to shut down their IT systems after suffering what was reported as a cyberattack. Screenshots revealed that the threat actors initially demanded a $40, 000, 000 ransom from the district, which left the BCPS representative shocked that the threat actors thought they could afford that much money. The $40 million ransom in the Broward County Public Schools cyber attack is the second-most largest demand seen to date.

Asteelflash electronics maker hit by REvil ransomware attack

www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/ Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. This page shows that the REvil ransomware group, also known as Sodin and Sodinokibi, was initially demanding a $12 million ransom, but as the time limit expired, the ransom doubled to $24 million.

HS: Kahdelle pitkät vankilatuomiot pimeässä verkossa tehdyistä huumekaupoista

www.tivi.fi/uutiset/tv/80d4f2e8-d98f-492e-a001-634fc31209ec Kaksi miestä on tuomittu vuosiksi vankilaan huumekaupoista, joita pyöritettiin Tor-verkossa, uutisoi Helsingin Sanomat.

If you can’t log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage

www.theregister.com/2021/04/01/microsoft_azure_dns_outage/ Starting at approximately 21:30 UTC on 01 Apr 2021, customers may experience intermittent issues accessing Microsoft services, including Azure, Dynamics, and Xbox Live. Microsoft rerouted traffic to our resilient DNS capabilities and are seeing improvement in service availability. We are continuing to investigate the cause of the DNS issue.

Privet, you have just been hacked

vsquare.org/privet-you-have-just-been-hacked/ For months now, someone has been hacking into the email and social media accounts used by Polish ministers, MPs, journalists and soldiers. The evidence, as VSquare has established, is leading to a hacker group known as “Ghostwriters”.

Zero click vulnerability in Apple’s macOS Mail

mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c An attacker can modify victim’s Mail configuration including mail redirects which enables takeover of victim’s other accounts via password resets. This vulnerability can be used to change the victim’s configuration so that victims will be propagating the attack to their correspondents in a worm-like fashion. Apple has patched this vulnerability in 202007.

You might be interested in …

Daily NCSC-FI news followup 2019-07-22

Fuzz rising www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security […]

Read More

Daily NCSC-FI news followup 2020-11-29

Hacker Lexicon: What Is the Signal Encryption Protocol? www.wired.com/story/signal-encryption-protocol-hacker-lexicon/ LAST WEEK, WITH little fanfare, Google announced a change that could soon make its 2 billion Android users worldwide far harder to surveil: The tech giant says it’s rolling out a beta version of its Android messaging app that will now use end-to-end encryption by default. […]

Read More

Daily NCSC-FI news followup 2020-09-22

How to fight delayed phishing www.kaspersky.com/blog/delayed-phishing-countermeasures/37153/ Phishing links in e-mails to company employees often become active after initial scanning. But they still can and must be caught. Phishing has long been a major attack vector on corporate networks. Its no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.