Daily NCSC-FI news followup 2021-04-02

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. The attackers are enumerating servers unpatched against CVE-2020-12812 and CVE-2019-5591, and scanning for CVE-2018-13379 vulnerable devices on ports 4443, 8443, and 10443.

Android “System Update” malware steals photos, videos, GPS location

blog.malwarebytes.com/cybercrime/mobile/2021/04/android-system-update-malware-steals-photos-videos-gps-location/ A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type appsit can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location databut the infrastructure behind the malware obscures its developer’s primary motivations.

Browser lockers: extortion disguised as a fine

securelist.com/browser-lockers-extortion-disguised-as-a-fine/101735/ Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details.

Ransomware gang wanted $40 million in Florida schools cyberattack

www.bleepingcomputer.com/news/security/ransomware-gang-wanted-40-million-in-florida-schools-cyberattack/ Last month, Florida’s Broward County Public Schools had to shut down their IT systems after suffering what was reported as a cyberattack. Screenshots revealed that the threat actors initially demanded a $40, 000, 000 ransom from the district, which left the BCPS representative shocked that the threat actors thought they could afford that much money. The $40 million ransom in the Broward County Public Schools cyber attack is the second-most largest demand seen to date.

Asteelflash electronics maker hit by REvil ransomware attack

www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/ Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. This page shows that the REvil ransomware group, also known as Sodin and Sodinokibi, was initially demanding a $12 million ransom, but as the time limit expired, the ransom doubled to $24 million.

HS: Kahdelle pitkät vankilatuomiot pimeässä verkossa tehdyistä huumekaupoista

www.tivi.fi/uutiset/tv/80d4f2e8-d98f-492e-a001-634fc31209ec Kaksi miestä on tuomittu vuosiksi vankilaan huumekaupoista, joita pyöritettiin Tor-verkossa, uutisoi Helsingin Sanomat.

If you can’t log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage

www.theregister.com/2021/04/01/microsoft_azure_dns_outage/ Starting at approximately 21:30 UTC on 01 Apr 2021, customers may experience intermittent issues accessing Microsoft services, including Azure, Dynamics, and Xbox Live. Microsoft rerouted traffic to our resilient DNS capabilities and are seeing improvement in service availability. We are continuing to investigate the cause of the DNS issue.

Privet, you have just been hacked

vsquare.org/privet-you-have-just-been-hacked/ For months now, someone has been hacking into the email and social media accounts used by Polish ministers, MPs, journalists and soldiers. The evidence, as VSquare has established, is leading to a hacker group known as “Ghostwriters”.

Zero click vulnerability in Apple’s macOS Mail

mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c An attacker can modify victim’s Mail configuration including mail redirects which enables takeover of victim’s other accounts via password resets. This vulnerability can be used to change the victim’s configuration so that victims will be propagating the attack to their correspondents in a worm-like fashion. Apple has patched this vulnerability in 202007.

You might be interested in …

Daily NCSC-FI news followup 2020-01-15

Hainan Xiandun Technology Company is APT40 intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40/ You knew where this was heading. Facebook to notify users of third-party app logins www.zdnet.com/article/facebook-to-notify-users-of-third-party-app-logins/ Facebook launched a new feature this week that will notify users whenever they (or somebody else) logs into a third-party app or website using their Facebook account. Have an iPhone? Use it to […]

Read More

Daily NCSC-FI news followup 2021-02-15

Sandworm intrusion set campaign targeting Centreon systems www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-005/ ANSSI has been informed of an intrusion campaign targeting the monitoring software Centreon distributed by the French company CENTREON which resulted in the breach of several French entities.. see full report www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf Microsoft: SolarWinds attack took more than 1,000 engineers to create www.zdnet.com/article/microsoft-solarwinds-attack-took-more-than-1000-engineers-to-create/ The months-long hacking campaign […]

Read More

Daily NCSC-FI news followup 2020-08-04

Google and Amazon overtake Apple as most imitated brands for phishing in Q2 2020 blog.checkpoint.com/2020/08/04/google-and-amazon-overtake-apple-as-most-imitated-brands-for-phishing-in-q2-2020/ When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: Because thats where the money is. The same logic applies to the question, Why are there so many phishing attacks? […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.