Daily NCSC-FI news followup 2021-04-02

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/ The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. The attackers are enumerating servers unpatched against CVE-2020-12812 and CVE-2019-5591, and scanning for CVE-2018-13379 vulnerable devices on ports 4443, 8443, and 10443.

Android “System Update” malware steals photos, videos, GPS location

blog.malwarebytes.com/cybercrime/mobile/2021/04/android-system-update-malware-steals-photos-videos-gps-location/ A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type appsit can swipe images and video, rifle through online searches, record phone calls and video, and peer into GPS location databut the infrastructure behind the malware obscures its developer’s primary motivations.

Browser lockers: extortion disguised as a fine

securelist.com/browser-lockers-extortion-disguised-as-a-fine/101735/ Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details.

Ransomware gang wanted $40 million in Florida schools cyberattack

www.bleepingcomputer.com/news/security/ransomware-gang-wanted-40-million-in-florida-schools-cyberattack/ Last month, Florida’s Broward County Public Schools had to shut down their IT systems after suffering what was reported as a cyberattack. Screenshots revealed that the threat actors initially demanded a $40, 000, 000 ransom from the district, which left the BCPS representative shocked that the threat actors thought they could afford that much money. The $40 million ransom in the Broward County Public Schools cyber attack is the second-most largest demand seen to date.

Asteelflash electronics maker hit by REvil ransomware attack

www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/ Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. This page shows that the REvil ransomware group, also known as Sodin and Sodinokibi, was initially demanding a $12 million ransom, but as the time limit expired, the ransom doubled to $24 million.

HS: Kahdelle pitkät vankilatuomiot pimeässä verkossa tehdyistä huumekaupoista

www.tivi.fi/uutiset/tv/80d4f2e8-d98f-492e-a001-634fc31209ec Kaksi miestä on tuomittu vuosiksi vankilaan huumekaupoista, joita pyöritettiin Tor-verkossa, uutisoi Helsingin Sanomat.

If you can’t log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage

www.theregister.com/2021/04/01/microsoft_azure_dns_outage/ Starting at approximately 21:30 UTC on 01 Apr 2021, customers may experience intermittent issues accessing Microsoft services, including Azure, Dynamics, and Xbox Live. Microsoft rerouted traffic to our resilient DNS capabilities and are seeing improvement in service availability. We are continuing to investigate the cause of the DNS issue.

Privet, you have just been hacked

vsquare.org/privet-you-have-just-been-hacked/ For months now, someone has been hacking into the email and social media accounts used by Polish ministers, MPs, journalists and soldiers. The evidence, as VSquare has established, is leading to a hacker group known as “Ghostwriters”.

Zero click vulnerability in Apple’s macOS Mail

mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c An attacker can modify victim’s Mail configuration including mail redirects which enables takeover of victim’s other accounts via password resets. This vulnerability can be used to change the victim’s configuration so that victims will be propagating the attack to their correspondents in a worm-like fashion. Apple has patched this vulnerability in 202007.

You might be interested in …

Daily NCSC-FI news followup 2021-04-17

Major BGP leak disrupts thousands of networks globally www.bleepingcomputer.com/news/security/major-bgp-leak-disrupts-thousands-of-networks-globally/ A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone’s autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources. […]

Read More

Daily NCSC-FI news followup 2019-07-02

Cloudflare Worldwide Outage Caused by Bad Software Deployment www.bleepingcomputer.com/news/technology/cloudflare-worldwide-outage-caused-by-bad-software-deployment/ Cloudfare experienced a worldwide outage today for about 30 minutes, with network performance issues that brought down a multitude of websites and web services all around the world, and triggered “502 Bad Gateway” errors.. see also www.cloudflarestatus.com/incidents/tx4pgxs6zxdr Kiristyshuijauksia liikkeellä runsaasti älä usko huijarien väitteitä www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshuijauksia-liikkeella-runsaasti-ala-usko-huijarien-vaitteita Huijarit […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.