Daily NCSC-FI news followup 2021-08-26

Microsoft Breaks Silence on Barrage of ProxyShell Attacks

threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging them to update immediately. “Our recommendation, as always, is to install the latest CU and SU on all your Exchange servers to ensure that you are protected against the latest threats, ” the company said. “Please update now!”

FBI shares technical details for Hive ransomware

www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/ The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Hive ransomware relies on a diverse set of tactics, techniques, Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effortand procedures, which makes it difficult for organizations to defend against its attacks, the FBI says.

New variant of PRISM Backdoor WaterDrop’ targets Linux systems

www.hackread.com/prism-backdoor-varian-waterdrop-hits-linux/ Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor PRISM, which threat actors use extensively in different campaigns. Reportedly, the malware has been on their radar for more than 3.5 years. The oldest samples date back to November 8th, 2017. It concerns researchers that the executables aren’t detected by VirusTotal that usually detects malicious URLs and files easily.

Biden gets Google, Apple, others to join “whole-of-nation” cybersecurity effort

www.zdnet.com/article/tech-giants-make-cybersecurity-commitments-after-white-house-meeting/#ftag=RSSbaffb68 Following a cybersecurity meeting at the White House on Wednesday, President Biden secured promises from major tech companies to spend significant sums improving the nation’s cyber resiliency. Microsoft and Google, for instance, each committed billions to specific cybersecurity investments. The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers. n a statement, the White House said a “whole-of-nation effort” is needed to address cybersecurity threats.

US government and private sector agree to invest time, money in cybersecurity

blog.malwarebytes.com/awareness/2021/08/us-government-and-private-sector-agree-to-invest-time-money-in-cybersecurity/ In the wake of several high-profile ransomware attacks against critical infrastructure and major organizations in the last few months, President Biden met with private sector and education leaders to discuss a whole-of-nation effort needed to address cybersecurity threats and bolster the nation’s cybersecurity. Several participants in President Biden’s meetings have recently announced commitments and initiatives. The key iniatives are protection from supply chain attacks, the industrial control systems cybersecurity initiative and security training.

Updates on our continued collaboration with NIST to secure the Software Supply Chain

security.googleblog.com/2021/08/updates-on-our-continued-collaboration.html Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity agenda. This included our commitment to invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.

Synology: Multiple products impacted by OpenSSL RCE vulnerability

www.bleepingcomputer.com/news/security/synology-multiple-products-impacted-by-openssl-rce-vulnerability/ Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. The complete list of devices affected by the security flaws tracked as CVE-2021-3711 and CVE-2021-3712 includes DSM 7.0, DSM 6.2, DSM UC, SkyNAS, VS960HD, SRM 1.2, VPN Plus Server, and VPN Server.

Atlassian warns of critical Confluence flaw

www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/ Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. The company’s not saying a lot about CVE-2021-26084, besides describing it as a “Confluence Server Webwork OGNL injection vulnerability that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”. Atlassian has released fixed versions of the product namely versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0 but the company’s advisory suggests upgrading to the latest long-term service release.

You might be interested in …

[NCSC-FI News] New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel

In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In addition to the traditional backdoor functions, B1txor20 also has functions such as opening Socket5 proxy and remotely downloading and installing Rootkit. Source: Read More (NCSC-FI daily news followup)

Read More

Daily NCSC-FI news followup 2019-12-14

New Orleans city government under cyberattack; workers told to turn off, unplug computers www.nola.com/news/politics/article_0039909a-1dd3-11ea-919e-938ea62f03b5.html Workers in New Orleans City Hall were told a cyberattack has struck the city government, multiple sources said on Friday. The exact extent of the attack is unknown. The attack was announced over the loudspeaker system in City Hall and workers […]

Read More

Daily NCSC-FI news followup 2020-07-21

Demokraatit pyysivät FBI:ltä apua: Yhdysvaltain kongressi on informaatiovaikuttamisen ja vaalihäirinnän kohteena yle.fi/uutiset/3-11457623 Demokraattien mukaan häirinnällä vaikutetaan lainsäätäjien toimiin ja Yhdysvaltojen syksyn presidentinvaaleihin. Yhdysvaltain kongressi on ulkomailta suuntautuvan informaatiovaikuttamisen kohteena, demokraattisen puolueen johto kertoi maanantaina julkaisemassaan kirjeessä. Raportti: Venäjä sekaantui Skotlannin itsenäisyysäänestykseen, Britannian hallitus ei selvittänyt kunnolla mahdollista brexit-häirintää yle.fi/uutiset/3-11458323 Raportin mukaan brexit-äänestyksen häirinnästä löytyi viitteitä […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.