Daily NCSC-FI news followup 2021-09-06

Conti affiliates use ProxyShell Exchange exploit in ransomware attacks

news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ An investigation into recent attacks by a Conti affiliate reveals that that the attackers initially accessed targeted organizations networks with ProxyShell, an exploit of vulnerabilities in Microsoft Exchange that have been the subject of multiple critical updates over the past several months. The attacker otherwise closely followed the game plan laid out in a recently leaked set of . documentation attributed to Contis operators.

Watch what you send on anonymous SMS websites

blog.malwarebytes.com/privacy-2/2021/09/watch-what-you-send-on-anonymous-sms-websites/ [Anonymous SMS services] are websites which offer SMS services sending messages to you, as opposed to someone else. How does this play out?. … Each temporary mobile number has its own page on the site you obtain it from. All of the messages sent to that number will be people wanting a code, or a pass, or a login, or a confirmation.. Those messages, for all of those people, display publicly on the numbers page.

TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic

therecord.media/trickbot-gang-member-arrested-after-getting-stuck-in-south-korea-due-to-covid-19-pandemic/ […] Mr. A was charged for working with the TrickBot gang and developing a web browser-related component for the group after answering a job ad in 2016 the same way Witte was recruited.. Trickbot lead members said in private conversations to each other that they were looking for candidates who did the recruitment test without asking too many questions.. If they ask additional questions, this person is not suitable, one message read.

Russia responsible for cyber attacks on German parliament -German foreign ministry

www.reuters.com/world/europe/russia-responsible-cyber-attacks-german-parliament-german-foreign-ministry-2021-09-06/ “The German government has reliable information according to which ghost writer activities can be attributed to cyber protagonists of the Russian state or Russia’s GRU military intelligence (service),” said the spokesperson.

FudCo Spam Empire Tied to Pakistani Software Firm

krebsonsecurity.com/2021/09/fudco-spam-empire-tied-to-pakistani-software-firm/ In May 2015, KrebsOnSecurity briefly profiled The Manipulaters, the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities . behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.

Jenkins project discloses security breach following Confluence server hack

therecord.media/jenkins-project-discloses-security-breach-following-confluence-server-hack/ The developers of the Jenkins server, one of the most widely used open-source automation systems, said they suffered a security breach after hackers gained access to one of their internal servers and deployed a cryptocurrency miner.

Suomalainen pörssiyhtiö kertoi tietomurrosta

www.tivi.fi/uutiset/tv/c1cd5d25-7c7b-4382-90d8-37e0270d07ed Suomalainen kiinteistöyhtiö Adapteo tiedotti sunnuntai-iltana joutuneensa tietomurron kohteeksi. Tiedotteen mukaan kolmannen osapuolen tietomurto iski yhtiön järjestelmiin perjantaina 3. syyskuuta. Isku vaikuttaa yhtiön palvelimiin ja liiketoiminnan ydinsovelluksiin. Tietomurron laajuus ei ole vielä selvillä.

Salesforce Email Service Used for Phishing Campaign

www.esecurityplanet.com/threats/salesforce-email-service-used-for-phishing-campaign/ Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you, Slavoutsky and Golderman wrote. Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually . purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records.

You might be interested in …

Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has […]

Read More

Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, […]

Read More

Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also: www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/, www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack Microsoft details the most clever phishing techniques it saw in 2019 www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.