Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ An investigation into recent attacks by a Conti affiliate reveals that that the attackers initially accessed targeted organizations networks with ProxyShell, an exploit of vulnerabilities in Microsoft Exchange that have been the subject of multiple critical updates over the past several months. The attacker otherwise closely followed the game plan laid out in a recently leaked set of . documentation attributed to Contis operators.
Watch what you send on anonymous SMS websites
blog.malwarebytes.com/privacy-2/2021/09/watch-what-you-send-on-anonymous-sms-websites/ [Anonymous SMS services] are websites which offer SMS services sending messages to you, as opposed to someone else. How does this play out?. … Each temporary mobile number has its own page on the site you obtain it from. All of the messages sent to that number will be people wanting a code, or a pass, or a login, or a confirmation.. Those messages, for all of those people, display publicly on the numbers page.
TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic
therecord.media/trickbot-gang-member-arrested-after-getting-stuck-in-south-korea-due-to-covid-19-pandemic/ […] Mr. A was charged for working with the TrickBot gang and developing a web browser-related component for the group after answering a job ad in 2016 the same way Witte was recruited.. Trickbot lead members said in private conversations to each other that they were looking for candidates who did the recruitment test without asking too many questions.. If they ask additional questions, this person is not suitable, one message read.
Russia responsible for cyber attacks on German parliament -German foreign ministry
www.reuters.com/world/europe/russia-responsible-cyber-attacks-german-parliament-german-foreign-ministry-2021-09-06/ “The German government has reliable information according to which ghost writer activities can be attributed to cyber protagonists of the Russian state or Russia’s GRU military intelligence (service),” said the spokesperson.
FudCo Spam Empire Tied to Pakistani Software Firm
krebsonsecurity.com/2021/09/fudco-spam-empire-tied-to-pakistani-software-firm/ In May 2015, KrebsOnSecurity briefly profiled The Manipulaters, the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities . behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.
Jenkins project discloses security breach following Confluence server hack
therecord.media/jenkins-project-discloses-security-breach-following-confluence-server-hack/ The developers of the Jenkins server, one of the most widely used open-source automation systems, said they suffered a security breach after hackers gained access to one of their internal servers and deployed a cryptocurrency miner.
Suomalainen pörssiyhtiö kertoi tietomurrosta
www.tivi.fi/uutiset/tv/c1cd5d25-7c7b-4382-90d8-37e0270d07ed Suomalainen kiinteistöyhtiö Adapteo tiedotti sunnuntai-iltana joutuneensa tietomurron kohteeksi. Tiedotteen mukaan kolmannen osapuolen tietomurto iski yhtiön järjestelmiin perjantaina 3. syyskuuta. Isku vaikuttaa yhtiön palvelimiin ja liiketoiminnan ydinsovelluksiin. Tietomurron laajuus ei ole vielä selvillä.
Salesforce Email Service Used for Phishing Campaign
www.esecurityplanet.com/threats/salesforce-email-service-used-for-phishing-campaign/ Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you, Slavoutsky and Golderman wrote. Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually . purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records.