Daily NCSC-FI news followup 2021-09-06

Conti affiliates use ProxyShell Exchange exploit in ransomware attacks

news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ An investigation into recent attacks by a Conti affiliate reveals that that the attackers initially accessed targeted organizations networks with ProxyShell, an exploit of vulnerabilities in Microsoft Exchange that have been the subject of multiple critical updates over the past several months. The attacker otherwise closely followed the game plan laid out in a recently leaked set of . documentation attributed to Contis operators.

Watch what you send on anonymous SMS websites

blog.malwarebytes.com/privacy-2/2021/09/watch-what-you-send-on-anonymous-sms-websites/ [Anonymous SMS services] are websites which offer SMS services sending messages to you, as opposed to someone else. How does this play out?. … Each temporary mobile number has its own page on the site you obtain it from. All of the messages sent to that number will be people wanting a code, or a pass, or a login, or a confirmation.. Those messages, for all of those people, display publicly on the numbers page.

TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic

therecord.media/trickbot-gang-member-arrested-after-getting-stuck-in-south-korea-due-to-covid-19-pandemic/ […] Mr. A was charged for working with the TrickBot gang and developing a web browser-related component for the group after answering a job ad in 2016 the same way Witte was recruited.. Trickbot lead members said in private conversations to each other that they were looking for candidates who did the recruitment test without asking too many questions.. If they ask additional questions, this person is not suitable, one message read.

Russia responsible for cyber attacks on German parliament -German foreign ministry

www.reuters.com/world/europe/russia-responsible-cyber-attacks-german-parliament-german-foreign-ministry-2021-09-06/ “The German government has reliable information according to which ghost writer activities can be attributed to cyber protagonists of the Russian state or Russia’s GRU military intelligence (service),” said the spokesperson.

FudCo Spam Empire Tied to Pakistani Software Firm

krebsonsecurity.com/2021/09/fudco-spam-empire-tied-to-pakistani-software-firm/ In May 2015, KrebsOnSecurity briefly profiled The Manipulaters, the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities . behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.

Jenkins project discloses security breach following Confluence server hack

therecord.media/jenkins-project-discloses-security-breach-following-confluence-server-hack/ The developers of the Jenkins server, one of the most widely used open-source automation systems, said they suffered a security breach after hackers gained access to one of their internal servers and deployed a cryptocurrency miner.

Suomalainen pörssiyhtiö kertoi tietomurrosta

www.tivi.fi/uutiset/tv/c1cd5d25-7c7b-4382-90d8-37e0270d07ed Suomalainen kiinteistöyhtiö Adapteo tiedotti sunnuntai-iltana joutuneensa tietomurron kohteeksi. Tiedotteen mukaan kolmannen osapuolen tietomurto iski yhtiön järjestelmiin perjantaina 3. syyskuuta. Isku vaikuttaa yhtiön palvelimiin ja liiketoiminnan ydinsovelluksiin. Tietomurron laajuus ei ole vielä selvillä.

Salesforce Email Service Used for Phishing Campaign

www.esecurityplanet.com/threats/salesforce-email-service-used-for-phishing-campaign/ Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you, Slavoutsky and Golderman wrote. Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually . purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records.

You might be interested in …

[NCSC-FI News] General Motors credential stuffing attack exposes car owners info

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards […]

Read More

[NCSC-FI News] Microsoft: May Windows updates cause AD authentication failures

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday This comes after Windows admins started sharing reports of some policies failing after installing this month’s security updates with “Authentication failed due to a user credentials mismatch. Either the user name provided […]

Read More

Daily NCSC-FI news followup 2019-12-27

Yli puolet haittaohjelmista muhii kodin älylaitteissa – kaksi asiaa, joilla tukit helpoimmat vuotopaikat yle.fi/uutiset/3-11127237?origin=rss Kotirauhaasi häiritsevät uhat ovat varsin yksinkertaisia haittaohjelmia. Kun perusasiat ovat kunnossa, saadaan tietoturva paljon paremmaksi. Muista nämä: salasana ja laitteen päivitykset.. Nämä kaksi kriteeriä ovat myös tietoturvamerkin ehtoja laitevalmistajille – tietoturvamerkki.fi/ Kunnilla heikkoja salasanoja ja huteria palomuureja – Lahti maksoi kyberhyökkäyksen […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.