Daily NCSC-FI news followup 2021-10-17

Do Not Exchange! It has a Shell Inside

www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside Threat Researchers recently discovered several new Microsoft Exchange vulnerabilities in ProxyShell that allow attackers to gain remote-code execution capabilities. While these vulnerabilities were disclosed to Microsoft and mostly patched prior to the technical details of the vulnerabilities becoming public, many Exchange servers were left unpatched and have since been compromised.

Windows 10, iOS 15, Ubuntu, Chrome fall at China’s Tianfu hacking contest

therecord.media/windows-10-ios-15-ubuntu-chrome-fall-at-chinas-tianfu-hacking-contest/ Chinese security researchers took home $1.88 million after hacking some of the world’s most popular software at the Tianfu Cup, the country’s largest and most prestigious hacking competition. The contest, which took place over the weekend of October 16 and 17 in the city of Chengdu, was won by researchers from Chinese security firm Kunlun Lab, who took home $654, 500, a third of the total purse.

Welcome to Britain, the bank scam capital of the world

www.reuters.com/world/uk/welcome-britain-bank-scam-capital-world-2021-10-14/ A British record of 754 million pounds ($1 billion)was stolen in the first six months of this year, up 30% from the same period in 2020, according to data from banking industry body UK Finance, and up more than 60% from 2017, when it began compiling the figures.

Brazilian insurance giant Porto Seguro hit by cyberattack

www.zdnet.com/article/brazilian-insurance-giant-porto-seguro-hit-by-cyberattack/#ftag=RSSbaffb68 One of Brazil’s largest insurance groups, Porto Seguro has reported it suffered a cyberattack that resulted in instability to its service channels and some of its systems.

Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes

unit42.paloaltonetworks.com/exploits-interactsh/ Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers but also by attackers to validate vulnerabilities via real-time monitoring on the trace path for the domain.

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

www.mandiant.com/resources/defining-cobalt-strike-components Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of threat actors from ransomware operators to espionage-focused Advanced Persistent Threats (APTs).

Virus Bulletin: Old malware never dies it just gets more targeted

www.welivesecurity.com/2021/10/15/virus-bulletin-old-malware-never-dies-gets-more-targeted/ Virus Bulletin this year brought a fresh batch of amped-up, refreshed malware with lots more horsepower and devilish amounts of custom-tailored targeting. From singled-out political activist individual targets to regionalized targets, malware’s aim is getting better

Twitter suspends two accounts used by DPRK hackers to catfish security researchers

therecord.media/twitter-suspends-two-accounts-used-by-dprk-hackers-to-catfish-security-researchers/ Twitter has suspended today two accounts operated by North Korean government hackers and used as part of a clever plot to attract security researchers to malicious sites and infect their systems with malware.

Talvi­renkaista oli tulla iso lasku: Tori.fi:n myyjiä huijataan uudella tavalla

www.is.fi/digitoday/tietoturva/art-2000008332890.html Suomalaisten paljon käyttämä verkon kauppapaikka Tori.fi on myös rikollisten suosiossa. Vanhastaan tunnettu vitsaus ostajien petkuttamisesta on saanut rinnalleen huijauksia, joissa kohteena ovat nimenomaan myyjät.

You might be interested in …

Daily NCSC-FI news followup 2019-09-08

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708) blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/

Read More

Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to […]

Read More

Daily NCSC-FI news followup 2019-11-03

BlueKeep attacks are happening, but it’s not a worm www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/ Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last […]

Read More