News Summary About Latest Cybersecurity Stories, March 15

0 Likes
6 months ago

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

https://securityaffairs.co/wordpress/115359/apt/chinese-hackers-microsoft-exchange.html 

Chinese hackers hit thousands of organizations using Microsoft Exchange--Security Affairs

At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies. The attacks started in January, but the attackers’ activity intensified in

securityaffairs.co

 

---

Researchers warn of a surge in cyber attacks against Microsoft Exchange

https://securityaffairs.co/wordpress/115532/hacking/microsoft-exchange-servers-hacks.html 

Researchers warn of a surge in cyber attacks against Microsoft Exchange--Security Affairs

Researchers at Check Point Research team reported that threat actors are actively exploiting the recently disclosed ProxyLogon zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft released emergency out-of-band security updates that ...

securityaffairs.co

 

---

Expert publishes PoC exploit code for Microsoft Exchange flaws

https://securityaffairs.co/wordpress/115513/hacking/microsoft-exchange-exploit-code.html 

Expert publishes PoC exploit code for Microsoft Exchange flaws--Security Affairs

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited ...

securityaffairs.co

 

---

Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

https://securityaffairs.co/wordpress/115503/cyber-warfare-2/norway-parliament-hack.html 

Hackers stole data from Norway parliament exploiting ProxyLogon flaws--Security Affairs

Norway ‘s parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting the recently disclosed vulnerabilities in Microsoft Exchange, collectively tracked as ProxyLogon. On March 2nd, Microsoft has released ...

securityaffairs.co

 

---

 

Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA

https://securityaffairs.co/wordpress/115396/data-breach/eba-microsoft-exchange-hacked.html 

Hackers compromised the Microsoft Exchange servers at EBA--Security Affairs

The European Banking Authority announced that it was the victim of a cyber attack against its email system that exploited recently disclosed zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft has released emergency out-of-band security updates that

securityaffairs.co

 

---

Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs

https://therecord.media/microsoft-exchange-servers-targeted-by-dearcry-ransomware-abusing-proxylogon-bugs/ 

Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs | The Record by Recorded Future

A threat actor is currently exploiting the ProxyLogon vulnerabilities to install ransomware on unpatched Microsoft Exchange email servers and encrypt their content, Microsoft confirmed today. The attacks have been taking place since at least Tuesday, March 9, and were discovered after victim organizations uploaded copies of the ransom note on ID-Ransomware, a web-based tool for identifying ...

therecord.media

 

---

Hackers breach thousands of security cameras, exposing Tesla, jails, hospitals

https://www.bnnbloomberg.ca/hackers-break-into-thousands-of-security-cameras-exposing-tesla-jails-hospitals-1.1574681 

Hackers breach thousands of security cameras, exposing Tesla, jails, hospitals - BNN Bloomberg

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies whose footage was exposed ...

www.bnnbloomberg.ca

 

---

Malspam campaign uses icon files to delivers NanoCore RAT

https://securityaffairs.co/wordpress/115520/malware/nanocore-rat-malspam-icon-files.html 

Malspam campaign uses icon files to delivers NanoCore RAT--Security Affairs

Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan. The emails use a .zipx file attachment, a .zipx file is a […]

securityaffairs.co

 

---

RedXOR, a new powerful Linux backdoor in Winnti APT arsenal

https://securityaffairs.co/wordpress/115491/apt/redxor-backdoor-winnti-apt.html 

RedXOR, a new powerful Linux backdoor in Winnti APT arsenal--Security Affairs

Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. […]

securityaffairs.co

 

---

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

https://securityaffairs.co/wordpress/115403/hacking/unityminer-qnap-nas-devices.html 

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign--Security Affairs

Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507) Threat actors are exploiting two ...

securityaffairs.co

 

---

The launch of Williams new FW43B car ruined by hackers

https://securityaffairs.co/wordpress/115377/hacking/williams-fw43b-launch-hackers.html 

The launch of Williams new FW43B car ruined by hackers--Security Affairs

The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch by hacking an “augmented reality” app that was designed to show the new […]

securityaffairs.co

 

---

[PDF] How Six Advanced Persistent Threat-Connected Chinese Universities are Advancing AI Research

https://cset.georgetown.edu/wp-content/uploads/CSET-Academics-AI-and-APTs.pdf 

CSET - Academics, AI, and APTs

March 2021 Academics, AI, and APTs How Six Advanced Persistent Threat-Connected Chinese Universities are Advancing AI Research CSET Issue Brief

cset.georgetown.edu

 

---

Examining Exchange Exploitation and its Lessons for Defenders

https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders 

Examining Exchange Exploitation and its Lessons for Defenders

Background. On 02 March 2021, Microsoft released out-of-band updates for Microsoft Exchange to cover four actively-exploited vulnerabilities:. CVE-2021-26855: a pre-authentication Server-Side Request Forgery (SSRF) vulnerability enabling access to a vulnerable Exchange server. This specific vulnerability, identified by researchers at DEVCORE, is also referred to as ProxyLogon.

www.domaintools.com

 

---

Europol 'unlocks' encrypted Sky ECC chat service to make arrests

https://www.bleepingcomputer.com/news/security/europol-unlocks-encrypted-sky-ecc-chat-service-to-make-arrests/ 

Europol 'unlocks' encrypted Sky ECC chat service to make arrests

European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat.

www.bleepingcomputer.com

 

---

Microsoft shares detection, mitigation advice for Azure LoLBins

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/ 

Microsoft shares detection, mitigation advice for Azure LoLBins

Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. On Windows systems, LoLBins ...

www.bleepingcomputer.com

 

---

OVH data centers suffered a fire, many popular sites are offline

https://securityaffairs.co/wordpress/115457/breaking-news/ovh-data-centers-fire.html 

OVH data centers suffered a fire, many popular sites are offline--Security Affairs

OVH, one of the largest hosting providers in the world, has suffered a terrible fire that destroyed its data centers located in Strasbourg. The news was also confirmed by OVH founder Octave Klaba via Twitter, he also provided […]

securityaffairs.co

 

---

OVH data center fire likely caused by faulty UPS power supply

https://www.bleepingcomputer.com/news/security/ovh-data-center-fire-likely-caused-by-faulty-ups-power-supply/ 

OVH data center fire likely caused by faulty UPS power supply

www.bleepingcomputer.com

 

---

Systems outage at Molson Coors following 'cybersecurity incident'

https://www.tmj4.com/news/local-news/systems-outage-at-molson-coors-following-cybersecurity-incident 

Systems outage at Molson Coors following 'cybersecurity incident'

www.tmj4.com

 

---

Data Breach Affects More Than 2 Million Frequent Flyers Across Airline Alliances

https://skift.com/2021/03/05/data-breach-affects-more-than-2-million-frequent-flyers-across-airline-alliances/ 

Data Breach Affects More Than 2 Million Frequent Flyers Across Airline Alliances Data Breach Affects More Than 2 Million Frequent Flyers Across Airline Alliances – Skift

It’s easy to feel jaded about data breaches given how often they happen. But it will raise eyebrows that hackers obtained data on loyalty flyers of Cathay Pacific, Finnair, Japan Airlines ...

skift.com

 

---

Another French hospital hit by a ransomware attack

https://securityaffairs.co/wordpress/115434/cyber-crime/french-hospital-ransomware-attack.html 

Another French hospital hit by a ransomware attack--Security Affairs

A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The incident took place on Monday, the ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin. The […]

securityaffairs.co

 

---

Ryuk ransomware hits 700 Spanish government labor agency offices

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/ 

Ryuk ransomware hits 700 Spanish government labor agency offices

www.bleepingcomputer.com

 

---

GitHub security update: A bug related to handling of authenticated sessions

https://github.blog/2021-03-08-github-security-update-a-bug-related-to-handling-of-authenticated-sessions/ 

GitHub security update: A bug related to handling of authenticated sessions - The GitHub Blog

Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution to protect users from an extremely rare, but potentially serious, security vulnerability affecting a very small number of GitHub.com sessions.

github.blog

 

---

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ

https://securityaffairs.co/wordpress/115481/security/f5-flaws-big-ip-big-iq.html 

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ--Security Affairs

Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as “critical” severity.

 

BIG-IP product family includes hardware, modularized software, and virtual appliances that run the F5 TMOS operating system and provides load balancing, firewall, access control, threat protection capabilities. The vendor has released security ...

securityaffairs.co

 

---

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

https://securityaffairs.co/wordpress/115423/hacking/apple-cve-2021-1844-rce.html 

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari--Security Affairs

Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by Clément Lecigne of […]

securityaffairs.co

 

---

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ 

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches – NCC Group Research

Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution.

research.nccgroup.com

 

---

Idaho man charged with hacking into the computers of the City of Newnan and metro-Atlanta medical clinics

https://www.justice.gov/usao-ndga/pr/idaho-man-charged-hacking-computers-city-newnan-and-metro-atlanta-medical-clinics 

Idaho man charged with hacking into the computers of the City of Newnan and metro-Atlanta medical clinics

Robert Purbeck, of Meridian, Idaho, made his initial appearance before a U.S. Magistrate Judge in Boise, Idaho. Purbeck was indicted in the Northern District of Georgia on March 2, 2021 for computer fraud and abuse, access device fraud, and wire fraud.

www.justice.gov

 

---

Two Ukrainian Nationals Extradited to U.S. on Money Laundering Charges

https://www.justice.gov/opa/pr/two-ukrainian-nationals-extradited-us-money-laundering-charges

Two Ukrainian Nationals Extradited to U.S. on Money Laundering Charges | OPA | Department of Justice

Two members of an international organized network that provided cash-out and money laundering services to cyber actors were extradited from the Czech Republic to Dallas.

www.justice.gov

 

 

 

Labels:

Industry News
Comment List
Anonymous
Related Discussions
Recommended