Comments on: Cyber security news September 2020

By: Tomi Engdahl

Tomi Engdahl — Thu, 01 Oct 2020 06:17:21 +0000

Over 247K Exchange servers unpatched for actively exploited flaw
https://www.bleepingcomputer.com/news/security/over-247k-exchange-servers-unpatched-for-actively-exploited-flaw/
More than 247, 000 Microsoft Exchange servers are yet to be patched
against the CVE-2020-0688 post-auth remote code execution (RCE)
vulnerability impacting all Exchange Server versions under support.
“There are two important efforts that Exchange Administrators and
infosec teams need to undertake: verifying deployment of the update
and checking for signs of compromise, “

By: Tomi Engdahl

Tomi Engdahl — Thu, 01 Oct 2020 06:16:44 +0000

FYI: If you’re running HP Device Manager, anyone on your network can
get admin on your server via backdoor
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
Hidden database account discovered, patches finally available as well
as mitigations

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 11:35:43 +0000

Nämä tunkeutujat jaksavat pötköttää vaikka vuoden järjestelmissä – ja sitten alkaa tapahtua
Markku Pervilä30.9.2020 13:00|päivitetty30.9.2020 13:19
TietoturvaKyberHakkeritVakoilu
Palmerwormin nimellä tunnetut valtiojohtoiset vakoojaryhmät viettävät pitkiä hiljaiselon aikoja organisaatioiden järjestelmissä ennen lopullista iskua.
https://www.tivi.fi/uutiset/tv/94515d92-6a35-4402-878a-43812f53a47d

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 08:40:47 +0000

What Caused The Massive Microsoft Teams, Office 365 Outage Yesterday? Here’s What We Know
https://www.forbes.com/sites/daveywinder/2020/09/29/what-caused-the-massive-microsoft-teams-office-365-outage-yesterday-heres-what-we-know/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269

Cloud-based Microsoft applications, including Microsoft Teams, went down across a swathe of the U.S. yesterday.

Users of Microsoft Office 365, Outlook, Exchange, Sharepoint, OneDrive and Azure also reported they were unable to login. Instead, they were presented with a “transient error” message informing them there was a problem signing them in.

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 07:07:00 +0000

Bleeping Computer: Swiss watchmaker Swatch shuts down IT systems to stop cyberattack >
https://www.bleepingcomputer.com/news/security/swiss-watchmaker-swatch-shuts-down-it-systems-to-stop-cyberattack/

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 06:22:29 +0000

China-Linked ‘BlackTech’ Hackers Start Targeting U.S.
https://www.securityweek.com/china-linked-blacktech-hackers-start-targeting-us

The China-linked BlackTech cyber-spies have adopted new malicious tools in recent attacks, and they have started targeting the United States, Symantec security researchers revealed on Tuesday.

Also referred to as Palmerworm, the hacking group is believed to have been active since at least 2013. The campaign analyzed by Symantec ran from August 2019 until as recently as August 2020, and it targeted organizations in construction, electronics, engineering, media, and finance in Japan, Taiwan, the U.S., and China. The threat actor was previously known to target East Asia.

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 05:52:39 +0000

Suspicious logins reported after ransomware attack on US govt
contractor
https://www.zdnet.com/article/suspicious-logins-rats-reported-after-ransomware-attack-on-us-govt-contractor/
Ransomware attack on Tyler Technologies is looking worse by the day.
Customers of Tyler Technologies, one of the biggest software providers
for the US state and federal government, are reporting finding
suspicious logins and previously unseen remote access tools (RATs) on
their networks and servers.

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 05:51:30 +0000

Logistics giant CMA CGM goes offline to block malware attack
https://www.bleepingcomputer.com/news/security/logistics-giant-cma-cgm-goes-offline-to-block-malware-attack/
CMA CGM S.A., a French maritime transport and logistics giant, today
disclosed a malware attack affecting some servers on the edge of its
network. The attack forced CMA CGM’s IT teams to cut Internet access
to some applications to block the malware from spreading to other
network devices.

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 05:50:59 +0000

REvil ransomware deposits $1 million in hacker recruitment drive
https://www.bleepingcomputer.com/news/security/revil-ransomware-deposits-1-million-in-hacker-recruitment-drive/
The REvil Ransomware (Sodinokibi) operation has deposited $1 million
in bitcoins on a Russian-speaking hacker forum to prove to potential
affiliates that they mean business. also:
https://nakedsecurity.sophos.com/2020/09/28/revil-ransomware-crew-dangles-1000000-cybercrime-carrot/

By: Tomi Engdahl

Tomi Engdahl — Wed, 30 Sep 2020 05:50:44 +0000

UK, US hospital computers are down, early unofficial diagnosis is a
suspected outbreak of Ryuk ransomware
https://www.theregister.com/2020/09/28/united_health_services_ransomware/
We’ve switched to back-up offline procedures, says Universal Health
Services. Universal Health Services, which operates over 400 hospitals
and healthcare facilities in the US, Puerto Rico, and the UK, said on
Monday that its IT network was offline due to an unspecified
cybersecurity issue.