OSN MARCH 4, 2021

by | Mar 4, 2021 | Open Source News

Title: DHS Orders Agencies to Urgently Patch or Disconnect Exchange Servers
Date Published: March 4, 2021

https://www.bleepingcomputer.com/news/security/dhs-orders-agencies-to-urgently-patch-or-disconnect-exchange-servers/

Excerpt: “CISA “strongly” recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers. “If no indications of compromise have been found, agencies must immediately apply Microsoft patches for Microsoft Exchange servers and proceed to Action 5,” CISA added. Agencies that identify indications of compromise should “immediately disconnect Microsoft Exchange on-premises servers” and “await guidance before rebuilding from trusted sources utilizing the latest version of the product available”.”

Title: Ransomware as a Service Is the New Big Problem for Business
Date Published: March 4, 2021

https://www.zdnet.com/article/ransomware-as-a-service-is-the-new-big-problem-for-business/#ftag=RSSbaffb68

Excerpt: “”Affiliate programs make this kind of attack more attractive for cybercriminals. The tremendous popularity of such attacks made almost every company, regardless of their size and industry, a potential victim,” Oleg Skulkin, a senior digital forensics analyst at Group-IB, told ZDNet. “Companies had to provide their employees with the capability to work remotely and we saw an increase in the number of publicly accessible RDP servers. Of course, nobody thought about security and many of such servers became the points of initial access for many ransomware operators,” said Skulkin.”

Title: Microsoft: We’re Cracking Down on Excel Macro Malware
Date Published: March 4,  2021

https://www.zdnet.com/article/microsoft-were-cracking-down-on-malware-that-uses-excel-macros/

Excerpt: “AMSI allows applications to integrate with any antivirus on a Windows machine to enable the antivirus to detect and block a range of malicious scripts in Office documents. Microsoft notes its Defender anti-malware is using this integration to detect and block XML-based malware and is encouraging other anti-malware providers to adopt it, too.”

Title: Treasury and Commerce Department Hacked Through 3rd Party
Date Published: March 4, 2021

https://medium.com/@ScottRuralHealth/treasury-and-commerce-department-hacked-through-3rd-party-3c56c91f3d4e

Excerpt: “According to an article in the Washington Post, the hackers known as APT29 or CozyBear were part of a months-long planning effort that finally found its way to several government agencies. It’s important to note that all of the organizations were breached through the update server of a network management system made by SolarWinds. Products by SolarWinds are used by more than 300,000 customers including all five branches of the U.S. military and numerous other government agencies.”

Title: COVID-19 Website Warning: Rise in Vaccine-Related Domain Registrations Means Increased Risk of Scams
Date Published: March 3, 2021

https://blog.checkpoint.com/2021/03/04/rise-in-vaccine-related-domain-registrations/

Excerpt: “Although the main domain (infection-alerts[.]com) was created in April 2020, CPR believes its sub-domains were created recently. Browsing to this malicious website was first spotted in late January 2021, and a few weeks before, there was another similar subdomain used by hackers – covid19\.vaccine\.infection-alerts\.com, which is now inactive. CPR expects the vaccine related scams to continue in the near-term future, and we advise people everywhere to watch out for and learn how to protect themselves against phishing and domain spoofing attacks.”

Title: Maza Russian Cybercriminal Forum Suffers Data Breach
Date Published: March 4,  2021

https://www.zdnet.com/article/maza-russian-cybercriminal-forum-suffers-data-breach/

Excerpt: “On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more.”

Title: 21 Million Free Vpn Users’ Data Exposed
Date Published: March 3,  2021

https://blog.malwarebytes.com/cybercrime/privacy/2021/03/21-million-free-vpn-users-data-exposed/

Excerpt: “The attacks, which have not been confirmed by the VPN developers, represent the most recent privacy broadsides against the VPN industry. Two similar blunders have been revealed to the public since 2019, including one massive data leak that exposed several VPN apps’ empty promises to collect “no logs” of their users’ activity. In that data leak, not only did the VPN providers fail to live up to their words, but they also hoovered up additional data, including users’ email addresses, clear text passwords, IP addresses, home addresses, phone models, and device IDs.”

Title: Another Chrome Zero-Day Exploit – So Get That Update Done!
Date Published: March 4, 2021

https://nakedsecurity.sophos.com/2021/03/04/another-chrome-zero-day-exploit-so-get-that-update-done/

Excerpt: “Two of the eight High Severity bugs in this set of patches were apparently found in the same part of Chrome, denoted in Google’s list merely as: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research. The first bug is numbered CVE-2021-21165, reported on 2021-02-04, a month ago; the second was dubbed CVE-2021-21166, reported a week after that on 2021-02-11. An object lifecycle issue is a jargon way of referring to what probably amounts to some kind of memory mismanagement.”

Title: Compucom MSP Confirms Ongoing Outage Following Malware Incident
Date Published: March 3, 2021

https://www.bleepingcomputer.com/news/security/compucom-msp-confirms-ongoing-outage-following-malware-incident/

Excerpt: “US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP’s network to prevent the spread of malware. CompuCom is an IT managed services provider (MSP) that provides remote support, hardware and software repair, and other technology services to companies. CompuCom is a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max) and employs approximately 8,000 people.”

Title: Grub2 Boot Loader Maintainers Fixed Hundreds of Flaws
Date Published: March 4, 2021

https://securityaffairs.co/wordpress/115258/hacking/grub2-boot-loader-flaws.html

Excerpt: “GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium disclosed a buffer overflow vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, which can be exploited by attackers to install persistent and stealthy malware.”