Page 1 of 7 1234567 LastLast
Results 1 to 10 of 68
  1. #1
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    FBI Security Alerts

    Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

    An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.

    Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7 | ZDNet

    In the aftermath of the Oldsmar incident, where an unidentified attacker gained access to a water treatment plant's network and modified chemical dosages to dangerous levels, the FBI has sent out an alert on Tuesday, raising attention to three security issues that have been seen on the plant's network following last week's hack.

    The alert, called a Private Industry Notification, or FBI PIN, warns about the use of out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer, urging private companies and federal and government organizations to review internal networks and access policies accordingly.


    TEAMVIEWER CONSIDERED THE POINT OF ENTRY


    The FBI PIN specifically names TeamViewer as a desktop sharing software to watch out for after the app was confirmed as the attacker's entry point into the Oldsmar water treatment plant's network.

    In a Motherboard report published on Tuesday, several well-known security experts criticized companies and workers who often use the software for remote work, calling it insecure and inadequate for managing sensitive resources.

    While the FBI PIN alert doesn't take a critical tone or stance against TeamViewer, the FBI would like federal and private sector organizations to take note of the app.

    "Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs)," the FBI said.

    "TeamViewer's legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.

    The FBI alert doesn't specifically tell organizations to uninstall TeamViewer or any other type of desktop sharing software but warns that TeamViewer and other similar software can be abused if attackers gain access to employee account credentials or if remote access accounts (such as those used for Windows RDP access) are secured with weak passwords.

  2. #2
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    A new phishing campaign is attempting to lure victims into downloading the latest version of a malware trojan – and it has links to one of the most prolific cyber-criminal operations active in the world today.

    The Bazar trojan first emerged last year and a successful deployment of the trojan malware can provide cyber criminals with a backdoor into compromised Windows systems, allowing them to control the device and gain additional access to the network in order to collect sensitive information or deliver malware, including ransomware.

    Now cybersecurity researchers at Fortinet have identified a new variant of Bazar trojan, which has been equipped with anti-analysis techniques to make the malware harder for anti-virus software to detect.

    These include hiding the malicious APIs in the code and only calling on them when needed, additional code obfuscation, and even encrypting certain strings of the code to make it more difficult to analyse.
    The new techniques were added to Bazar towards the end of January and coincided with a phishing campaign designed to distribute the updated version of the malware.

  3. #3
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    Federal prosecutors charge three North Korean hackers accused of conspiring to steal more than $1.3 billion


    Federal prosecutors charged three North Korean hackers with conspiring to steal more than $1.3 billion from banks and companies around the world, the Justice Department announced Wednesday.

    In an indictment unsealed in California, authorities described a range of brazen operations carried out by the trio from 2014 to 2020, targeting high-profile movie studios and cryptocurrency traders with sophisticated technology that national security officials said underscored the country's status as a leading cybercrime threat.

    Members of a military intelligence agency, the three hackers are accused of carrying out the 2014 attack on Sony in retaliation for a movie that lampooned the North Korean leader, as well as a devastating hit on the central bank of Bangladesh in 2016, which netted the rogue nation some $81 million.

    They're also said to have orchestrated digital heists of cryptocurrency and intrusions of ATMs using novel strands of malware.

    "As laid out in today's indictment, North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers," said John Demers, the head of the Justice Department's National Security Division, at a news conference.

    As Western sanctions have crippled the North Korean economy, the Justice Department has warned that the country is developing some of the most advanced capabilities to steal money online, distinguishing it from other US adversaries across the globe.

    "The scope of these crimes by the North Korean hackers is staggering. They are the crimes of a nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime," said Tracy Wilkison, the acting US attorney in Los Angeles.

    Officials acknowledged Wednesday that the new charges and wanted posters distributed by the FBI online are not likely to result in the arrest of the hackers, but national security officials favor publicizing charges like these as part of a "name and shame" campaign that draws attention to the issue and serves as a warning to hackers that authorities are watching.

    The FBI and Department of Homeland Security also on Wednesday released a joint advisory and analysis of some of the malware produced and deployed by the North Koreans in their cryptocurrency heists that authorities said was designed to provide the public with information on how to avoid intrusions and remedy any infections.

    The unsealing of the indictment was timed to coincide with the announcement of a plea deal reached in a related case involving a Canadian-American citizen who allegedly laundered money for the North Korean hackers, Justice Department officials said.

    Ghaleb Alaumary was a high-level and trusted money launderer for the North Koreans who, according to a plea agreement, conspired to steal and launder tens of millions of dollars from cyber bank heists.

    Alaumary and others laundered the money through bank accounts, wire transfers and by converting it to cryptocurrency, according to Jesse Baker, special agent in charge of the Secret Service's Los Angeles field office.

    "This laundering was sophisticated and really extensive, but these methods left an information trail. We really had to collect the dots in order to connect the dots," Baker said.


  4. #4
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    COMMERCE, Mich., Feb. 22, 2021 /PRNewswire/ -- Nuspire, a leading managed security services provider (MSSP), today announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

    "The volume of sophisticated attacks seen throughout 2020 highlight the criticality of business intelligence and cybersecurity detection and response to improving organizational cyber readiness," said Craig Robinson, Program Director, Security Services at IDC. "Nuspire's latest report puts into perspective the changing nature of cyberattacks. Security leaders must be ready for unexpected situations, consistently revisiting and revamping their cybersecurity strategies."

    2020 was a chaotic year that shifted the threat landscape and changed the way many organizations manage their business operations. In addition to increasingly sophisticated and frequent attacks, Nuspire security experts observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. The report also found a consistent increase of exploitation events trough 2020 with an overall growth of 116% as attackers continued to leverage newly disclosed vulnerabilities.

    "The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business," said John Ayers, Nuspire Chief Strategy Product Officer. "As attack techniques continue to evolve and the frequency of attacks increases, it's critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats."

    During Q4 security experts uncovered a 10,000% increase in ransomware activity—the largest spike in activity Nuspire has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of a numerous SMB brute force login attempts, activity spiked over 90,000% in bursts throughout the quarter.

    Additional notable findings from Nuspire's 2020 Q4 and Year in Review Threat Landscape Report include:


    • Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.
    • Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks.
    • Botnet and Exploit activity remained fairly consistent throughout the year with the largest contenders being ZeroAccess Botnet, which made a significant appearance in May, and DoublePulsar staying at the top of the exploit activity list in 2020.
    • In Q4, attackers increased attempts to exploit new vulnerabilities as they were disclosed. This escalation was driven by the release of known vulnerability in over 49,000 Fortinet devices on the dark web and APT groups - which also targeted the SSL-VPN Vulnerability (CVE-2018-13379). Shortly after this list was release, activity attempting to exploit this vulnerability increased by 4,176%.




  5. #5
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    'Active threat' after Microsoft hack -White House

    The White House is calling it an active threat, promising a ‘whole of government response’

    CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

    Updated: Patch now, or disconnect Microsoft Exchange servers from the internet.


    This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium.

    Exchange Online is not affected by the bugs. However, Exchange Server is software used by government agencies and the enterprise alike, and so Microsoft's warning to apply provided patches immediately should not be ignored.

    In light of this, CISA's directive -- made through legal provisions for the agency to issue emergency orders to other US government bodies when serious cybersecurity threats are detected -- demands that federal agencies tackle the vulnerabilities now.


    CISA says that partner organizations have detected "active exploitation of vulnerabilities in Microsoft Exchange on-premise products."
    "Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network," the agency says.

    'Zero-day' vulnerabilities is geek speak for previously unknown.

    Hafnium mainly target US entities in infectious disease research, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs, according to Microsoft. The group also primarily operates from leased virtual private servers (VPS) in the United States, it added.
    Last edited by SalesServiceGuy; 03-08-2021 at 11:47 PM.

  6. #6
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    Microsoft’s big email hack: What happened, who did it, and why it matters


    One week ago, Microsoft disclosed that Chinese hackers were gaining access to organizations’ email accounts through vulnerabilities in its Exchange Server email software and issued security patches.


    The hack will probably stand out as one of the top cybersecurity events of the year, because Exchange is still widely used around the world. It could lead companies to spend more on security software to prevent future hacks, and to move to cloud-based email instead of running their own email servers in-house.


    IT departments are working on applying the patches, but that takes time and the vulnerability is still widespread. On Monday, internet security company Netcraft said it had run an analysis over the weekend and observed over 99,000 servers online running unpatched Outlook Web Access software.


    Do the flaws affect cloud services like Office 365?


    No. The four vulnerabilities Microsoft disclosed do not affect Exchange Online, Microsoft’s cloud-based email and calendar service that’s included in commercial Office 365 and Microsoft 365 subscription bundles.


    What are the attackers targeting?


    The group has aimed to gain information from defense contractors, schools and other entities in the U.S., Burt wrote. Victims include U.S. retailers, according to security company FireEye, and the city of Lake Worth Beach, Fla., according to the Palm Beach Post. The European Banking Authority said it had been hit.




    Does this have anything do with SolarWinds?


    No, the attacks on Exchange Server do not seem to not related to the SolarWinds threat, to which former Secretary of State Mike Pompeo said Russia was probably connected. Still, the disclosure comes less than three months after U.S. government agencies and companies said they had found malicious content in updates to Orion software from information-technology company SolarWinds in their networks.


    What’s Microsoft doing?


    Microsoft is encouraging customers to install the security patches it delivered last week. It has also released information to help customers figure out if their networks had been hit.


    “Because we are aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately to protect against these attacks,” Microsoft said in a blog post.


    On Monday the company made it easier for companies to treat their infrastructure by releasing security patches for versions of Exchange Server that did not have the most recent available software updates. Until that point, Microsoft had said customers would have to apply the most recent updates before installing the security patches, which delayed the process of dealing with the hack.


    “We are working closely with the CISA [the Cybersecurity and Infrastructure Security Agency], other government agencies, and security companies to ensure we are providing the best possible guidance and mitigation for our customers,” a Microsoft spokesperson told CNBC in an email on Monday. “The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”


    What are the implications?


    The cyberattacks could end up being beneficial for Microsoft. Besides making Exchange Server, it sells security software that clients might be inclined to start using.


    “We believe this attack, like SolarWinds, will keep cybersecurity urgency high and likely bolster broad-based security spending in 2021, including with Microsoft, and speed the migration to cloud,” KeyBanc analysts led by Michael Turits, who have the equivalent of a buy rating on Microsoft stock, wrote in a note distributed to clients on Monday.


    But many Microsoft customers have already switched to cloud-based email, and some companies rely on Google’s cloud-based Gmail, which is not affected by the Exchange Server flaws. As a result, the impact of the hacks could have been worse if they had come five or 10 years ago, and there won’t necessarily be a race to the cloud as a result of Hafnium.


    “I meet a lot of organizations, big and small, and it’s more the exception than the rule when somebody’s all on prem,” said Ryan Noon, CEO of e-mail security start-up Material Security.

  7. #7
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.

    The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation.

    Washington is preparing its first major moves in retaliation against foreign intrusions over the next three weeks, the New York Times reported, citing unidentified officials. It plans a series of clandestine actions across Russian networks -- intended to send a message to Vladimir Putin and his intelligence services -- combined with economic sanctions. President Joe Biden could issue an executive order to shore up federal agencies against Russian hacking, the newspaper reported.


    Initially, the Chinese hackers appeared to be targeting high value intelligence targets in the U.S., Adair said. About a week ago, everything changed. Other unidentified hacking groups began hitting thousands of victims over a short period, inserting hidden software that could give them access later, he said.

    “They went to town and started doing mass exploitation -- indiscriminate attacks compromising exchange servers, literally around the world, with no regard to purpose or size or industry,” Adair said. “They were hitting any and every server that they could.”

    The attacks were so successful -- and so rapid -- that the hackers appear to have found a way to automate the process.

    Microsoft said customers that use its cloud-based email system are not affected.

    The use of automation to launch very sophisticated attacks may mark a new, frightening era in cybersecurity, one that could overwhelm the limited resources of defenders

  8. #8
    Service Manager 2,500+ Posts tsbservice's Avatar
    Join Date
    May 2007
    Posts
    4,036
    Rep Power
    184

    Re: FBI Security Alerts

    O c'mon we really don't need this kind of crap here in tech forums! This fits straight into Rants raves etc.
    A tree is known by its fruit, a man by his deeds. A good deed is never lost, he who sows courtesy, reaps friendship, and he who plants kindness gathers love.

    Blessed are they who can laugh at themselves, for they shall never cease to be amused.

  9. #9
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    4,531
    Rep Power
    136

    Re: FBI Security Alerts

    Large Florida school district hit by ransomware attack, hackers demanded $40M

    The district initially had 'no intention' of paying the ransom, but after two weeks, offered to pay $500G


    The computer system of one of the nation’s largest school districts was hacked by a criminal gang that encrypted district data and demanded $40 million in ransom or it would erase the files and post students’ and employees’ personal information online.

    Broward County Public Schools said in a statement Thursday that there is no indication that any personal information has been stolen and that it made no extortion payment to the ransomware gang, which as an apparent pressure tactic last week posted screenshots of its online negotiations with the district to its site on the dark web.

    The FBI usually investigates such attacks, but said Thursday it would not confirm if it was investigating this one.

    An epidemic of ransomware attacks has been plaguing government agencies, businesses and individuals for the past three years. Most are Russian-speaking gangs based in Eastern Europe and enjoy safe harbor from tolerant governments. The more sophisticated groups identify their targets in advance, infect networks through phishing or other means and often steal data as they plant malware that encrypts a victim’s network.

  10. #10
    Service Manager 1,000+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    1,985
    Rep Power
    68

    Re: FBI Security Alerts

    The most galling thing about ransomware isn't that someone developed it, but that people, organisations, and businesses STILL haven't seen the value in some kind of data backup. Backup software is generally cheap, reliable (if tested), and highly flexible.

    Paying the ransom is worthless since it reinforces the behaviour, often doesn't get you your data back, doesn't protect you from being re-infected, and still leaves the risk of additional malware on your network left behind as an additional payload.

    Protecting data always seems expensive until you absolutely need it, and then it's too late.

    Sent from my BlackBerry using Tapatalk

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here