a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
Posted in Cyber Security

A Brief Weekly Review of Top Stories that Dominated the Cyberworld

Latest Blogs

a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

By AMSAT April 30,2021

A Brief Weekly Review of Top Stories that Dominated the Cyberworld

The world of cybersecurity saw a slew of significant events in the past week. New research indicated that the coronavirus pandemic and work from home (WFH) requirements are prompting a spike in cyberattacks against banks and insurance companies. But the headline of the week was healthcare service provider UnitingCare Queensland being hit by a cyberattack.

 

Here’s a brief roundup of the major developments of the past week.

Coronavirus, WFH cause rise in cyberattacks against banks, insurers

As per new research, Covid-19 and work from home (WFH) requirements are causing a major surge in cyberattacks against financial institutions.


A COVID Crime Index 2021 report observed how the remote working model is affecting the banking and insurance industries.

 

As the pandemic continues to have an extensive impact, the swift transition to WFH models is being loosened in some neighborhoods, but many organizations are choosing to either continue letting staff work remotely or are adopting hybrid working practices.

 

But security has proven to be a challenge as well. According to the research, 74% of banks and insurers have experienced an increase in cyberattacks since the beginning of the pandemic, with “criminal activity” spotted by financial entities has mounted by close to a third (29%).

UnitingCare Queensland struck by cyberattack

Earlier this week, a cyber-attack hit healthcare service provider UnitingCare Queensland (UCQ), rendering some of its digital and technology systems inaccessible.


UCQ operates aged care facilities and numerous hospitals including St Andrew’s War Memorial Hospital.
Chinese firms covertly own almost a third of top VPNs, while other owners are based in countries with weak or no privacy laws, possibly putting users at risk, security experts have warned.

 

Local media reports suggest that the incident was allegedly triggered by ransomware which had affected email and operations booking systems, causing staff to turn to paper-based procedures.

Apple fixed macOS Gatekeeper bypass flaw exploited in the wild

Technology giant Apple issued a wide range of security fixes resolving issues including an actively exploited zero-day flaw and a separate Gatekeeper bypass vulnerability.


One of the most prominent fixes is for a flaw found by Cedric Owens. Tracked as CVE-2021–30657, the flaw let hackers circumvent Gatekeeper, Apple’s built-in protection mechanism for code signing and confirmation.

 
In a blog post, Owens mentioned how cybercriminals could easily create a macOS payload that is not checked by Gatekeeper.

TAGS

  • Cyber Crime
  • Security Updates

Recent Blogs

Share this article

Ready to Get Started?

Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

    By submitting the form, you agree to the Terms of Use and Privacy Policy

    a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
    Posted in Cyber Security

    A Brief Weekly Review of Top Stories that Dominated the Cyberworld

    Latest Blogs

    a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

    By AMSAT April 21,2021

    A Brief Weekly Review of Top Stories that Dominated the Cyberworld

    The week saw a number of incidents that shook the world of cybersecurity. From dozens of organizations targeted in attacks aimed at Covid vaccine cold chain to Reddit launching a public bounty program, many events caught the attention of security experts around the globe.

    Here’s a brief review of what took place in the past week.

    44 Companies Targeted in Attacks Focused on Covid-19 Vaccine Cold Chain

    As many as 40 organizations were targeted in a global drive aimed at the Covid-19 vaccine cold chain infrastructure, which deals with the distribution of vaccines and their storage at the required temperatures.


    As per IBM Security X-Force, the number of affected organizations is higher compared to the preceding evaluation.


    Operating in Europe, North America, South America, Africa, and Asia, the targeted organizations are involved in the transportation, warehousing, storage, and distribution of Covid-19 vaccines.

    Reddit Launched Public Bug Bounty Program

    Reddit announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne.


    After a three-year private bug bounty program on the hunting platform, the program was going public with an expanded scope.


    Reddit said that the purpose of the program is to keep users’ accounts, identities, and private data secure, including chats, messages, email addresses, voting records, and subreddit subscriptions.

    US Expelled Russian Envoys, Imposed Sanctions for Hacking

    The Biden administration expelled 10 Russian diplomats and imposing sanctions against scores of companies and people, holding Russia responsible for meddling in last year’s presidential election and the cyber hacking of federal agencies.


    The sweeping measures were aimed at punishing Russia for actions that US officials say cut to the core of American democracy and to prevent future acts by imposing financial costs on Moscow, including by targeting its capacity to borrow money.

    TAGS

    • Cyber Crime
    • Security Updates

    Recent Blogs

    Share this article

    Ready to Get Started?

    Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

      By submitting the form, you agree to the Terms of Use and Privacy Policy

      5-things-to-consider-when-hiring-a-managed-security-services-provider
      Posted in Cyber Security

      Key points to consider when hiring a Managed Security Services Provider

      Latest Blogs

      5-things-to-consider-when-hiring-a-managed-security-services-provider

      By AMSAT April 15,2021

      Key points to consider when hiring a Managed Security Services Provider (MSSP)

      A managed security service provider can be a windfall for a number of businesses. In fact, hiring one can mean you no longer have to worry about risks that an organization is ill-equipped to handle in-house for any reason such as a dearth of resources or expertise. Seeking a professional provider lets employees concentrate on their own vital tasks, without taking on the additional responsibility of security management.


      Professional help in this field also enables security monitoring outside of office hours. The following guide tells you what you should be looking for in an MSSP, to get the best for your business.

      Reputation

      Putting your company’s security in the hands of an external provider is not something that should be taken for granted. You need to be sure that the team tasked with shielding your assets knows precisely what they’re doing and have the reputation to demonstrate it.


      Asking important questions will help: determine how long a possible provider has been active in the industry and look at feedback they’ve received from other customers. A provider’s status will give you a good idea of their competences and by doing slight research you can ensure that they’ll be able to deal with your security issues.

      A sound understanding of your business

      A good provider should always have a detailed appreciation of your business and the rules and regulations that must be followed within it. It is important for them to take these guidelines seriously and ensure that key data is secured, allowing your business to continue to defend its customers. If an MSSP has other customers in a similar line of business to your own, they might be highly appropriate. Make sure that any potential provider is committed to complying with your business’s specific requirements.

      Service level

      It’s important to find a provider that offers the superlative level of service. While this may sound too good to be true, MSSPs differ in the service level they provide and not all will fit your company’s needs. Some providers offer a full incident response system while others focus exclusively on supervising for intrusions. Some will have knowledge in specific fields of security, which may or may not be valuable to you, depending on what you’re looking for. Deliberate whether you need help with only specific security devices, or are looking for a more comprehensive end-to-end security service.

      Customer support

      Customer support is the key element of a quality managed security services provider. Some of the best support to the customers, given the fact that security breaches can occur at any time of the day, and you might find yourself seeking support beyond normal working hours. In addition to good access to support, the level of help provided should also be of the highest quality. After all, you want a provider to explain various procedures and respond to all important and not-so-important questions. If you’re not getting adequate support from an MSSP, you should consider whether they’re worth keeping around.

      Security measures

      All MSSPs should be overseeing for invasions and keeping your business safe from the more palpable threats, but how striking is their approach really? A great provider will constantly be vigilant about new threats and will keep their defense approaches up to date by evolving and adapting as security threats change and new technology can be applied. For after all, you seek a provider who is always ahead of the game, which will eventually positively affect your business.

      In a nutshell

      Staying protected is key in business, so do proper research when looking to hire a new MSSP. No one can take the security of their company for granted, and those who rely on run-of-the-mill MSSPs in order to save a few thousand bucks will do so only to their own detriment.

      TAGS

      • Cyber Crime
      • Security Updates
      • Managed Security Services
      • Customer support

      Recent Blogs

      Share this article

      Ready to Get Started?

      Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

        By submitting the form, you agree to the Terms of Use and Privacy Policy

        key-security-trends-to-follow-in-2021
        Posted in Cyber Security | Tagged , ,

        Key Cybersecurity Trends, Threats, and Events to Emerge in 2021

        Latest Blogs

        key-security-trends-to-follow-in-2021

        By AMSAT April 8,2021

        Key Cybersecurity Trends, Threats, and Events to Emerge in 2021

        Looking back on a year of unparalleled uncertainty, almost everyone from all walks of life learned some lessons, including cybersecurity leaders and experts. The sudden change in working patterns prompted millions of employees to work from home, putting enormous strain on access to IT systems.

         

        Cybercriminals didn’t let their guards down in determining how these and other changes created flaws to target and abuse either, which led to an upsurge in cyber-threat activity. By the end of March, more than 40,000 newly registered websites had already been identified with Covid-related names, which experts classified as “highly vulnerable” sites due to the scams and malware being pushed onto gullible consumers.

         

        By and large, cybersecurity emerged as a high priority for organizations as well as consumers who relied on technology more than ever before. So, remembering how vital it is to talk about cybersecurity more openly and therefore inspire deeper appreciation of the threats and best preemptive strategies, here are some major trends to look out in 2021:

        1. Employee fatigue

        Post Covid-19, a dramatic shift in working patterns has upended employees’ routine life: work from home has forced them to clock in more hours, which means very little respite with barely any gaps between meetings, and virtually no commute. All this has caused considerable employee fatigue or complacency, which means more human errors leading to cybersecurity issues. And this implies that businesses need to think about a whole new level of IT security education program, including ensuring people to step away and take a break.

         
        When you make a cybersecurity error at the workplace, it’s easy to go down and approach a responsive member of your IT security team. But it becomes extremely difficult to do at home now shorn of direct access to your usual go-to person, and it requires far more confidence to admit. Organizations need to take this human error factor into account and ensure steady edge security, regardless of the connection.

        2. Surge in ransomware attacks

        Ransomware attacks continue to rise both in frequency and severity, which doesn’t bode well for businesses. As everyone grappled to bear down with Covid-19 and move data and systems online, malicious threat actors saw more opportunities to exploit systems that were set up in haste.

        In these well-coordinated attacks, business data is held hostage by the cybercriminals who will demand payment or compensation in order to return access to the data. Unscrupulous threat actors continue to innovate and improve their encryption processes, making them even harder to crack. They will continue to target the most susceptible businesses that cannot afford to lose their data and raise pressure to cave in to the extortion. While an all-inclusive data security system is central in helping to foil an attack, a simple backup of your valuable company data is one of the best safeguards against a ransomware attack.

        3. Likelihood of more security incidents

        A number of businesses in Europe sought to move key business processes to the cloud over the next few years, but with the onset of Covid-19, the plan has been pushed back a few months. Instead of taking the time to recodify processes, a transitional boost and shift step was added: the swift move. While the procedure may still be the same, the setting and security change. In 2021, companies are recodifying to gain the real benefits of agility from the cloud, while security teams are still rectifying the issues from the transitional shift. This ongoing migration at pace will lead to security holes, and we’re likely to see more cloud security events until the shifts are complete and we return to a semblance of stability, at least for a while.

        4. SOC teams to grapple with a new work environment and more work pressure

        As many companies look to cut costs, one natural solution is to hasten the digitization of processes. This means a surge of cybersecurity data returning to the security operations center (SOC). Add to this the shift already seen in telemetry as employees work from home, and a rise from more new association tools and cloud processes. Several SOC teams had also been accustomed to using numerous screens for big data analytics, and consistent team meetings to discuss multifaceted issues; so, the shift to work remotely, often with one screen, has been difficult for some.

        4. Increased focus on privacy

        In the West, especially in Europe, increased focus on data privacy has been seen in the last few months. Just one example of how momentous this has become is a major smartphone company running TV adverts in the region underlining its data protection capabilities. Simultaneously, we have the EU looking to build EU clouds, such as the Gaia-X project, that align to the broader EU cloud approach. All of this shows the priority of privacy on the EU agenda.

        TAGS

        • Cybersecurity Mesh
        • Security Trends
        • Integrating AI with cyber security
        • Cyber warfare

        Recent Blogs

        Share this article

        Ready to Get Started?

        Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

          By submitting the form, you agree to the Terms of Use and Privacy Policy

          a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
          Posted in Cyber Security

          A Brief Weekly Review of Top Stories that Dominated the Cyberworld

          Latest Blogs

          a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

          By AMSAT April 2,2020

          A Brief Weekly Review of Top Stories that Dominated the Cyberworld

          The cyberworld saw its fair share of events in the outgoing week: from a bug in ‘netmask’ npm package that affected hundreds of thousands of projects to several ransomware gangs targeting vulnerable exchange servers, and so on. But the development that stood out in the entire week was the event where German lawmakers were targeted by Russian threat actors.

           

          Here’s a brief review of what took place in the past week.

          German MPs Again Targeted by Russian Threat Actors: Report

          As per local media, many German lawmakers fell victim to a cyber-attack, with security experts conjecturing Russian hackers might be behind the incident.


          Der Spiegel weekly said that cybercriminals used phishing emails to gain access to the computers of at least seven federal MPs and 31 lawmakers in regional parliaments.


          The magazine added that it was not clear whether any sensitive information was accessed.

          280,000 Projects Affected by Vulnerability in ‘Netmask’ npm Package

          Security expects suspected that a flaw in the netmask npm package could expose private networks and lead to a wide range of attacks, including malware delivery.


          Tracked as CVE-2021-28918, the newly identified issue resided in the fact that the package would erroneously read octal encoding, essentially resulting in the misapprehension of supplied IP addresses.


          Due to this bug, netmask would consider private IP addresses as external IP addresses and the other way around, thus opening the door to a variety of attacks, depending on the manner in which the package is used.

          Vulnerable Exchange Servers Targeted by More Ransomware

          The Black Kingdom/Pydomer ransomware operators joined the ranks of cybercriminals targeting the Exchange Server bugs that Microsoft revealed in early March.


          The four zero-day flaws had been targeted in live attacks well before patches were released for them on March 2. The number of unpatched Exchange installations plummeted drastically, going from roughly 80,000 on March 14 to fewer than 30,000 on March 22.

          TAGS

          • Cyber Crime
          • Security Updates
          • Russian Threat
          • German MPs

          Recent Blogs

          Share this article

          Ready to Get Started?

          Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

            By submitting the form, you agree to the Terms of Use and Privacy Policy

            a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
            Posted in Cyber Security

            A Brief Weekly Review of Top Stories that Dominated the Cyberworld

            Latest Blogs

            a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

            By AMSAT March 26,2021

            A Brief Weekly Review of Top Stories that Dominated the Cyberworld

            The outgoing week saw a mix of events in the cyberworld, including a recent patched Android bug being exploited in the wild, and a remote code execution patched in Apache OFBiz. But an event that brought shock waves in the realm of security landscape was social media giant Facebook’s failure to derail a $15b privacy suit.

             

            Here’s a brief synopsis of the key developments of the week that went by.

            Facebook Failed in Effort to Derail $15 Bn Privacy Suit

             

            The US Supreme Court declined to consider an appeal by social media titan Facebook that would have upset a $15 billion lawsuit over whether it illegally tracked users almost ten years ago.

             

             

            The country’s top court issued an order rejecting a request by the top social network to review a California federal court’s decision to allow the lawsuit accusing Facebook of breaching wiretap laws.

            Recently Fixed Android Bug Exploited in Attacks

             

            Search engine behemoth Google warned Android users that a newly fixed flaw had been exploited in attacks.

             

            Tracked as CVE-2020-11261, the vulnerability was patched by Google with the Android security updates released in January 2021.

             

             

            The bug was a high-severity improper input validation issue impacting a display/graphics element from Qualcomm. The flaw, which affects a long raft of chipsets, was reported to Qualcomm through Google in July 2020.

            Remote Code Execution Flaw Fixed in Apache OFBiz

             

            One of the flaws addressed by the latest update for Apache OFBiz was an insecure Java deserialization issue that could be exploited to perform code remotely, without verification.


            Apache OFBiz, a Java-based web framework, is an open-source enterprise resource planning (ERP) system that includes a set of applications to automate business processes within enterprise environments.


            OFBiz is one of the platforms that was impacted by a Java serialization flaw recognized and reported in 2015, and which affected the Apache Commons Collections and Apache Groovy libraries that OFBiz hinges on.

            TAGS

            • Cyber Crime
            • Security Updates
            • Weekly News

            Recent Blogs

            Share this article

            Ready to Get Started?

            Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

              By submitting the form, you agree to the Terms of Use and Privacy Policy

              a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
              Posted in Cyber Security

              A Brief Weekly Review of Top Stories that Dominated the Cyberworld

              Latest Blogs

              a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

              By AMSAT Mar 19,2021

              A Brief Weekly Review of Top Stories that Dominated the Cyberworld

              The outgoing week in the cybersecurity realm saw patching of vulnerabilities by some of the industry giants including Microsoft and Google. But an unprecedented development occurred when a threat group from China exploited 4 zer0-day flaws in Microsoft Exchange Server.

               

              Here is a brief synopsis of the stories of the past week.

              Threat group from China exploited 4 zero-day flaws in Microsoft Exchange Server

              A state-sponsored threat group from China actively exploited four zero-day bugs in Microsoft Exchange Server. Disturbingly, these flaws appeared to have been adopted by other threat actors in widespread attacks.

               

              The hack was not believed to be linked to the SolarWinds supply chain attack that had affected roughly 18,000 companies globally, but there were fears that lags in fixing exposed servers could have a similar, or more severe, effect on businesses.

              Google patches Chrome zero-day flaws exploited in the wild

              Search engine giant Google came up with an update for its Chrome web browser that patches five security bugs, including a zero-day flaw that is known to be aggressively exploited by threat actors. The vulnerabilities affect the Windows, macOS, and Linux versions of the popular browser.

              However, the company did not release any additional information on the live attacks or the operating system platforms being targeted. 

              Head of alleged crime chat comms service indicted by US

              The chief executive officer of a Canada-based company that provides encoded communications and a former associate were indicted in the US on allegations of facilitating international drug trafficking.

              Warrants were issued for the arrest of the two men.

              TAGS

              • Cyber Security
              • Security Updates
              • Weekly Updates

              Recent Blogs

              Share this article

              Ready to Get Started?

              Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                By submitting the form, you agree to the Terms of Use and Privacy Policy

                major-insights-into-microsoft-exchange-server-hack
                Posted in Cyber Security

                Everything You Should Know about Microsoft Exchange Server Hack

                Latest Blogs

                major-insights-into-microsoft-exchange-server-hack

                By AMSAT March 26, 2021

                Everything You Should Know about Microsoft Exchange Server Hack

                A state-sponsored threat group from China has aggressively exploited four zero-day flaws in Microsoft Exchange Server. Worryingly, these vulnerabilities appear to have been adopted by other threat actors in extensive attacks.

                 

                The hack is not believed to be linked to the SolarWinds supply chain attack that has affected roughly 18,000 companies globally, but there are fears that lags in fixing exposed servers could have a similar, or more severe, effect on businesses.

                 

                Here is a detailed chronology of what exactly happened.

                What occurred?

                Microsoft said that the company came to know of four zero-day bugs in January.

                 

                On March 2, the tech giant issued patches to deal with the four critical flaws in Microsoft Exchange Server software. Microsoft said that the bugs were being aggressively exploited in limited but targeted attacks.

                 

                Ten days later, Microsoft focused its probe on whether the threat actors acquired the credentials needed to gain access to the Exchange Server by a Microsoft partner, either deliberately or inadvertently. It is alleged that the cybercriminals had “proof of concept” attack code that the software behemoth shared with antivirus firms as part of the company’s Microsoft Active Protections Program (Mapp).

                 

                Microsoft Exchange Server is an email inbox, calendar, and collaboration solution. Users of Microsoft Exchange Server — an email inbox, calendar, and collaboration solution — come from diverse backgrounds, from corporate giants to small and medium enterprises worldwide.

                 

                While patches have been issued, the possibility of potential Exchange Server compromise hinges on the speed and approval of fixes, with the number of potential victims constantly on the rise.

                The vulnerabilities and their significance

                While Exchange Online is not impacted, the severe flaws affect on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

                 

                CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) flaw leading to crafted HTTP requests being sent by unverified hackers. Servers should be able to accept unreliable connections over port 443 for the bug to be activated.

                 

                CVE-2021-26857: CVSS 7.8: an uncertain deserialization flaw in the Exchange Unified Messaging Service, letting random code deployment under SYSTEM. Nevertheless, this flaw needs to be combined with another or pilfered IDs must be used.

                 

                CVE-2021-26858: CVSS 7.8: a post-authentication random file write flaw to write to paths.

                 

                CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write flaw to write to paths.

                 

                Used in an attack chain, all of these flaws can lead to Remote Code Execution (RCE), server capture, backdoors, data holdup, and possibly further malware deployment.

                 

                Simply put, Microsoft says that invaders obtain access to an Exchange Server either through these bugs or pilfered credentials and they can then produce a web shell to capture the system and perform commands remotely.

                 

                The company has said that the vulnerabilities are used as part of an attack chain, adding that the first attack needs the capacity to make an unreliable connection to Exchange server port 443. This, Microsoft said, can be protected against by limiting unreliable connections, or by establishing a VPN to separate the Exchange server from external access.

                 

                On March 10, Proof-of-Concept (PoC) code was released.

                Attack traced back to Hafnium

                The tech giant says that attacks using the zero-day vulnerabilities have been traced back to Hafnium, a state-sponsored advanced persistent threat (APT) group from China that Microsoft said is as a highly accomplished and sophisticated actor.

                 

                While Hafnium initiates in China, the group uses a web of virtual private servers (VPS) located in the US to try and hide its true location. Entities formerly targeted by the group include think tanks, non-profits, defense outworkers, and researchers.

                 

                • Deploy updates to compromised Exchange Servers

                To successfully respond to the situation that could snowball into a serious crisis, deployment of updates to the affected Exchange Servers can be the first key step.

                 

                • Investigate for exploitation or indicators of persistence

                This can be managed by examining the Exchange product logs for evidence of exploitation and skimming for identified web shells. In addition, using the Microsoft IOC feed for newly observed indicators and leveraging other organizational security capabilities may also help

                 

                • Remediate and mitigate any known exploitation

                Microsoft suggests that you investigate your environment for indicators of lateral movement or further compromise. Also, you must update or mitigate your affected Exchange deployments immediately. Several rival groups are also actively exploiting these vulnerabilities, so to ensure the utmost security, you should block access to susceptible Exchange servers from unreliable networks until your Exchange servers are fixed or mitigated.

                 

                Some of the noted cybersecurity companies in Pakistan, including AMSAT Managed Security Services (MSS), provide services appropriate for different environments related to Exchange Server, including support and services in vulnerability & threat management and governance, risk management & compliance, and penetration testing. The company also provides customized security strategy and mitigation techniques to help prepare organizations for potential threats.

                TAGS

                • Cyber Crime
                • Security Updates
                • Microsoft Exchange Server Hack

                Recent Blogs

                Share this article

                Ready to Get Started?

                Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                  By submitting the form, you agree to the Terms of Use and Privacy Policy

                  Top Stories that Dominated the Cyberworld
                  Posted in Cyber Security

                  A Brief Weekly Review of Top Stories that Dominated the Cyberworld

                  Latest Blogs

                  Top Stories that Dominated the Cyberworld

                  By AMSAT Mar 12,2020

                  A Brief Weekly Review of Top Stories that Dominated the Cyberworld

                  Among other major developments that occurred in the cyberspace, two news items stood out in the outgoing week: discovery of a new malware that contains in 9 Android apps, and a fire that destroyed data centers of OVH located in Strasbourg, France.

                   

                  Here is a brief synopsis of the stories of the past week.

                   

                  Fire destroyed OVH data centers in France

                  In an unprecedented incident, a fire destroyed data centers of OVH, the largest hosting provider in Europe and the third-largest in the world, located in Strasbourg, France.

                  The company advised customers to put in place their disaster recovery plans after the fire rendered several data centers unserviceable, affecting websites across the globe. 

                  Microsoft tool checked Exchange Servers for Proxy Logon hacks

                  Software giant Microsoft created a PowerShell script that could be used to check whether the newly revealed Proxy Logon flaws hacked a Microsoft Exchange server.

                  Tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, these flaws let the hackers carry out remote code execution on publicly exposed Microsoft Exchange servers using Outlook on the web (OWA).

                  As part of these attacks, the hackers installed web shells that let the hackers control the server and access the internal network.

                  Experts revealed new malware that contained in 9 Android apps

                  Cybersecurity experts divulged a new malware dropper contained in 9 Android apps circulated via Google Play Store that arranged a second stage malware able to gain invasive access to the financial accounts of victims as well as full control of their devices.

                  The apps that were used for the drive include Cake VPN, Pacific VPN, eVPN, BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and QRecorder.

                  TAGS

                  • Cyber Security
                  • Security Updates
                  • Weekly Review

                  Recent Blogs

                  Share this article

                  Ready to Get Started?

                  Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                    By submitting the form, you agree to the Terms of Use and Privacy Policy

                    a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
                    Posted in Cyber Security

                    A Brief Weekly Review of Top Stories that Dominated the Cyberworld

                    Latest Blogs

                    a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

                    By AMSAT March 05,2021

                    A Brief Weekly Review of Top Stories that Dominated the Cyberworld

                    Among other key news stories that dominated the cyberspace, the biggest development of the outgoing week, which hit the headlines, was Ursnif Trojan hitting more than 100 Italian banks and financial institutions.

                     

                    Here is a brief overview of the stories of the past week.

                    Over 100 Italian banks hit by Ursnif Trojan

                    Avast experts revealed that the notorious Ursnif Trojan was used in attacks against at least 100 banks in Italy.

                     

                    Operators behind these attacks have pilfered financial data and credential from targeted financial institutions.

                    Malware Sunshuttle purportedly linked to SolarWinds hack

                    Malware experts found a new sophisticated second-stage backdoor, called Sunshuttle, which was uploaded by a U.S.-based entity to a public malware repository in August 2020.

                     

                    An analysis published by FireEye reads: “Mandiant Threat Intelligence discovered a sample of the SUNSHUTTLE backdoor uploaded to an online multi-Antivirus scan service.”

                    Microsoft patches actively exploited Exchange zero-day bugs

                    Microsoft set off alarm bells after finding Chinese cyber-espionage operators chaining several zero-day exploits to drain off e-mail data from corporate Microsoft Exchange servers.

                     

                    Redmond’s warning comprises the release of emergency out-of-band fixes for four distinct zero-day flaws that shaped part of the hacker’s arsenal.

                    TAGS

                    • Cyber Crime
                    • Security Updates
                    • Microsoft patches
                    • SolarWinds hack

                    Recent Blogs

                    Share this article

                    Ready to Get Started?

                    Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                      By submitting the form, you agree to the Terms of Use and Privacy Policy