Security Leftovers
-
SolarWinds attackers, now called Midnight Blizzard, take aim at Teams
At the time, when the attack group was identified by both FireEye and Microsoft, the latter called it Nobelium. In a post dated 2 August, Microsoft Threat Intelligence gave it a new name: Midnight Blizzard. No reason was given for the new name, although it is notable that Microsoft Threat Intelligence in December 2020 also had a different name, being known as Microsoft Threat Intelligence Centre.
The group — call it Nobelium, Midnight Blizzard or even SUNBURST as some did — is now claimed to have attacked compromised Microsoft 365 tenants owned by small businesses and created new domains that posed as tech support entities.
It then sent Teams messages to try and steal credentials leveraging multi-factor authentication.
{loadposition sam08}Microsoft said 40 organisations had been affected by these attacks across the globe, but did not provide any names.
In its post, the MTI said: "The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organisations, IT services, technology, discrete manufacturing, and media sectors.
-
2023-08-05 [Older] Android Spyware Maker LetMeSpy Shuts Down After Hacker Deletes Server Data
-
China releases draft regulations requiring data protection audits for certain companies
The Chinese government released proposed regulations that would require certain data processors to undergo annual or biennial audits on Thursday. The Chinese Cyberspace Office published the first draft text of the proposal, entitled “Administrative Measures for Compliance Auditing of Personal Information Protection” on its website.
-
FBI investigates ransomware attack on California-based healthcare provider [Ed: Windows TCO]
The U.S. Federal Bureau of Investigation is investigating a ransomware attack that disrupted services at a healthcare provider based in California on Aug. 3.
-
Ransomware Attack Disrupts Health Care in at Least Three States [Ed: Windows TCO and breach, not mere "attack"]
It was not immediately clear how many locations operated by Prospect Medical Holdings were affected but some sites had to cut back services or close.
-
Government services provider Maximus hit by MOVEit attack [Ed: Windows TCO]
Government services provider Maximus Inc. is the latest victim of the Clop ransomware gang’s targeting of a critical vulnerability in Progress Software Corp.’s MOVEit file transfer software, as data belonging to as many as 11 million people was stolen.
-
2023-08-04 [Older] CISA Releases its Cybersecurity Strategic Plan
-
2023-08-02 [Older] Mozilla Releases Security Updates for Firefox and Firefox ESR
-
2023-08-02 [Older] Mozilla Releases Security Updates for Multiple Products
-
2023-08-01 [Older] CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities
-
2023-08-03 [Older] CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022
-
2023-08-03 [Older] CISA Releases Five Industrial Control Systems Advisories
-
2023-08-03 [Older] Mitsubishi Electric GOT2000 and GOT SIMPLE
-
2023-08-03 [Older] Mitsubishi Electric GT and GOT Series Products
-
2023-08-03 [Older] TEL-STER TelWin SCADA WebInterface
-
2023-08-03 [Older] Sensormatic Electronics VideoEdge
-
2023-08-01 [Older] CISA Releases One Industrial Control Systems Advisory
-
2023-08-01 [Older] APSystems Altenergy Power Control
-
2023-07-31 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
-
Locking Down Linux: How To Get To Zero-Trust Security [Ed: It says "number of security tools for Linux pale in comparison to Windows," because in Windows security isn't the goal, back doors are the goal, and security gets sold as an "add-on"]
-
Google Chrome: Update Now As 20 New Browser Security Fixes Confirmed [Ed: Longtime Microsoft propagandist Davey Winder (like "drpizza") trying to distract from Windows breaches and back doors, as usual]
-
CISA details backdoor malware used in Barracuda ESG attacks
CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868.
-
'Zenbleed' bug leaks data from AMD Ryzen and Epyc Zen 2 chips
Google security researcher demonstrates that silicon level vulnerability he discovered could enable theft of sensitive data
-
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections