Posts

US and UK Issue Joint Alert on Russian Cyber Activity

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Critical Infrastructure Security
,
Cybercrime
,
Cyberwarfare / Nation-State Attacks

SVR’s TTPs and General Tradecraft Detailed

US and UK Issue Joint Alert on Russian Cyber Activity

U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks.

See Also: Live Webinar | Software Security: Prescriptive vs. Descriptive



The U.K.’s National Cyber Security Center, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency say the SVR, through its threat group APT29, will continue to attack, so organizations need to understand the threat facing them.

“APT29 will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies,” CISA says in its own alert.


CISA attributed the SolarWinds supply chain attack that resulted in follow-on attacks on nine government departments and 100 private companies to APT29, also known as The Dukes, Cozy Bear and Yttrium. The agency notes that the SVR’s cyber operations have posed a…

Source…

FBI teams up with ‘Have I Been Pwned’ to alert Emotet victims

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The data breach notification site now allows you to check if your login credentials may have been compromised by Emotet

The United States’ Federal Bureau of Investigation (FBI) has shared more than 4.3 million email addresses, harvested by the Emotet botnet, with data breach tracking website Have I Been Pwned (HBIP) in an effort to help alert victims of the notorious botnet.

“In all, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies during the takedown,” said HBIP founder Troy Hunt in a blog post.

The move comes on the heels of an operation on Sunday where law enforcement agencies pushed out an update to all systems compromised by Emotet in order to cleanse them of the notorious Back in January, authorities from the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine joined forces to disrupt the botnet by gaining control of its infrastructure and taking it down from the inside. Some 700 command-and-control servers were taken offline.

In the aftermath of the operation, the Bureau reached out to Hunt to inquire whether there was an efficient way of alerting the victims that their systems and accounts had been compromised by Emotet.

The FBI shared email login information that was stored by Emotet for spamming via victims’ email providers, along with web credentials that were harvested from browsers that were saved to speed up logins with HIBP.

While, usually, these would be treated as two separate breaches, Hunt said that they were uploaded as a single breach since “the remediation is very similar”. However, users who want to check whether they’ve been affected by Emotet won’t be able to do so using the search bar on HIBP’s homepage. This is due to the fact that the incident has been classified as sensitive by Hunt, who explained that he chose this approach so that users impacted by Emotet wouldn’t become targets.

“A sensitive data breach can only be searched…

Source…

Banking agency on ‘heightened alert’ after cyberattack

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

The Apple tax ruling has been seen by some as a potential trigger for Ireland to leave the EU.

Hackers breached the email servers of the European Banking Authority (EBA) as part of the global cyberattacks targeting Microsoft Exchange Server – and while the Paris-based financial security agency for the European Union says that no data has been stolen as part of the attack, it remains on high alert.

The EBA fell victim to a hacking campaign exploiting four zero-day vulnerabilities in Microsoft Exchange Server that has affected tens of thousands of organisations around the world.

The vulnerabilities allowed cyber attackers to gain access to the European Banking Authority’s email servers, initially leading to fears that personal data may have been accessed by hackers.

However, in an update on the investigation into the incident, the EBA said the email infrastructure has been secured and at this stage it’s believed “no data extraction has been performed” and there’s “no indication to think that the breach has gone beyond our email servers”.

The EBA’s email system was taken offline as a precautionary measure but it has now been fully restored following the deployment of additional security measures.

“Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity and availability of its systems and data,” the EBA said in a statement.

“Besides re-securing its email system, the EBA remains in heightened security alert and will continue monitoring the situation,” it added.

Analysis of the Microsoft Exchange Server attack was carried out by the European Banking Authority in collaboration with the European Union’s Computer Emergency Response Team (CERT-EU), as well as additional security experts.

The EBA is just one of thousands of organisations around the world that are believed to have been targeted by attackers exploiting newly…

Source…

Possible Malware (?) – Firefox “Secure Connection Not Available” alert

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Hi, I use Firefox as my browser. I am very careful and aware of which links I click and I don’t do dodgy things (aka pron lol) on my laptop. I have been getting the following message on a number of sites that use HTTPS verification:

 

HTTPS-Only Mode Alert Secure Connection Not Available

 

I have noticed a few things that be helpful. Firstly, if I go to my banks URL, I get that message. When I google my bank name, the results give me a “sign in” option. If I click that I can sign in alright even though it is also HTTPS enabled. Odd.

The other thing of note is that I do not have these problems in Chrome, just in Firefox. I am uncertain if this is an oddball Firefox issue or if I have a “man-in-the-middle” malware situation. I have done a virus scan using Windows Defender, AVG, and Bitdefender and all came back clean.

——————————————————

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01

Ran by Patrick Lo (administrator) on LO (ASUSTeK COMPUTER INC. X551CAP) (17-02-2021 16:49:42)

Running from C:UsersPatrick LoDownloads

Loaded Profiles: Patrick Lo

Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: English (United States)

Default browser: FF

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:Program Files (x86)ASUSWebStorage Sync Agent1.1.18.159AsusWSWinService.exe

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(ASUSTeK Computer Inc. -> ASUS) C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe

(ASUSTeK Computer Inc. -> ASUS) C:Program Files (x86)ASUSSplendidACMON.exe

(ASUSTeK Computer Inc. -> ASUS) C:Program FilesASUSP4GBatteryLife.exe

(ASUSTeK Computer Inc. -> ASUS) C:Program FilesASUSP4GInsOnSrv.exe

(ASUSTeK Computer Inc. -> ASUS) C:Program FilesASUSP4GInsOnWMI.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)…

Source…