Tag Archive for: disrupts

Hillicon Valley — Presented by Connected Commerce Council — Microsoft disrupts Chinese hacking effort

/in


Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.

Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Microsoft hit the ground running at the top of a new work week, announcing that it had disrupted a Chinese hacking group that had targeted organizations in almost 30 countries, including the United States, with a focus on human rights groups and think tanks, among others.

Meanwhile, a new analysis found that the Russian hackers behind last year’s SolarWinds hack haven’t slowed down their efforts, and the planned merger of former President Trump’s new media company and another group is under investigation.

Let’s jump into the news.

Microsoft moves to block Chinese hackers

Microsoft on Monday announced that a federal court had granted a request to allow it to seize websites being used by a Chinese-based hacking group that was targeting organizations in the United States and 28 other nations.

International focus: The hacking group, which Microsoft has dubbed “Nickel,” was observed to be targeting think tanks, human rights organizations, government agencies and diplomatic organizations for intelligence gathering purposes.

The court order unsealed Monday in the Eastern District of Virginia allowed the Microsoft Digital Crimes Unit to take control of the websites used by Nickel and redirect the traffic to Microsoft servers. Customers impacted by the hacking efforts have been notified.

“Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft’s secure servers will help us protect existing and future victims while learning more about Nickel’s activities,” Tom Burt, the corporate vice president of Customer Security and Trust at Microsoft, wrote in a blog post published Monday.

“Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks,” Burt…

Source…

Ransomware disrupts Florida’s most vital services

/in


Feb. 2021: Although not a ransomware attack, a hack affecting the water treatment plant in Oldsmar, a Tampa Bay-area town with about 15,000 residents, exposing the vulnerability of Florida’s critical infrastructure. Someone broke into the plant’s computer system and changed the level of sodium hydroxide, also known as lye, from about 100 parts per million to 11,100 parts per million, Pinellas County Sheriff Bob Gualtieri said. That chemical, a main ingredient in liquid drain cleaners, is used to control water acidity and remove metals from drinking water in treatment plants. A plant operator caught the change and reversed it before anyone was poisoned, and officials said other safeguards would have protected the water supply if the plant operator hadn’t acted. But at a March meeting of the Florida Cabinet, FDLE Commissioner Rick Swearingen said hackers gained access to the system because of “extremely lax” cybersecurity measures.

Source…

DDoS disrupts Belgian parliament. New malware strains in criminal campaign. Threat actors vs. MFA. Disinformation for business.

/in


Attacks, Threats, and Vulnerabilities

Belgian public-sector network suffers cyberattack, affecting parliament (Computing) The attack disrupted a planned meeting of Belgian’s Foreign Affairs, which had been due to discuss the human rights situation in Xinjiang

XSS in the wild: JavaScript-stuffed orders used to compromise Japanese e-commerce sites (The Daily Swig) Website vulnerabilities abused in new hacking campaign

Three new malware families found in global finance phishing campaign (ZDNet) Doubledrag, Doubledrop, and Doubleback are the work of “experienced” threat actors.

Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques (Symantec) Two-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.

The UNC2529 Triple Double: A Trifecta Phishing Campaign (FireEye) We observed a widespread, global phishing campaign from UNC2529 targeting numerous organizations across an array of industries.

Qualys Flags Gaping Security Holes in Exim Mail Server (SecurityWeek) Security researchers at Qualys have discovered multiple gaping security holes in Exim, a widely deployed mail server that has been targeted in the past by advanced nation state-based threat actors.

High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices (SecurityWeek) Dell patches high-severity vulnerabilities affecting a driver that is present on hundreds of millions of devices.

How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps (Proofpoint) Open authorization or “OAuth” apps add business features and user-interface enhancements to major cloud platforms such as Microsoft 365 and Google Workspace. Unfortunately, they’re also a new threat vector as bad actors are increasingly using malicious OAuth 2.0 applications (or cloud malware) to siphon data and access sensitive information. In 2020, Proofpoint detected more than 180 different malicious applications, attacking over 55% of customers with a success rate of 22%.

21Nails vulnerabilities impact 60% of the internet’s email…

Source…