Exchange Server patching and mitigation race to keep pace with exploitation. A low-tech SMS snooping method.

Cyber Attacks, Threats, and Vulnerabilities

Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies (McAfee Blogs) In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence staff particulars an espionage marketing campaign, concentrating on telecommunication firms,

McAfee Defender’s Blog: Operation Dianxun (McAfee Blogs) Operation Dianxun Overview In a current report the McAfee Advanced Threat Research (ATR) Strategic Intelligence staff disclosed an espionage marketing campaign,

Technical Analysis of Operation Diànxùn (McAfee) In this report the McAfee® Advanced Threat Research (ATR) Strategic Intelligence staff particulars an espionage marketing campaign, concentrating on telecommunication firms, dubbed Operation Diànxùn.

China Intensifies Cyber-Attacks After Disengagement From Pangong Lake: Report (Swarajyamag) Indian authorities organisations corresponding to Computer Emergency Response Team (CERT-IN) and National Critical Information Infrastructure Protection Centre (NCIIPC) have reported that Chinese hackers have tried to infiltrate the countrys our on-line world after troops from the 2 neighbours disengaged from Pangong Lake in japanese Ladakh.

Tech 24 – Microsoft cyber-attack turns into global crisis (France 24) In this version, we let you know extra in regards to the huge cyber-attack on Microsoft Exchange. What began as an alleged state-sponsored assault is shortly changing into a world disaster, claiming at the least 60,000 vi…

CISA Updates Microsoft Exchange Advisory to Include China Chopper (Dark Reading) US officers warn organizations of China Chopper Web shells as new knowledge sheds gentle on how the Exchange Server exploits have grown.

Mitigate Microsoft Exchange Server Vulnerabilities (CISA) Note: This Alert was up to date March 13, 2021 to present additional steering. 

The Microsoft Exchange hacks: How they started and where we are (BleepingComputer) The emergency patches for the just lately disclosed important vulnerabilities in Microsoft Exchange e mail server didn’t come quickly sufficient and organizations had little time to put together earlier than en masse exploitation started.

KnowBe4 Warns of Rise in Microsoft Exchange Global Security Exploit Attempts (PR Newswire) KnowBe4, the supplier of the world’s largest safety consciousness coaching and simulated phishing platform, at present issued a warning concerning the…

Exploits on Organizations Worldwide Grow Tenfold after Microsoft’s Revelation of Four Zero-days (Check Point Software) Following the revelation of 4 zero-day vulnerabilities at the moment affecting Microsoft Exchange Server, Check Point Research (CPR) discloses its newest

Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities (SecurityWeek) Microsoft has launched patches for over 95% of the Exchange Server variations uncovered on the Internet.

How Did Multiple Threat Groups Know About Exchange Patches Before Release? (Breaking Defense) Following CISA’s weekend updates on persevering with Exchange server hacks, Microsoft is investigating the numerous uptick in exploits simply days earlier than patches have been launched.

Protecting on-premises Exchange Servers against recent attacks (Microsoft Security) For the previous few weeks, Microsoft and others within the safety trade have seen a rise in assaults towards on-premises Exchange servers. The goal of those assaults is a sort of e mail server most frequently utilized by small and medium-sized companies, though bigger organizations with on-premises Exchange servers have additionally been affected. Exchange Online is…

Michael Dell: Public Cloud Isn’t More Secure Than On-Premise (CRN) ‘The issues that led to numerous these assaults are human-induced that may happen in a public cloud, can happen in a personal cloud – it will probably happen wherever,’ says Dell Technologies CEO Michael Dell.

Google Chrome Zero-Day Under Attack, Again (SecurityWeek) Google has shipped an pressing repair to block in-the-wild zero-day assaults hitting its flagship Chrome browser however defenders lament the lack of know-how on the stay assaults.

Security Vendors Understate Risks in Senate Hearing on SolarWinds (Virsec) The US Senate Cyber Intelligence Committee held a listening to on the SolarWinds assault on February 24, 2021. Three items of testimony stood out.

Microsoft reports ‘worldwide’ Teams, Azure outage (CRN Australia) Affecting companies in a single day and this morning.

Phishing sites now detect virtual machines to bypass detection (BleepingComputer) Phishing websites are actually utilizing JavaScript to evade detection by checking whether or not a customer is looking the positioning from a digital machine or headless machine.

Sensitive MoD information exposed through personal email accounts (Computing) The Ministry of Defence logged 151 safety incidents in 2020, in contrast to 75 in 2019

Twonky Server – Beware What You (Unintentionally) Share (RBS) There is a protracted story about how we got here to study software program referred to as Twonky Server, nevertheless it’s not significantly thrilling so we’ll skip proper over that. Let’s simply say, its conspicuous identify performed a task. But it’s our analysis findings which can be way more attention-grabbing and essential.

Twonky Server is a D

A Hacker Got All My Texts for $16 (Vice) A gaping flaw in SMS lets hackers take over cellphone numbers in minutes by merely paying an organization to reroute textual content messages.

WeLeakInfo Leaked Customer Payment Info (KrebsOnSecurity) A little over a yr in the past, the FBI and regulation enforcement companions abroad seized WeLeakInfo[.]com, a wildly standard service that bought entry to greater than 12 billion usernames and passwords stolen from hundreds of hacked web sites. In an ironic flip of occasions, a lapsed area registration tied to WeLeakInfo let somebody plunder and publish account…

NFT digital art is already attracting hackers (CyberScoop) Users of Nifty Gateway reported hackers had taken over their accounts and stolen paintings value hundreds of {dollars} over the weekend.

China’s tech giants test way around Apple’s new privacy rules (Financial Times) ByteDance and Tencent see if they’ll keep monitoring iPhone customers with answer created by state-backed group

Rising encrypted app Signal is down in China (TechCrunch) Chinese customers of the moment messenger Signal knew that the great instances wouldn’t final lengthy. The app, which is used for encrypted conversations, is unavailable in mainland China as of the morning of March 16, a take a look at by TechCrunch exhibits. The web site of the app has been banned in mainland China s…

More than 16 million Covid-related cyber threats were detected in 2020 (Atlas VPN) The yr 2020 will likely be endlessly remembered for the Covid-19 pandemic, which swiftly overtook the world and altered our lives endlessly. The pandemic has additionally affected the cybersecurity panorama — a brand new wave of cyber threats emerged the place criminals leveraged Covid-19 to launch assaults.

Vulnerability Summary for the Week of March 8, 2021 (CISA) The CISA Vulnerability Bulletin gives a abstract of latest vulnerabilities which were recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) up to now week. NVD is sponsored by CISA.

Tax season scams and how to avoid them (AwareGO) There’s nothing in life sure aside from taxes and phishing! Want to keep away from falling for tax season scams? Follow AwareGO’s professional suggestions.

Professional Provident Society suffers ‘malicious’ cyber attack (ITWeb) The insurer for graduate professionals confirms it’s a sufferer of a cyber assault, saying it’s engaged on restoring full performance.

Security Patches, Mitigations, and Software Updates

One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 (Microsoft Security Response Center) We have been actively working with prospects by way of our buyer help groups, third-party hosters, and associate community to assist them safe their environments and reply to related threats from the current Exchange Server on-premises assaults.

Twitter now supports multiple 2FA security keys on mobile and web (BleepingComputer) Twitter has added help for a number of safety keys to accounts with two-factor authentication (2FA) enabled for logging into the social community’s net interface and cellular apps.

Threat Insights Report, Q4-2020 (HP – Bromium) Welcome to the This fall 2020 version of the HP-Bromium Threat Insights Report. The report opinions notable malware developments recognized by HP Sure Click from the fourth quarter of 2020 (1 October to 31 December), in order that safety groups are outfitted with the information to fight rising threats and enhance their safety postures.

Selective Survey Finds Majority Of Small Businesses Lack Cyber Insurance Coverage (PR Newswire) A survey of small companies carried out by Appalachian State University in coordination with Selective discovered that cybersecurity and expertise…

How tech workers feel about China, AI and Big Tech’s tremendous power (Protocol) Protocol’s inaugural Tech Employee Survey dives deep into how staff throughout tech really feel in regards to the existential points dealing with their trade.

Selective Survey Finds Majority Of Small Businesses Lack Cyber Insurance Coverage (PR Newswire) A survey of small companies carried out by Appalachian State University in coordination with Selective discovered that cybersecurity and expertise…

SailPoint Research Sheds Light on Cybercrime Targeting Digital Identities (SailPoint) 100% of surveyed safety and IT leaders confirmed that their organizations skilled a safety compromise within the final yr  AUSTIN, March 16, 2021 – SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the chief in enterprise id safety, at present launched the findings from a brand new survey of safety and IT managers/administrators that explored why massive, well-resourced enterprises are persevering with to be compromised. […]

Jay-Z or Cher? Our latest password data shows which artists are most popular in leaked passwords (Specops Software) Specops Software launched at present the newest replace to its Breached Password Protection checklist in addition to the newest evaluation of password knowledge. “This password…


The CyberWire collaborates with Microsoft Canada to accelerate cybersecurity education and awareness missions (PR Newswire) The CyberWire introduced at present that Microsoft Canada has joined its distinguished tutorial, analysis, and trade associate program, targeted on…

Government Spyware Firm That Put Rogue Apps on Play Store Goes Bankrupt (Vice) A court docket simply declared eSurv, an organization that bought spy ware to Italian cops, bankrupt.

Argon Exits Stealth Mode to Launch the First Unified Security Solution Protecting the Integrity of the DevOps pipeline (Argon) Company Also Secured Funding From Hyperwise Ventures and an Impressive List of Individual Investors together with Shlomo Kramer — Founder of Check Point, Imperva, and  Cato Networks TEL…

Tesserent acquires Secure Logic’s managed services business for $10 million, stock (CRN Australia) Also indicators as reseller for TrustGrid and AttackCertain merchandise.

Inpher Secures Strategic Investment from the Amazon Alexa Fund for Consumer Data Protection in AI (PR Newswire) Inpher, Inc., the pioneers of Secret Computing®, at present introduced a strategic funding from the Amazon Alexa Fund. Inpher plans to apply the…

Cyware Closes $30M Series B Just 7 Months After A Round (Crunchbase News) New York-based Cyware locked in a $30 million Series B after rising annual recurring income 120 % final yr and simply seven months after elevating its Series A.

Sonatype Acquires MuseDev (GlobeNewswire) Acquisition Pairs Developer-Friendly Source Code Analysis with Full-Spectrum Software Supply Chain Management

Merlin Ventures Unveils Public Sector Growth Program for Cybersecurity Startups (BusinessWire) Merlin Ventures pronounces the formation of a Public Sector development program for cybersecurity software-as-a-service (SaaS) startups.

Deloitte Unveils Artificial Intelligence Institute for Government (Deloitte United States) Deloitte unveils Artificial Intelligence Institute for Government, new entity to develop expertise and drive collaboration with the general public sector to advance AI for public good

ICF Handed $53 Million Task Order from U.S. Army for Cybersecurity and AI Solutions (Homeland Security Today) The U.S. Army Combat Capabilities Development Command Army Research Laboratory (DEVCOM ARL) has awarded international consulting and digital companies supplier ICF a brand new process order valued at up to $53 million to develop the supply of cyber analysis, improvement and expertise companies. It has a time period of 5 years, together with a one-year base and 4 possibility years.

Unisys Named a Leader in Cyber Resiliency Services by NelsonHall (Unisys) Unisys Corporation (NYSE: UIS) at present introduced that NelsonHall has named the corporate as an general market section chief within the NelsonHall Evaluation & Assessment Tool (NEAT) Vendor Evaluation for Cyber Resiliency Services report, citing the corporate’s general potential to ship rapid advantages to its shoppers, in addition to strategize and plan to meet future shopper wants.

Facebook, News Corp. reach deal on Australia news; NWSA rises (SeekingAlpha) Facebook (FB) and News Corp. ([[NWS]], [[NWSA]]) have come to a deal on information in Australia, constructing on some groundwork the 2 firms laid within the United States

Former bp CISO Simon Hodgkinson Joins RangeForce Advisory Board (Yahoo) VaryForce has developed a self-directed platform with a gaming interface that represents the way forward for cyber safety coaching – Simon Hodgkinson.

Fusion Connect adds Channel Veteran Rick Ribas as Senior Vice President of Channels and Alliances (PR Newswire) Fusion Connect, a trusted associate for enabling the linked enterprise, introduced at present that Rick Ribas has joined the corporate as Senior Vice…

John Kindervag, Creator of Zero Trust, joins MSSP ON2IT (PR Newswire) ON2IT, the worldwide managed safety companies firm and Zero Trust innovator, at present introduced that Zero Trust creator, John Kindervag, will…

CYE Deepens Market-leading Cyber Bench with New Additions to Advisory Board (PR Newswire) CYE, the trade chief in cybersecurity optimization options, introduced at present the addition of Franck Cohen, Ann Johnson, John Negron and…

Products, Services, and Solutions

SyncDog Unveils First Fully Integrated Solution for Mobile Endpoint Security (PR Newswire) SyncDog Inc., the main Independent Software Vendor (ISV) for subsequent era cellular endpoint safety and knowledge loss prevention, at present…

Aqua announces industry-first container runtime security solution for Arm 64-bit environments (Aqua) Aqua Security now protects containers and Virtual Machine (VM) workloads at runtime on Arm®- powered gadgets

Tempered Combines Strengths with Nozomi Networks to Deliver Industry-Leading IoT/OT Security (News Direct) Solution integration provides AI-powered menace visibility, evaluation and remediation alongside with military-grade encryption, coverage enforcement and simplified coverage administration

DH2i Launches DxEnterprise v20 Improving Microsoft SQL Server High Availability (HA) and Disaster Recovery (DR) Performance | DH2i (DH2i) Customers in Financial Services and Other Sectors to Enjoy Greater Business Resilience, Security and Scalability Across On-Prem, Remote and Public Clouds FORT COLLINS, Co. – March 16, 2021 DH2i®, the main supplier of multi-platform Software Defined Perimeter (SDP) and Smart Availability® software program, at present introduced the final availability of DxEnterprise® model 20 (v20), engineered to enhance the Read More…

Untangle Extends SD-WAN Router Functionality with Leading Telco Certifications (PR Newswire) Untangle® Inc., a frontrunner in complete community safety for small-to-medium companies (SMBs) and distributed enterprises, at present introduced…

Noogata Unveils No-Code Platform to Scale Enterprise AI (PRWeb) Noogata, the chief in radically easy, no-code synthetic intelligence (AI) knowledge analytics for enterprises, at present introduced that it has secured a $12 mil

Datadobi Announces Support for File Data Protection on Microsoft Azure Blob Storage (BusinessWire) Datadobi at present introduced it has added help for Azure Blob storage in DobiProtect 5.11.

SD Elements by Security Compass Now Available in U.S. DoD Iron Bank Repository (Yahoo) Security Compass at present introduced that their flagship product, SD Elements, is now out there within the U.S. Department of Defense Iron Bank repository.

SteelCloud Awarded Enterprise License from an Army Component for STIG Compliance Software (PR Newswire) MetalCloud LLC, a number one STIG and CIS compliance automation software program developer, introduced at present that it’s has been awarded an…

Leslie Sims Joins Deloitte Digital as US Chief Creative Officer (MarTech Series) Today, Deloitte Digital, a artistic digital consultancy, introduced that award-winning artistic govt Leslie Sims has joined as managing director, Deloitte Consulting LLP, and U.S. chief artistic officer, serving as a central artistic chief for all of Deloitte Digital. Building on Deloitte Digital’s dedication and investments in artistic expertise,

Netsurion Announces Enhanced Partner Program Benefits (GlobeNewswire) Netsurion, a number one managed safety service supplier (MSSP), at present introduced the rollout of its new, enhanced Netsurion Partner Program for approved MSP and MSSP channel companions.

Satori Announces Data Users Directory for Streamlined Enterprise Data Access Management, GDPR Compliance (GlobeNewswire) Satori, the trade’s main supplier of Data Governance-as-a-Service and knowledge entry, at present introduced the Data Users Directory service, which leverages common knowledge entry teams to present prospects with a extra streamlined knowledge entitlement course of.

NetSfere Named as the Leading Secure Enterprise Messaging Platform as Compared to Microsoft Teams, Slack and Others Amid Growing Security & Privacy Concerns (GlobeNewswire) The newest Market Intelligence report particulars the present enterprise communication panorama in gentle of WhatsApp’s privateness coverage updates, highlighting the relevance for enabling safe worker communications post-COVID-19

DTEX Systems Enhances DTEX InTERCEPT for Hybrid and Cloud Server Infrastructures (Yahoo) DTEX Systems, the Workforce Cyber Intelligence CompanyTM, at present introduced that it has broadened the attain of its Workforce Cyber Security Platform, DTEX InTERCEPT, with enhanced capabilities to monitor and safe server infrastructures.

Technologies, Techniques, and Standards

NIST Risk Management Framework Team Did Some Spring Cleaning! (NIST) Check out our new and improved Risk Management Framework (RMF) web site that higher highlights the sources NIST developed to help implementers. In addition to the look, we now have:

Companies Turn to Fusion Centers to Deal With Cyber Intelligence Overload (Wall Street Journal) Deluged by alerts, safety professionals are automating information-sharing, and together with dangers like geopolitical, climate and bodily threats as nicely.

Protecting Digital Identity from Cyber Compromise (TAG Cyber) This reported, based mostly on a survey of cyber safety leaders on digital identity-related breaches, explores how the market is evolving and how enterprises can strategy securing digital identities with id governance.

Zscaler’s Stephen Kovac: Agencies Should Align Network Security to User, Data (GovCon Wire) Stephen Kovac, vice chairman of world authorities and head of company compliance at Zscaler, stated businesses want to develop a tailor-made strategy for safeguarding and monitoring site visitors as extra authorities data expertise customers join from gadgets past the community perimeter, ExecutiveBiz reported March 9.

Design and Innovation


Instagram will block direct messages to teens from adults they don’t follow (SeekingAlpha) Instagram (FB)has rolled out new safeguards for customers underneath the age of 18, which embrace prohibiting direct messages to teenagers from adults they do not comply with

Research and Development

Pentagon has new research center to link networks, communications (C4ISRNET) The $7.5 million funding for a brand new networked methods middle of excellence comes because the Defense Department appears to be like to advance its future joint war-fighting idea.

Army working on new cyber, electromagnetic weapons after large-scale test event (FedScoop) The Army just lately concluded a big occasion that examined new cyber and electromagnetic spectrum weapons in its tactical operations.

Legislation, Policy, and Regulation

UK Cyber Authority Urges Organizations to Install Microsoft Updates (Insurance Journal) Britain’s cyber safety physique urged organizations to set up the newest Microsoft updates as a matter of urgency on Friday, after the corporate

INDOPACOM Drafts Regional Strategy For All-Domain Ops (Breaking Defense) The rising Indo-Pacific Warfighting Concept has been drafted, however nonetheless has “a methods to go so far as working by way of the Department of Defense,” says INDOPACOM’s head of necessities, George Ka’iliwai.

US, EU must work together to counter China’s ‘bullying’, Nato chief urges (South China Morning Post) “If you’re involved in regards to the rise of China, the navy and financial power of China, that makes it much more essential that we stand collectively, Europe and North America in Nato,” stated Nato chief Jens Stoltenberg.

US Should Create New 3-Pronged Approach To Cybersecurity (Law360) Although the Biden administration’s current provision of $10 billion for cybersecurity infrastructure funding in response to final yr’s SolarWinds hack is an efficient begin, the U.S. ought to create a coordinated, multidisciplinary and systematic strategy to cybersecurity reform that’s proactive fairly than reactive, says Rebecca Rakoski at XPAN Law Partners.

Milton Security Applauds Biden’s American Rescue Plan Act of 2021 for Taking Cybersecurity Seriously (PR Newswire) Milton Security, a number one supplier of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, by means of CEO James McMurry, issued a proper…

The Cybersecurity 202: Congress mulls legislation to require companies to report major cyberattacks (Washington Post) The breaches of SolarWinds and Microsoft software program, which collectively ensnared the information of federal and native governments in addition to hundreds of different U.S. organizations, have renewed a longstanding debate: Should firms be required to report cybersecurity breaches to the federal government?

House Bill Aims to Strengthen CISA Role in ICS Cyber Protection (Meritalk) A bipartisan group of legislators has launched the Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act of 2021. The laws will solidify the Cybersecurity & Infrastructure Security Agency’s (CISA) lead position in defending important infrastructure – significantly industrial management methods (ICS) – from cyber threats.

The US must adopt Software Bill of Materials to thwart cyberattacks (TheHill) Government should work with software program distributors to implement safety requirements for the software program and companies they ship.

Litigation, Investigation, and Law Enforcement

Swiss Police Raid Over Hack on U.S. Security-Camera Company (SecurityWeek) Swiss authorities confirmed a police raid on the residence of a Swiss software program engineer who took credit score for serving to to break right into a U.S. security-camera firm’s on-line networks.

Gardaí investigating cyber attack on Fastway Couriers (The Irish News) GARDAÍ are investigating a cyber assault on a courier firm which focused the private particulars of tons of of hundreds of shoppers.

Students Sue Online Exam Proctoring Service ProctorU for Biometrics Violations Following Data Breach (LawStreetMedia) Online examination proctoring firms like ProctorU “have seen a big uptick in gentle of the COVID-19 pandemic, which has brought on establishments to transfer exams on-line. This has led to important privateness implications for college students”; particularly, three college students filed a class-action grievance on Friday within the Central District of Illinois towards ProctorU for alleged biometric violations, significantly after an information breach.

Robinhood Seeks To Nix Customers’ Data Breach Suit (Law360) Robinhood customers who declare to be affected by an information breach have not made the case that their losses have been the results of insufficient safety measures, the stock-trading platform has advised a California federal court docket.

Related Posts