Latest News Articles


--- TLP:WHITE ---

News

− Third French Hospital Hit by Cyberattack

A hospital in southwest France has seen some of its IT systems paralysed by a "ransomware" cyberattack, its management said Tuesday, the third such incident in the last month. Statement also states that it was the Egregor malware, that also attacked hospital in Dax-Cote D'Azur in February.

https://www.rfi.fr/en/france/20210311-third-french-hospital-immobilised-by-cyberattack-and-ransom-demand

− Microsoft Ships Critical Security flaws in Patch Bundle

Fixes urgently required for DNS and Exchange servers, as well as for all desktop Windows machines.

https://news.sophos.com/en-us/2021/03/09/critical-updates-dominate-march-2021-patch-tuesday-releases/

− Ransomware “Paralyzes” Spanish Employment Agency

Attack locks down workstations and remote worker laptops. Sources claim system was attacked via unpatched network device.

https://therecord.media/spanish-government-falls-victim-to-ryuk-ransomware-attack/

− Microsoft Exchange Server Attack Timeline

Based on the reconstructed timeline, it’s now clear that there were at least 58 days between the first known exploitation of this vulnerability on Jan. 3 and when Microsoft released the patch on March 2.

https://unit42.paloaltonetworks.com/microsoft-exchange-server-attack-timeline/

− Microsoft hack escalates as criminal groups rush to exploit flaws

Attack initially targeting ‘specific’ individuals turns to global free-for-all as criminal groups enter fray.

https://www.ft.com/content/74fa3de6-dd16-4dc5-9b69-38bde634adc3

Vulnerabilities

− This new Microsoft tool checks Exchange Servers for ProxyLogon hacks

Microsoft Defender has included security intelligence updates to the latest version of the Microsoft Safety Scanner (MSERT.EXE) to detect and remediate the latest threats known to abuse the Exchange Server vulnerabilities disclosed on March 2, 2021.

https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

− NCSC Alert Critical Vulnerabilities in Microsoft Exchange Servers - UPDATE2 (Indicators and Remediation for CVE-2021-26855, CVE-2021-26857,CVE-2021-26858 & CVE-2021-27065)

This updated Alert is being published in order to highlight to organisations the importance of carrying out investigative analysis to determine if Microsoft Exchange servers were compromised prior to patching the vulnerabilities below. Microsoft released details of four vulnerabilities which are currently being exploited by attackers in Microsoft Exchange Servers.

https://www.ncsc.gov.ie/pdfs/MSExchangeVulnerabilities_Update2.pdf

− F5 urges customers to patch critical BIG-IP pre-auth RCE bug

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software.

https://support.f5.com/csp/article/K02566623

− F5 Critical Vulnerabilities (CVE-2021-22986, CVE-2021-22987,CVE-2021-22988 & CVE-2021-20989)

On 10th March 2021, F5 released details of four critical CVEs with 3 further related CVEs. CSIRT-IE recommends that affected organisations review the overview from F5 and update as soon as possible.

https://www.ncsc.gov.ie/pdfs/F5-Mar21.pdf

--- TLP:WHITE ---