(BEIJING) Microsoft Cybersecurity Report: China has roundly rejected the “groundless” and “irresponsible” hacking allegations made by the United States and its allies, saying they are “fabricated out of nothing.” #AceNewsDesk report

#AceSecurityDesk says China: US-led hacking allegations fabricated out of nothing AceDailyNews said US for first time accuses China of cyberattacks, including Microsoft hackThe United States has formally accused the Chinese government of widespread destabilizing activities in cyberspace.

Tuesday, 20 July 2021 6:23 AM  [ Last Update: Tuesday, 20 July 2021 9:46 AM ]

US Rep. Ilhan Omar (D-MN) (L) talks with Speaker of the House Nancy Pelosi (D-CA) during a rally with fellow Democrats before voting on H.R. 1, or the People Act, on the East Steps of the US Capitol on March 08, 2019 in Washington, DC. (AFP photo)
PRESS TV REPORT:

Chinese Foreign Ministry spokesman Zhao Lijian hit back at Washington on Tuesday, calling the US the “world champion” of cyber-attacks.

“The US has mustered its allies to carry out unreasonable criticisms against China on the issue of cybersecurity,” he said. “This move is fabricated out of nothing.”

In a coordinated move, Washington and several allies in Europe and Asia publicly accused Beijing of hacking the Microsoft Exchange Server software in March. Microsoft Exchange is an email platform used by corporations around the world.

Senior US officials claimed that hackers tied to China’s Ministry of State Security carried out the unusually indiscriminate hacking. Secretary of State Antony Blinken said on Monday that Washington and “countries around the world” are holding China “accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.”

Japanese government spokesperson Katsunobu Kato followed suit on Tuesday, saying that Japanese companies had been targeted by a hacking group called APT40. He alleged that “the Chinese government is highly likely” behind the attack.

US for first time accuses China of cyberattacks, including Microsoft hack

Earlier, China’s diplomatic missions around the world reacted to the charges.

The Chinese Embassy in New Zealand’s capital, Wellington, said the accusations were “totally groundless and irresponsible” and a “malicious smear.”

“Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents,” said the embassy.

The Chinese mission in Canberra said Australia was “parroting” US rhetoric. It also described the US as “the world champion of malicious cyber-attacks.”

The United Kingdom (UK) and European Union (EU) also joined the others in accusing China of carrying out hacking attacks, which they alleged to have targeted an estimated hundreds of thousands of mostly small businesses and organizations.

The Chinese Embassy in Norway also reacted to the allegations made by Oslo, saying that Beijing was a staunch defender of cyber security and was resolutely opposed to any form of cyberattacks.

“It is reasonable to question and doubt whether this is a collusively political manipulation,” it said, demanding that Oslo provide evidence for the claims. The embassy said that Beijing was “willing to cooperate with all relevant parties, based on facts and evidence, to jointly combat illegal activities in cyber space.”

The US-led global campaign against China is an apparent move to open a new front in cyber offensive following years of blaming Russia for cyberattacks against American organizations. Moscow time and again denied involvement.

#AceNewsDesk report ……..Published: July.21: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#beijing, #china, #cybersecurity-2, #five-eyes, #hacking, #microsoft

(WASHINGTON) Microsoft Report: Biden administration together with 39-countries accuse China of Cybersecurity attack as they have slammed “groundless” claims that it carried out a major cyber-attack against tech giant Microsoft #AceNewsDesk report

#AceNewsReport – July.20: A group of Western countries had accused China of hacking Microsoft Exchange – a popular email platform used by companies worldwide…..

#AceSecurityDesk reports that Microsoft Exchange: Cyberattack was China taking advantage of the email vulnerability in January but Chinese authorities slam ‘groundless’ hacking claims…..but ‘Five Eyes’ says they provide a ‘Clear & Present Danger’ …….

The Five Eyes – The Intelligence Alliance of the Anglosphere bringing together the group brings the UK, the United States, Canada, Australia and New Zealand into the world’s most complete and comprehensive intelligence alliance.

Five Eyes (FVEY) Report: April 14, 2020

The Five Eyes (FVEY) is widely regarded as the world’s most significant intelligence alliance. The origins of it can be traced back to the context of the Second World War and by its necessity of sharing vital information mainly between Britain and the United States so both countries could enhance their close war effort.

The Five Eyes was formally founded in the aftermath of the Second World War, through the multilateral agreement for co-operation in signals intelligence (SIGINT), known as the UKUSA Agreement, on 5 March 1946.

Initially, compromising only the UK and the United States, it expanded to also include Canada in 1948 and Australia and New Zealand in 1956, all of these last three English-speaking countries, members of the Commonwealth of Nations and with similar political systems when compared to Britain. Thereby, the ‘Five Eyes’ term was created from the lengthy ‘AUS/CAN/NZ/UK/ Eyes Only’ classification level that included the ‘eyes’ that could have access to high profile papers and information.

Microsoft logo seen displayed on a smartphone
The Microsoft hack affected at least 30,000 organisations globally


https://www.bbc.co.uk/news/world-asia-china-57898147

The joint statement accused the Chinese Ministry of State Security (MSS) of undermining global stability and security.

China has always maintained that it opposes all forms of cyber-crime.

On Monday, New Zealand joined the group of countries including the UK, US and Australia in blaming Chinese state-sponsored actors for “malicious cyber activity” in the country, including the Microsoft attack. 

The Chinese Embassy in Wellington called the accusations “groundless and irresponsible”. 

“The Chinese government is a staunch defender of cyber security,” said a statement published by the embassy in response to a question from reporters. 

“Making accusations without [proof] is malicious.”

The Chinese embassy in Australia echoed these remarks, describing Washington as “the world champion of malicious cyber attacks”. 

A scaled up attack

The Microsoft hack affected at least 30,000 organisations globally. 

The Exchange system powers the email of major corporations, small businesses and public bodies worldwide.

Microsoft blamed a Chinese cyber-espionage group for exploiting a vulnerability in Microsoft Exchange – which allowed hackers to remotely access email inboxes.

The group, known as Hafnium, was found by Microsoft’s Threat Intelligence Centre to be state-sponsored and operating out of China. 

Western security sources believe Hafnium obtained advance knowledge that Microsoft intended to patch or close the vulnerability, and so shared it with other China-based groups to maximise the benefit before it became obsolete.

“We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain,” a security source told the BBC and China accused of cyber-attack on Microsoft

The hack signalled a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating, according to Western security services.

The UK Foreign Office said the Chinese government had “ignored repeated calls to end its reckless campaign, instead allowing state-backed actors to increase the scale of their attacks and act recklessly when caught”.

The White House said it reserved the right to take additional action against China over its cyber activities.

US President Joe Biden told reporters that the Chinese government may not have been carrying out the attacks themselves, but were ” protecting those who are doing it. And maybe even accommodating them being able to do it.”

The US Department of Justice has also announced criminal charges against four MSS hackers which it said were linked to a long-term campaign targeting foreign governments and entities in key sectors in a least a dozen countries.Nato warns cyber attacks could result in a military land incursion from allies

#AceNewsDesk report ……….Published: July.20: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#australia, #five-eyes, #microsoft, #u-k, #united-states, #washington

(WORLDWIDE) #Cybersecurity Attack Report: The gang behind a “colossal” ransomware attack has demanded $70m (£50.5m) paid in Bitcoin in return for a “universal decryptor” that it says will unlock the files of all victims #AceNewsDesk report

#AceSecurityReport – July.06: But because Kaseya provides software to managed service providers, firms which themselves provide outsourced IT services to other companies, the number of victims may be much greater.

#AceSecurityDesk UPDATE: Says that a Gang behind huge cyber-attack demands $70m in Bitcoin and the REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million “systems”BBC Tech has reported after we published this on Monday about 17-countries being attacked and over 200-companies and this number has not been verified and the exact total of victims is unknown: However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand. …….Two Dutch IT firms have also been hit, according to local media reports.

Illustration of ransomware
Ransomeware Attack

Counting victims

On Friday, cyber-security firm Huntress Labs estimated about 200 firms had been affected: The “supply chain” attack initially targeted Kaseya, before spreading through corporate networks that use its software.

Kaseya said that fewer than 40 of its own customers had been affected: And the number of individual computer systems within those victim organisations could be greater still.

Kaseya chief executive Fred Voccola told the Associated Press that the number of victims would probably be in the low thousands, made up of small organisations such as dental practices and libraries.

For hundreds, perhaps thousands, of IT teams around the world this ransomware attack is a horrendous headache that is still growing.But the way the cyber-security world has pulled together to reduce the impact of the attack has been incredible. Cyber-defenders, both private and public sector, have been issuing alerts while experts work out how best to untangle the web of victims.

There could have been far more victims if it wasn’t for a busy and stressful weekend of work: However, we now know that the secret digital doorway in the Kaseya system that let in the REvil hackers was known about before the attack.Researchers from the Dutch Institute for Vulnerability Disclosure found the problem and were helping Kaseya plug the hole long before the hackers found it.It was a case of the good hackers racing to stop the bad hackers from getting in and, as Victor Gevers from the institute puts it: “Unfortunately, we were beaten by REvil in the final sprint.”This case shows how skilled, persistent and determined these criminals are, and that in spite of all the efforts of the cyber-security world, we are losing the race against ransomware. “

#AceSecurityDesk reported that ……..DarkSide ransomware group, responsible for shutting down the Colonial Oil Pipeline.“Following the money remains one of the most basic, yet powerful tools we have”, said Deputy Attorney General Lisa O. Monaco.Tom Robinson, founder and chief scientist of the firm Elliptic, which analyses bitcoin payments, told the BBC it had observed REvil continuing to negotiate with individual customers for smaller ransoms of about $200,000, despite the $70m request to unlock everything. He said REvil preferred to use Monero, but it would be difficult to purchase $70m of the currency for practical and regulatory reasons.But he said: “More and more ransomware operators are asking for Monero.”

The scale and sophistication of this global crime is rare, if not unprecedented,” Prof Ciaran Martin, founder of the National Cyber Security Centre, told Radio 4’s Today programme.Most of REvil’s members are believed to be based in Russia or countries that were formerly part of the Soviet Union.Prof Martin criticised Russia for providing a safe environment for ransomware hackers, but said that the West was making it too easy for these gangs to be paid and “unsurprisingly they are coming back for more”.Getty ImagesTraceable BitcoinExperts have expressed surprise at the group’s demand that the ransom should be paid in Bitcoin, as opposed to harder-to-trace cryptocurrencies such as Monero.

On Twitter, Prof Martin called REvil’s decision to demand payment in Bitcoin, “weird”.Earlier this month the US Justice Department announced it had traced and seized millions of dollars worth of bitcoin paid to the

Providers: #AceSecurityDesk / AP/BBC/

#AceNewsDesk report ………Published: July.06: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybersecurity-2, #hacked, #usa

(WASHINGTON) JUST IN: The US Cybersecurity & Infrastructure Agency Report: That it was taking action after 200 US businesses have been hit by a “colossal” ransomware attack, according to a cyber-security firm #AceNewsDesk report

#AceNewsReport – July.03: Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

#AceSecurityDesk says that acording to the BBC a number of US companies have been hit by a ‘colossal’ cyber-attack and according to the US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack and its source ….

1 hour ago

Hands typing on a keyboard

FBI accuses Russia-linked hackers of attack on JBSThe ransomware surge ruining livesShould paying hacker ransoms be banned?The group sometimes threatens to post stolen documents on its website – known as the “Happy Blog” – if victims don’t comply with its demands.REvil was also linked to a co-ordinated attack on nearly two dozen local governments in Texas in 2019.

Kaseya said in a statement on its own website that it was investigating a “potential attack”.

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.

The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.

Another supply-chain attack nightmareThe two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.

Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim’s computer system.In this latest incident the hackers showed that by going after the software supplier of multiple organisations they can pop dozens, perhaps hundreds of victims in one go. We’ve seen horrendous supply chain attacks in the past but this one has the potential to be the biggest incident involving ransomware yet.It shows that ransomware gangs are thinking creatively about how to have the most impact possible and command the biggest ransom possible.Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack.The company said it was urging customers that use its VSA tool to immediately shut down their servers.

Kaseya said in its statement that a “small number” of companies had been affected, though Huntress Labs said the number was greater than 200.It is not clear what specific companies have been affected and a Kaseya representative contacted by the BBC declined to give details.Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.Technology explained: what is ransomware?”This is a colossal and devastating supply chain attack,” Huntress Labs’ senior security researcher John Hammond said in an email to Reuters news agency.At a summit in Geneva last month, US President Joe Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber-attacks.Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject to hacking.REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.The gang was blamed by the FBI for a hack in May that paralysed operations at JBS – the world’s largest meat supplier.

#AceNewsDesk report …Published: July.03: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybersecurity-2, #ransomeware, #washington

(SILICON VALLEY, Calif.) JUST IN: Encrypted messaging application Wickr has been procured by Amazon for an undisclosed sum. The app, advertised as one of the most secure on the market, has been in use by multiple US government agencies #AceNewsDesk report

#AceNewsReport – June.26: The deal was announced by the two companies on Friday, with neither disclosing any figures: We are pleased to share that Wickr has been acquired by Amazon and is now part of the Amazon Web Services (AWS) team. We’re proud to have created highly trusted, secure communication solutions for messaging, video conferencing, file sharing, and more,” Wickr said in a statement posted on its website:

#AceSecurityDesk says that Amazon has acquired messaging app Wickr that carries ‘double encryption’ and is used by Pentagon and other agencies and

Amazon acquires secure messaging app Wickr used by Pentagon

AWS is offering Wickr services effective immediately and Wickr customers, channel, and business partners can continue to use Wickr’s services as they do today,” Amazon said in a statement.

26 Jun, 2021 10:13 

Chat app sting tells US intel agencies are interested in more than just ‘backdoors’, CIA whistleblower John Kiriakou tells RT

Chat app sting tells US intel agencies are interested in more than just ‘backdoors’, CIA whistleblower John Kiriakou tells RT

Founded back in 2012, the company is best known for its free app, allowing users to send encrypted messages, as well as make supposedly secure video and audio calls. The application also boasts an auto-burn feature, with messages getting deleted from user’s devices after a certain period of time. The company claims the mechanism is so secure that said messages “can never be recovered.”

Apart from maintaining the free app, Wickr has also offered paid plans for organizations, government agencies, and specifically for militaries. Among its “customers and partners,” the company lists the US Department of Defense, and Spirit of America, a US military-linked non-profit.

Amazon has said the purchase will not make any difference for Wickr users, with the application now immediately available through the AWS.

The purchase will, however, probably make a difference for Amazon itself, as the tech behemoth has now entered the secure messaging app game. Moreover, the purchase will likely help the company to get even cozier with Washington, given that US government agencies already use its freshly procured application after EU-bankrolled cybersecurity firm develops intrusive tech that allows ‘anonymous’ snooping & remote control of net devices – media

The procurement might also help Amazon to make up for the loss of the long-delayed $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud computing contract with the Pentagon. While the contract was considered by multiple experts to be a done deal for Amazon, it was contested by other tech giants and ultimately won by Microsoft. Since then, Amazon has been leading a legal fight, trying to prove that Washington influenced the deal.

#AceNewsDesk report ……Published: Jun.26: 2021:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#amazon, #aws, #california, #silicon-valley

(SILICONE VALLEY, Calif.) Private Data Report: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online #AceSecurityDesk report

#AceSecurityReport – Apr.05: The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses:

533 million Facebook users’ phone numbers and personal data have been leaked online: ‘Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number According a Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

2021-04-03T14:41:27Z

  • The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum.
  • The data includes phone numbers, full names, location, email address, and biographical information.
  • Security researchers warn that the data could be used by hackers to impersonate people and commit fraud.

While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider.

Gal first discovered the leaked data in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported on that bot’s existence at the time and verified that the data was legitimate.

Now, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.

—Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

Insider attempted to reach the leaker through messaging app Telegram but did not get a response.

This is not the first time that a huge number of Facebook users’ phone numbers have been found exposed online. The vulnerability that was uncovered in 2019 allowed millions of people’s phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019. 

Facebook previously vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.

Gal said that, from a security standpoint, there’s not much Facebook can do to help users affected by the breach since their data is already out in the open — but he added that Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud using their personal data.

“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”

#AceSecurityDesk report ……….Published: Apr.05: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#california, #cyberattack, #data, #hacked

(CALIFORNIA) Ace Security Report: Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials by leveraging ‘ Fake CAPTCHA’ system #AceSecurityDesk report

#AceSecurityReport – Mar.11: The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies:

microsoft office 365 phishing attack

Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords: According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a servicethat helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).

March 8, 2021 12:04 pm

A phishing attack targeting Microsoft users leverages a bogus Google reCAPTCHA system.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies.

“The attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data,” said researchers with Zscaler’s ThreatLabZ security research team on Friday. “The aim of these campaigns is to steal these victims’ login credentials to allow threat actors access to valuable company assets.”

Fake Phishing Emails: Voicemail Attachments

The phishing emails pretend to be automated emails from victims’ unified communications tools, which say that they have a voicemail attachment. For instance, one email tells users that “(503) ***-6719 has left you a message 35 second(s) long on Jan 20” along with a lone attachment that’s titled “vmail-219.HTM.” Another tells email recipients to “REVIEW SECURE DOCUMENT.”

phishing attack microsoft

The phishing email sample. Credit: Zscaler

When the victims click on the attachment, they then encounter the fake Google reCAPTCHA screen, which contains a typical reCAPTCHA box – featuring a checkbox that the user must click that says “I’m not a robot,” which then triggers the turing test.

After filling out the fake reCAPTCHA system, victims are then directed to what appears to be a Microsoft login screen. The login pages also contain different logos from the companies which victims work at – such as one containing a logo from software company ScienceLogic and another from office rental company BizSpace. This reveals that attackers have done their homework and are customizing their phishing landing pages to fit their victims’ profile, in order to make the attack appear more legitimate.

Victims are asked to input their credentials into the system; once they do so, a message tells them that the validation was “successful” and that they are being redirected.

phishing microsoft

The phishing landing page mimics Microsoft’s login page. Credit: Zscaler

“After giving the login credentials, the phishing campaign will show a fake message that says ‘Validation successful,’” said researchers. “Users are then shown a recording of a voicemail message that they can play, allowing threat actors to avoid suspicion.”

Researchers found a variety of phishing pages associated with the campaign, which were hosted using generic top level domains such as .xyz, .club and .online. These top level domains are typically utilized by cybercriminals in spam and phishing attacks. That’s because they can be purchased for less than $1 each – a low price for adding a level of believability to phishing campaigns.

More Phishing Attacks on Fake Google reCAPTCHA Tactic

microsoft phishing attack

Credit: Zscaler

Adversaries have been leveraging bogus reCAPTCHA systems in their attacks for years. For instance, in 2019, a malware campaign targeted a Polish bank and its users with emails containing a link to a malicious PHP file, which eventually downloaded the BankBot malware onto victims’ systems. The attackers used a fake Google reCAPTCHA system to seem more realistic.

Another phishing attack in February purported to be sent from a voicemail service and contained a link to play the voice message “Play Audi Date.wav,” eventually redirecting victims to a malicious site with a reCAPTCHA message.

Both of the above examples show that reCAPTCHA continues to be used in phishing attacks, as the tactic successfully adds legitimacy to the attack: “Similar phishing campaigns utilizing fake Google reCAPTCHAs have been observed for several years, but this specific campaign targeting executives across specific industry verticals started in December 2020,” noted researchers.

Microsoft Office 365 users have faced several sophisticated phishing attacks and scams over the past few months. In October, researchers warned of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aimed to steal Office 365 recipients’ login credentials. Also in October, an Office365 credential-phishing attack targeted the hospitality industry, using visual CAPTCHAs to avoid detection and appear legitimate. Phishing attackers have also adopted new tactics like Google Translate or  custom fonts to make the scams seem more legitimate.

Share this article:

#AceSecurityDesk report …….Published: Mar.11: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#captcha, #google, #microsoft, #phishing

(CHILE) JUST IN: Chilean Bank ‘ Banco Estado ‘ has shut-down all its branches on Monday after a ‘ Ransomware Attack ‘ over the weekend they said in a statement on their twitter account #AceSecurityDesk report

#AceSecurityReport – Sept.08: BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. From a report: “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday:

Chilean bank suffers ‘ Ransomware ‘ attack over the weekend causing shut-down of all of its branches on Monday according to a tweet ZNet,Com/

Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware: The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank’s network:

All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.

September.07, 2020 — 16:31 GMT (17:31 BST)

“Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday.

Información importante sobre nuestra red de atención pic.twitter.com/CfFeb9tCzK

— BancoEstado (@BancoEstado) September 7, 2020

Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware: The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank’s network.

Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank’s network and install ransomware: Bank employees working weekend shifts discovered the attack when they couldn’t access their work files on Saturday.

‘ BancoEstado reported the incident to Chilean police, and on the same day, the Chilean government sent out a nationwide cyber-security alert warning about a ransomware campaign targeting the private sector ‘

While initially, the bank hoped to recover from the attack unnoticed, the damage was extensive, according to sources, with the ransomware encrypting the vast majority of internal servers and employee workstations: The bank initially disclosed the attack on Sunday, but as time went by, bank officials realized employees wouldn’t be able to work on Monday, and decided to keep branches closed, while they recover:

#AceSecurityDesk report ………..Published: Sept.08: 2020:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

(BEIJING, China.) Great Firewall Report: Government ‘ BLOCKS ALL ENCRYPTED HTTPS + TLS1.3+ESNI CONNECTIONS ‘ from ‘ End of July ‘ according to iYouPort and the University of Maryland #AceSecurityDesk report

#AceSecurityReport – Aug.13: The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies: The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organisations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI

The block was put in place at the end of July and is enforced via China’s Great Firewall.

Catalin Cimpanu August.08: 2020 — 18:04 GMT (19:04 BST) ZDNet.Com/

China now blocking HTTPS+TLS1.3+ESNI: Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication)

Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols — such as TLS 1.1 or 1.2, or SNI (Server Name Indication) For HTTPS connections set up via these older protocols, Chinese censors can infer to what domain a user is trying to connect. This is done by looking at the (plaintext) SNI field in the early stages of an HTTPS connections: In HTTPS connections set up via the newer TLS 1.3, the SNI field can be hidden via ESNI, the encrypted version of the old SNI. As TLS 1.3 usage continues to grow around the web, HTTPS traffic where TLS 1.3 and ESNI is used is now giving Chinese sensors headaches, as they’re now finding it harder to filter HTTPS traffic and control what content the Chinese population can access:

tls13-stats.pngImage: Qualys SSL Labs (via SixGen)

Per the findings of the joint report: TheChinese government is currently dropping all HTTPS traffic where TLS 1.3 and ESNI are used, and temporarily banning the IP addresses involved in the connection, for small intervals of time that can vary between two and three minutes:

Some circumvention methods exist… for now

For now, iYouPort, the University of Maryland, and the Great Firewall Report said they were able to find six circumvention techniques that can be applied client-side (inside apps and software) and four that can be applied server-side (on servers and app backends) to bypass the GFW’s current block: “Unfortunately, these specific strategies may not be a long-term solution: as the cat and mouse game progresses, the Great Firewall will likely to continue to improve its censorship capabilities,” the three organizations also added.

ZDNet also confirmed the report’s findings with two additional sources — namely members of a US telecommunications provider and an internet exchange point (IXP) — using instructions provided in this mailing list.

Article updated to clarify some technical terms.

#AceSecurityDesk report …………Published: Aug.13: 2020:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com