At least 10 hacking groups using Microsoft software flaw — researchers

FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
Short Url
Updated 11 March 2021

At least 10 hacking groups using Microsoft software flaw — researchers

At least 10 hacking groups using Microsoft software flaw — researchers
  • The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage
  • Microsoft has blamed the hack on China. The Chinese government denies any role

WASHINGTON: At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.
The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them.
While Microsoft has issued fixes, the sluggish pace of many customers’ updates — which experts attribute in part to the complexity of Exchange’s architecture — means the field remains at least partially open to hackers of all stripes. The patches do not remove any back door access that has already been left on the machines.
In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over.
Microsoft declined comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”
Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks — several of which other researchers have tied to China. Microsoft has blamed the hack on China. The Chinese government denies any role.
Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, a director with cybersecurity company FireEye Inc. , said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
Taiwan-based researchers reported to Microsoft on Jan. 5 that they had found two new flaws which need patching. Those two were among those that began being used by the attackers shortly before or after the friendly report.
They said were investigating whether there had been a theft or leak on their side, since exploitation was discovered in the wild the same week later. So far, the group called Devcore said, they had found no evidence.
Top-flight hackers are also commonly targeted by other hackers. Just this week, Microsoft patched one of the flaws used by suspected North Koreans in attempts to steal information from Western researchers.
But simultaneous discovery happens fairly often, in part because researchers use the same or similar tools to hunt for serious flaws, and many eyes are looking at the same high-value targets.
“It is very likely that some actor groups may have being using these vulnerabilities and led to the result of the attacks being observed by other information security vendors,” Devcore member Bowen Hsu told Reuters.
But the security industry has been abuzz with other theories, including a hack of Microsoft’s systems for tracking bugs, which has happened in the past.

 

 


Greek islands to get accelerated vaccination program

Greek islands to get accelerated vaccination program
Updated 25 min 39 sec ago

Greek islands to get accelerated vaccination program

Greek islands to get accelerated vaccination program
  • Priority for age groups and medical vulnerability waived in favour of permanent residents of nearly 100 islands
  • Islanders make up around 1.5 million of Greece’s population of 10.7 million

NAXOS, Greece: A vaccination program for Greek islands is being accelerated to cover all local residents by the end of June, the government announced Tuesday ahead of the launch of the tourism season.
Prime Minister Kyriakos Mitsotakis said a nationwide priority system for age groups and medical vulnerability was being waived for permanent residents of nearly 100 islands.
“This initiative is aimed at supporting local island communities and their economy and it also aspires to send a positive overall message for our tourism,” Mitsotakis said.
Greece is fighting to revive its key tourism sector that was battered by the pandemic in 2020 but its vaccination rates remain below the European Union average and the country has only recently stabilized a surge in cases.
Islanders make up around 1.5 million of Greece’s population of 10.7 million. Many holiday islands have a year-round population of under 10,000, while Crete has the largest with more than 600,000 residents, followed by Evia, Rhodes, Corfu, Lesbos, and Chios. The tourism season will officially start Friday.


Sweden reports 13,812 new COVID-19 cases, 44 deaths since Friday

Sweden reports 13,812 new COVID-19 cases, 44 deaths since Friday
Updated 11 May 2021

Sweden reports 13,812 new COVID-19 cases, 44 deaths since Friday

Sweden reports 13,812 new COVID-19 cases, 44 deaths since Friday
  • Sweden of 10 million inhabitants registered 44 new deaths, taking the total to 14,217
  • The deaths registered have occurred over several days and sometimes weeks

STOCKHOLM: Sweden, which has shunned lockdowns throughout the pandemic, has registered 13,812 new coronavirus cases since Friday, health agency statistics showed on Tuesday.
The figure compared with 14,950 cases during the corresponding period last week.
The country of 10 million inhabitants registered 44 new deaths, taking the total to 14,217.
The deaths registered have occurred over several days and sometimes weeks.
Sweden’s death rate per capita is many times higher than that of its Nordic neighbors’ but lower than in most European countries that opted for lockdowns.


At least 9 dead in Russian high school shooting

At least 9 dead in Russian high school shooting
Updated 11 May 2021

At least 9 dead in Russian high school shooting

At least 9 dead in Russian high school shooting
  • RIA Novosti news agency reported that a teenager was detained
  • Local officials said some children were evacuated from the school but others still remained in the building

MOSCOW: A school shooting erupted Tuesday in the Russian city of Kazan, leaving eight students and one teacher dead, Russia’s state RIA Novosti news agency reported, citing local emergency services.
According to the Interfax news agency, two gunmen opened fire in the school, and one of them — a 17-year-old — has already been apprehended.

“According to preliminary information, the second attacker in the school in Kazan who remained in the building was killed,” the TASS state news agency reported, citing a law enforcement source.
Local officials said some children were evacuated from the school but others still remained in the building. Authorities said additional security measures have been put into place in all schools in Kazan, the capital of Russia’s Tatarstan region, roughly 700 kilometers (430 miles) east of Moscow.
While school shootings are relatively rare in Russia, there have been several violent attacks on schools in recent years, mostly carried out by students.


India’s seven-day COVID-19 average at new high, WHO issues warning on strain

India’s seven-day COVID-19 average at new high, WHO issues warning on strain
Updated 11 May 2021

India’s seven-day COVID-19 average at new high, WHO issues warning on strain

India’s seven-day COVID-19 average at new high, WHO issues warning on strain
  • The seven-day average of new cases is at a record high of 390,995

BENGALURU: India’s coronavirus crisis showed scant sign of easing on Tuesday, with a seven-day average of new cases at a record high and international heath authorities warning the country’s variant of the virus poses a global concern.
India’s daily coronavirus cases rose by 329,942, while deaths from the disease rose by 3,876, according to the health ministry. India’s total coronavirus infections are now at 22.99 million, while total fatalities rose to 249,992.
India leads the world in the daily average number of new deaths reported, accounting for one in every three deaths reported worldwide each day, according to a Reuters tally.
The seven-day average of new cases is at a record high of 390,995.
The World Health Organization said the coronavirus variant first identified in the country last year was being classified as a variant of global concern, with some preliminary studies showing that it spreads more easily.
“We are classifying this as a variant of concern at a global level,” Maria Van Kerkhove, WHO technical lead on COVID-19, told a briefing in Geneva on Monday. “There is some available information to suggest increased transmissibility.” Nations around the globe have sent oxygen cylinders and other medical gear to support India’s crisis, but many hospitals around the nation are struggling with a shortage of the life-saving equipment.
Eleven people died late on Monday in a government hospital in Tirupati, a city in the southern state of Andhra Pradesh, due to a delay in the arrival of a tanker carrying oxygen, a government official said.
“There were issues with oxygen pressure due to low availability. It all happened within a span of five minutes,” said M Harinarayan, the district’s top bureaucrat said late on Monday, adding the SVR Ruia hospital now had sufficient oxygen.
Sixteen faculty members and a number of retired teachers and employees who had been living on the campus of Aligarh Muslim University, one of India’s most prestigious, had died of coronavirus, the university said.
Adding to the strain on medical facilities, the Indian government has told doctors to look out for signs of mucormycosis or “black fungus” in COVID-19 patients as hospitals report a rise in cases of the rare but potentially fatal infection.
The disease, which can lead to blackening or discoloration over the nose, blurred or double vision, chest pain, breathing difficulties and coughing blood, is strongly linked to diabetes. And diabetes can in turn be exacerbated by steroids such as dexamethasone, used to treat severe COVID-19.
Doctors in the country had to warn against the practice of using cow dung in the belief it will ward off COVID-19, saying there is no scientific evidence for its effectiveness and that it risks spreading other diseases.
In the state of Gujarat in western India, some believers have been going to cow shelters once a week to cover their bodies in cow dung and urine in the hope it will boost their immunity against, or help them recover from, the coronavirus.
“There is no concrete scientific evidence that cow dung or urine work to boost immunity against COVID-19, it is based entirely on belief,” said Dr. J.A. Jayalal, national president at the Indian Medical Association.
India’s second wave has increased calls for a nationwide lockdown and prompted a growing number of states to impose tougher restrictions, impacting businesses and the wider economy.
Production of the Apple iPhone 12 at a Foxconn factory in the southern state of Tamil Nadu has slumped by more than 50 percent because workers infected with COVID-19 have had to leave their posts, two sources told Reuters.
(Reporting by Nivedita Bhattacharjee, Anuron Kumar Mitra, Kannaki Deka, Manas Mishra in Bengaluru and Sudarshan Varadhan in Chennai; Writing by Lincoln Feast; Editing by Raju Gopalakrishnan)


Security experts downplay uranium discovery in Mumbai

Security experts downplay uranium discovery in Mumbai
Updated 11 May 2021

Security experts downplay uranium discovery in Mumbai

Security experts downplay uranium discovery in Mumbai

NEW DELHI: Experts said on Monday that a discovery of uranium was no cause for concern as it did not pose a security threat.
The comments came a day after India’s counterterrorism organization, the National Investigative Agency (NIA), took over the probe of a case involving the recovery of more than 7kg of natural uranium in Mumbai.
“I see a remote possibility of such uranium being misused to pose a threat to the nation,” Rajiv Nayan, a New Delhi-based expert on nonproliferation and arms control at the Manohar Parrikar Institute of Defence Studies and Analyses (IDSA) think tank, told Arab News.
“Theoretically, the possibility of misuse is there, but only details will tell when the persons reveal why they were carrying the natural uranium,” Nayan added.
On May 5, the Anti-Terrorism Squad (ATS) in the western Indian state of Maharashtra arrested two individuals for the possession of 7.1 kg of natural uranium worth $3 million in Mumbai.
The ATS lodged a case against Jigar Jayesh Pandya, 27, and Abu Tahir Afzal Choudhary, 31, before sending the samples to the Bhabha Atomic Research Centre (BARC) in Mumbai — India’s premier nuclear research facility — for testing.
On Thursday, the BARC confirmed that the substance was natural uranium.
According to officials, the duo was attempting to sell the uranium online when the ATS sent a fake customer and secured a substance sample. On Sunday, the NIA took control of the case and registered it under Section 24(1)(a) of the Atomic Energy Act (1962), which makes the possession of uranium without a license illegal and invites stringent punishment.
Both the ATS and the NIA were unavailable for comment when contacted by Arab News on Monday. However, according to media reports, Tahir’s father owns a scrapyard in the Mankhurd area of Mumbai and bought a truck full of factory waste two years ago. The uranium was reportedly among other forms of industrial waste found on the vehicle. This is not the first time authorities have recovered the radioactive material, with Ajay Sahni, a New Delhi-based security expert and director of the Institute for Conflict Management, saying that “such seizures of uranium have taken place.”
Sahni told Arab News: “In the late 1990s or early 2000s, a couple of scrap dealers had picked up quantities of uranium and arrested them. These are low-level people who have accidentally come across a certain amount of uranium and hope to make a little bit of money out of it.”
He added: “I don’t think it raises any basic question of critical security importance. It raises questions of how such material is handled and safeguarded in the country.”
However, he warned that “if it falls into the wrong hands it can be used for very dangerous ends.
“We don’t know the details. It could depend on the nature of individuals and possible connections with terrorists or whether this could have been acquired by terrorists.
“They are not interested in using it for any particular purpose, or they were trying to make money. It depends where something like this goes.”
Sahni termed the find as a “failure” of India’s security system to manage or guard the uranium flow.
“This is a failure of the security system, but it is not easy to say whether it represents a major security failure,” he added.