On Thu, 29 Apr 2021 11:02:55 +0100, Martin Brown
<'''
newspam'''@nonad.co.uk> wrote:
>I still have my email with Namesco who outsource it to MickeySoft.
>
>As from yesterday I have started getting message summaries from
>
Cor...@microsoft.com containing snippets of inbound email. It looks for
>all the world like hostile action by malware inside my PC.
>
>AV isn't seeing anything suspicious they are UTF-8 encoded and big.
>
>Subject: Your daily briefing
>
>Except that the first one announced this new service (I don't want) and
>the links do appear to point back to genuine Mickeysoft sites. Anyone
>else using Namesco/Microsoft365 email services seeing this too?
Nope, i.e. don't use Namesco anything, but the mention of Microsoft365
suggests an outside chance it may not be malware in your PC but
related to the Great Solarwinds Hack. Although the hack first came to
light circa December year, related news continues to surface in SANS
NewsBites.
https://www.sans.org/newsletters/newsbites/
For example, "SolarWinds: CERT-EU Says Six EU Agencies Affected"
Begin Quote
(April 15, 2021)
Officials from CERT-EU say that 14 EU agencies were running the
SolarWinds Orion IT monitoring platform, and that of those, six were
affected by the supply chain attack. Without offering details, CERT-EU
said that some agencies experienced “significant impact” and that some
personal data were compromised.
[SANS] Editor's Note
[Neely]
The risks from this attack weren’t limited to agencies. If you’ve not
looked at your SolarWinds install for IOCs, go to the CISA site
(
us-cert.cisa.gov: Alert (AA20-352A) | Advanced Persistent Threat
Compromise of Government Agencies, Critical Infrastructure, and
Private Sector Organizations) for vulnerability information,
mitigations as well as IOCs. Make sure there are no remnants,
forgotten or unpatched installations.
Read more in:
- therecord.media: SolarWinds hack affected six EU agencies
https://therecord.media/solarwinds-hack-affected-six-eu-agencies/
End Quote
However, this is from earlier in January:
"SolarWinds fallout: DOJ says hackers accessed its Microsoft O365
email server"
https://www.zdnet.com/article/solarwinds-fallout-doj-says-hackers-accessed-its-microsoft-o365-email-server/
Chris S
>Hope you are all OK after the lockdown and enjoying the improving spring
>weather. BTW we just had a shower of soft hail so grass is white here!
--
Demon Customer 1993 - 2015; Gradwell Customer 2002 - 2016; now with Zen for connectivity and Tsohost
for web/email hosting (last Gradwell hosted domains migrated October 2016).