Daily NCSC-FI news followup 2019-06-05

The EU Found Out That Its Embassy In Moscow Had Been Hacked But Kept
It A Secret
www.buzzfeednews.com/article/albertonardelli/eu-embassy-moscow-hack-russia
A sophisticated cyber espionage event began in February 2017. Russian
entities are believed to be behind the hack, a source told BuzzFeed
News.

The Most Expensive Lesson Of My Life: Details of SIM port hack
medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
I lost north of $100,000 last Wednesday. It evaporated over a 24-hour
time span in a SIM port attack that drained my Coinbase account.

Twitterbots: Anatomy of a Propaganda Campaign
www.symantec.com/blogs/threat-intelligence/twitterbots-propaganda-disinformation
Internet Research Agency archive reveals a vast, coordinated campaign
that was incredibly successful at pushing out and amplifying its
messages.. The operation was carefully planned, with accounts often
registered months before they were used and well in advance of the
2016 U.S. presidential election. The average time between account
creation and first tweet was 177 days.. In October 2018, Twitter
released a massive dataset of content posted on its service by the
Internet Research Agency (IRA), a Russian company responsible for the
largest propaganda campaign directed against the U.S.

UK Hasn’t Made Sufficient Progress for National Security Strategy
www.infosecurity-magazine.com/news/uk-hasnt-made-progress-security/
The National Cyber Security Centre (NCSC) has dealt with over 1,100
cybersecurity incidents since it was established in October 2016. CSC
chair Meg Hillier says that the UK will need to protect itself against
risks created by more and more services going online, but there is
concern that consumers do not know how well they are protected: “We
welcome the National Cyber Security Strategy but are concerned that
the program designed to deliver it is insufficien

440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups
threatpost.com/android-completely-obnoxious-pop-ups/145390/
The mobile ad plugin, found in hundreds of Google Play apps, uses
well-honed techniques from malware development to hide itself.. Over
440 million Android phones have been exposed to an obnoxious
advertising plugin hidden within hundreds of popular applications
available via Google Play, which ultimately can render phones almost
unusable.

Infosecurity Europe: Easing the Clash Between IT and OT
threatpost.com/infosecurity-europe-easing-the-clash-between-it-and-ot/145334/
Experts at Infosecurity Europe shed light on how IT and operational
technology teams can better collaborate as industrial IoT takes hold.

Crime doesn’t pay? Crime doesn’t do secure coding, either: Akamai
bug-hunters find hijack hole in bank phishing kit
www.theregister.co.uk/2019/06/05/akamai_phishing_kit_vuln/
Phishing kits used by miscreants to build webpages that steal
victims’ personal information and money by masquerading as legit
websites harbor vulnerabilities that can be exploited by other
miscreants to pilfer freshly stolen data.

Apple bans ads, third-party tracking in apps meant for kids
nakedsecurity.sophos.com/2019/06/05/apple-bans-ads-third-party-tracking-in-apps-meant-for-kids/
On Monday, Apple updated the Kids category in its App Store developer
guidelines to include a new ban on third-party advertising or
analytics (which are ostensibly used for tracking) in content aimed at
younger audiences.. Previously, the guidelines only restricted
behavioral advertising tracking e.g., advertisers werent allowed to
serve ads based on kids activity, plus ads had to be appropriate for
young audiences.

You might be interested in …

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More

Daily NCSC-FI news followup 2020-03-24

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. […]

Read More

Daily NCSC-FI news followup 2020-09-26

ThunderX ransomware silenced with release of a free decryptor www.bleepingcomputer.com/news/security/thunderx-ransomware-silenced-with-release-of-a-free-decryptor/ A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. When coffee makers are demanding a ransom, you know IoT is screwed arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/ Watch along as hacked machine grinds, beeps, and spews water. Threat […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.