The Worm That Nearly Ate the Internet
www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer.
Nordean palveluissa häiriöitä jatkuneet jo tuntien ajan
www.tivi.fi/uutiset/tv/5156b4b9-db06-4dc0-a465-e156836e785c Joitakin Nordean verkko- ja mobiilipankin palveluita vaivaa tilapäinen häiriö.
Trump officials weigh encryption crackdown
www.politico.com/story/2019/06/27/trump-officials-weigh-encryption-crackdown-1385306 Senior Trump administration officials met on Wednesday to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement cant break a provocative step that would reopen a long-running feud between federal authorities and Silicon Valley.
OceanLotus APT Uses New Ratsnif Trojan for Network Attacks
www.bleepingcomputer.com/news/security/oceanlotus-apt-uses-new-ratsnif-trojan-for-network-attacks/ A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking.
Operation Tripoli
research.checkpoint.com/operation-tripoli/ Check Point Research recently came across a large-scale campaign that for years was using Facebook pages to spread malware across mobile and desktop environments, with one target country in mind: Libya.
Phishing-as-a-Service Fuels Evasion Methods, Email Scam Growth
www.bleepingcomputer.com/news/security/phishing-as-a-service-fuels-evasion-methods-email-scam-growth/ With much of the world’s corporate communication being done through email, scammers increasingly target corporate users with phishing scams that allow them to steal credentials that can be used for BEC scams, social engineering, or to steal corporate secrets.. Instead of hacking into servers to host landing pages and developing their own phishing kits, new Phishing-as-a-Service (PhaaS) sites are being created where criminals can select from a variety of phishing landing pages and hosting for one month.
Florida city fires IT employee after paying ransom demand last week
www.zdnet.com/article/florida-city-fires-it-employee-after-paying-ransom-demand-last-week/ Officials from Lake City, Florida, have fired an IT employee last week after the city was forced to approve a gigantic ransomware payment of nearly $500,000 last Monday.
Germany to publish standard on modern secure browsers
www.zdnet.com/article/germany-to-publish-standard-on-modern-secure-browsers/ Germany’s cyber-security agency is working on a set of minimum rules that modern web browsers must comply with in order to be considered secure.
Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps
blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/ As mobile ad spending increases year by year the projected mobile ad spend for U.S. advertisers in 2019 is estimated to exceed US$16 billion cybercriminals will continue to try to illicitly profit via adware that have increasingly insidious tricks.. As proof to this point, we recently observed an active adware campaign (detected by Trend Micro as AndroidOS_HiddenAd.HRXAA and AndroidOS_HiddenAd.GCLA) concealed in 182 free-to-download game and camera apps, majority of which were found on the Google Play Store and collectively had millions of downloads.
Team Whack -tähti pyrkii poistamaan mystisyyden hakkeroinnin ympäriltä pitää podcastia tietoturvasta
www.tivi.fi/uutiset/tv/15c60857-78af-4589-9b01-ebecc9f0ef01 Laura Kankaala työskentelee F-Securen tietoturvakonsulttina ja esiintyy Ylen Team Whack -ohjelmassa murtautumistestaajana eli valkohattuhakkerina. Hän tekee myös tietoturvaan liittyvää podcastia nimeltä We need to talk about infosec.
Illegal Card Enrollment Services Hijack Online Bank Accounts
www.bleepingcomputer.com/news/security/illegal-card-enrollment-services-hijack-online-bank-accounts/ Cybercriminals are exploring all avenues to get the most out of stolen payment card information. Access to an online banking account opens the door to a new revenue stream, and services providing it have grown more attractive.
Singapore government to run another bug bounty
www.zdnet.com/article/singapore-government-to-run-another-bug-bounty/ Its third with bug bounty platform HackerOne, the Singapore government is looking to identify potential security holes across nine online digital services as well as ICT systems with high user engagement.
Billions of Records Including Passwords Leaked by Smart Home Vendor
www.bleepingcomputer.com/news/security/billions-of-records-including-passwords-leaked-by-smart-home-vendor/ A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.
Hacking our bosss smart home
www.kaspersky.com/blog/hacking-things/27431/ The idea of a smart home is becoming more and more mainstream nowadays. Previously appealing mostly to geeks and people who always buy the newest toys, smart home setups have become quite popular, and a basic setup can even be affordable.
Sockpuppies!
labsblog.f-secure.com/2019/07/01/sockpuppies/ Yesterday, a colleague of mine, Eero Kurimo, told me about something odd hed seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets.