Daily NCSC-FI news followup 2019-07-30

Hacker steals data of 106 million people from Capital One

arstechnica.com/information-technology/2019/07/feds-former-cloud-worker-hacks-into-capital-one-and-takes-data-for-106-million-people/ FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account belonging to [the hacker] showed that, earlier this year, someone exploited a firewall vulnerability in Capital Ones network that allowed an attacker to execute a series of commands on the banks servers.. The hacker was arrested on Monday and is being detained pending a bail hearing scheduled for Thursday. Shes charged with a single count of computer fraud and faces a maximum penalty of five years in prison and a $250,000 fine

Kiristäjät vaativat lunnaita Kokemäen kaupungilta haittaohjelma pisti kaupungin verkon polvilleen

yle.fi/uutiset/3-10899982 Kiristyshaittaohjelma on päässyt käsiksi Kokemäen kaupungin sisäiseen verkkoon. Kaupungin työntekijät havaitsivat hyökkäyksen maanantaina. . Kaupunki on tehnyt mahdollisesta tietosuojaloukkauksesta ilmoituksen tietosuojavaltuutetun toimistolle. Myös rikosilmoitus poliisille on tehty. Lisäksi asian tutkinnassa on mukana muun muassa Liikenne- ja viestintäviraston Kyberturvallisuuskeskus.

Microsoft preps to purge its cloud access security broker of shonky crypto protocols TLS 1.0, 1.1

www.theregister.co.uk/2019/07/29/tls_microsoft_cloud_security/ Transport Level Security (TLS) 1.0 and 1.1 is to be axed for users of Microsoft Cloud App Security (MCAS) from 8 September as the company shores up security with a requirement for TLS 1.2+.

iOS 12.4 fixes *critical* vulnerabilities in iMessage that can be exploited without any user interaction

www.kaspersky.com/blog/ios-critical-vulnerabilities-124/27778/ The six critical vulnerabilities in iOS were found by Natalie Silvanovich and Samuel Groß, members of Googles bug hunting team called Project Zero. . What is known so far is that these bugs allow an attacker to run malicious code on victims iPhone or iPad with no user interaction needed. The only thing the attacker needs to do for this exploit to work is to send a malicious message to a victims phone.. See also www.bbc.com/news/technology-49165946

Apple’s AWDL Protocol Plagued By Flaws That Enable Tracking and MitM Attacks

www.zdnet.com/google-amp/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/ Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks.

U.S. Issues Hacking Security Alert for Small Planes

www.securityweek.com/us-issues-hacking-security-alert-small-planes The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.. See also www.us-cert.gov/ics/alerts/ics-alert-19-211-01 – ICS Alert (ICS-ALERT-19-211-01), CAN Bus Network Implementation in Avionics

95% of Pen Test Problems Can Be Easily Resolved

www.infosecurity-magazine.com/news/95-test-problems/ In the case of brute forcing accounts, this can be resolved with the use of multi-factor authentication or with account lockout policies, while ‘kerberoasting’ can be managed with strong passwords, both in terms of length and complexity.. Meanwhile, excessive file system permissions can be mitigated with tools to detect file permissions abuse, enabling installer detection for all users and limiting the privileges of user accounts and groups.

Hackers target Telegram accounts through voicemail backdoor

nakedsecurity.sophos.com/2019/07/30/hackers-target-telegram-accounts-through-voicemail-backdoor/ The Brazilian Governments Justice Minister Sergio Moro announced on 5 June 2019 that his smartphone had been hacked, four days before the politically compromising contents of his Telegram chats with a senior prosecutor started turning up as source material for articles in the media.. Telegram is vulnerable to account takeover/reset attacks of the sort that have troubled other services whereby attackers pretend to be a person and get a new SIM with the targets phone number – or voice mail, whose PIN can usually be bruteforced.

LAPD Breach Exposes Thousands of Officers

www.infosecurity-magazine.com/news/lapd-breach-exposes-thousands-of/ The suspected hacker claims they have their hands on the data of 2500 LAPD officers, trainees and recruits, and around 17,500 police officer applicants.

US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses

www.bleepingcomputer.com/news/security/us-govt-ngos-ask-cyber-community-to-boost-ransomware-defenses/ A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) urges government partners and the cyber community to reinforce their ransomware defenses.

New TrickBot Version Focuses on Microsoft’s Windows Defender

www.bleepingcomputer.com/news/security/new-trickbot-version-focuses-on-microsofts-windows-defender/ A new version of the TrickBot banking Trojan continues its evolution of targeting security software in order to prevent its detection and removal. In this new version, TrickBot has set its sights on Windows Defender, which for many people is the only antivirus installed on a Windows 10 machine.

Announcing the Sixth Annual Flare-On Challenge

www.fireeye.com/blog/threat-research/2019/07/announcing-the-sixth-annual-flare-on-challenge.html The FireEye Labs Advanced Reverse Engineering (FLARE) team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Sept. 27, 2019.. Suom. huom. la 17.8. klo 0300 – la 28.9. 0300

You might be interested in …

Daily NCSC-FI news followup 2020-08-12

Annatko selaimen tallentaa salasanasi? Haittaohjelman uusi versio voi varastaa ne salaa www.is.fi/digitoday/tietoturva/art-2000006598720.html Salasanoja vohkiva Agent Tesla muuttui entistäkin pahemmaksi uhkaksi. Samalla se osoittaa, miten kätevyys voi kostautua salasanojen säilytyksessä.. Selain kysyy verkkopalveluun kirjautuessa, tallennetaanko salasana jatkoa varten. Kovin usein tulee painettua kyllä, jotta seuraavalla kerralla olisi helpompi päästä sisään. Tämä kuitenkin synnyttää rikollisille houkuttelevan varannon […]

Read More

Daily NCSC-FI news followup 2020-02-13

US says it can prove Huawei has backdoor access to mobile-phone networks arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/ “We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” US National Security Adviser Robert O’Brien told the Journal.. The US kept the intelligence highly classified until late […]

Read More

Daily NCSC-FI news followup 2019-09-14

Using Docker to Do Machine Learning at Scale www.crowdstrike.com/blog/using-docker-to-do-machine-learning-at-scale/ One key building block we use for scaling our machine learning models at CrowdStrike® is Docker containers. Docker containers let us construct application environments with all the dependencies, tools and security our teams need in an easy to maintain pipeline. This ensures that everyone on the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.