Daily NCSC-FI news followup 2019-08-14

In the Balkans, businesses are under fire from a doublebarreled weapon

www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/ Weve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT

August Patch Tuesday: Update Fixes Wormable Flaws in Remote Desktop Services, VBScript Gets Disabled by Default

blog.trendmicro.com/trendlabs-security-intelligence/august-patch-tuesday-update-fixes-wormable-flaws-remote-desktop-services-vbscript-disabled-by-default/ Microsoft released updates to patch 93 CVEs, along with two advisories, in this months Patch Tuesday. The bulletin patches issues in Azure DevOps Server, Internet Explorer, Microsoft Office, Microsoft Windows, Visual Studio, to name a few. The patches address 29 vulnerabilities rated Critical and 64 that were rated Important.

Kokemäen kaupunki selvisi haittaohjelmahyökkäyksestä tietoturvallisuutta kehitetään jatkossa

www.tivi.fi/uutiset/tv/7b3aa2db-d37e-47f4-86e2-dd84140b0679 Kokemäen kaupunki tiedottaa haittaohjelman aiheuttaman häiriötilanteen olevan nyt ohi. Kaupungin järjestelmät on palautettu käyttöön tänään keskiviikkona.

DDoS attacks: Getting smaller, sneakier – and more dangerous

www.zdnet.com/article/ddos-attacks-getting-smaller-sneakier-and-more-dangerous/#ftag=RSSbaffb68 High-profile Distributed Denial of Service (DDoS) attacks continue to get bigger — but the smaller, more subtle attacks could be the ones that businesses need to worry about.

Huge Survey of Firmware Finds No Security Gains in 15 Years

securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/ A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.

You might be interested in …

Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating […]

Read More

Daily NCSC-FI news followup 2020-02-14

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies thehackernews.com/2020/02/united-states-china-huawei.html The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. North […]

Read More

Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also: arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/ Microsoft Uses Trademark Law to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.