Daily NCSC-FI news followup 2019-09-20

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

www.wired.com/story/air-force-defcon-satellite-hacking/ When the Air Force showed up at the Defcon hacker conference in Las Vegas last month, it didnt come empty-handed. It brought along an F-15 fighter-jet data systemone that security researchers thoroughly dismantled, finding serious vulnerabilities along the way. The USAF was so pleased with the result that it has decided to up the ante. Next year, its bringing a satellite.

Varo! Huijausviestejä on liikkeellä paljon ja niitä on helppo uskoa

www.is.fi/digitoday/tietoturva/art-2000006245545.html Lue myös

www.tivi.fi/uutiset/tv/dea38094-8ece-4280-8082-5314e2552721

FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares?

www.theregister.co.uk/2019/09/19/fedex_execs_sued/ FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth came out, a lawsuit filed by the delivery business own shareholders claims.

Tunnetut valkohattuhakkerit perustivat oman yrityksen: keskitymme pk-yrityksiin

www.tivi.fi/uutiset/tv/44b3aadc-587f-4da3-a862-31f3766cb71e Alun perin Lähi Tapiolan Hack Day -tapahtumaa varten perustettu Team ROT -hakkeriryhmä on tähän asti keskittänyt toimintansa suurten yritysten järjestämiin bug bounty -ohjelmiin sekä vapaaehtoisprojekteihin.

Telia Cygate voitti jopa 27 miljoonan it-diilin poliisi ja suojelupoliisi hankkivat it-palveluita

www.tivi.fi/uutiset/tv/72f0fd88-4bcc-48fb-bd25-ab667a10b459 Julkisten hankintojen HILMA-tietokannasta selviää, että poliisi hankkii it-palveluita Telia Cygatelta jopa 27 miljoonalla eurolla. Sopimusten kokonaisarvoksi arvioidaan 5-27 miljoonaa euroa.

www.us-cert.gov/ncas/current-activity/2019/09/20/cisa-releases-four-new-insights-products CISA Releases Four New Insights Products. The Cybersecurity and Infrastructure Security Agency (CISA) has released four new CISA Insights products informed by U.S. intelligence and real-world events. Each of the following products provides a description of the threat, lessons learned, recommendations, and additional relevant resources:. 1) Mitigate DNS Infrastructure Tampering, Remediate Vulnerabilities for Internet-Accessible Systems, 3) Secure High Value Assets, 4) Enhance Email and Web Security

You might be interested in …

Daily NCSC-FI news followup 2021-07-02

Microsoft shares mitigations for Windows PrintNightmare zero-day bug www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/ Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. Lisäksi: www.fortinet.com/blog/threat-research/fortinet-releases-ips-signature-microsoft-printnightmare-vulnerability. Lisäksi: www.theregister.com/2021/07/01/printnightmare_windows_fix/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability Microsoft warns of critical PowerShell 7 code execution vulnerability www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/ Microsoft warns of a critical.NET Core remote […]

Read More

Daily NCSC-FI news followup 2020-07-13

The NCSC-UK’s Exercise in a Box tool set has been updated to help organisations keep their employees safe while working from home www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/ The ‘Home and Remote Working’ exercise has been added to the NCSC-UK’s Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyber attacks by […]

Read More

Daily NCSC-FI news followup 2020-09-30

Android Spyware Variant Snoops on WhatsApp, Telegram Messages threatpost.com/new-android-spyware-whatsapp-telegram/159694/ The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. The Emerald Connection: EquationGroup collaboration with Stuxnet fmmresearch.wordpress.com/2020/09/28/the-emerald-connection-equationgroup-collaboration-with-stuxnet/ This article is part of a continued ongoing effort in my research of the use of a series of libraries called Exploit […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.