Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications

www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Security researchers initially believed Urgent/11 only impacted devices using VxWorks, a real-time operating system (RTOS) created by Wind River.. The actual issue was tracked down to IPnet, a TCP/IP networking library that was part of VxWorks.. However, additional testing over the summer confirmed that devices running real-time operating systems were also impacted, such as OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/ The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week..


Kiinan satelliitit haastavat GPS:n Yhdysvaltain yksinvalta murenee miljardimarkkinoilla, mutta se on myös turvallisuuskysymys

yle.fi/uutiset/3-10968814 Yhdysvallat on vuosikymmenten ajan tarjonnut pohjan paikannukselle ja navigoinnille eri puolilla maailmaa GPS-satelliittijärjestelmänsä avulla. Etumatka on nyt murenemassa ja Yhdysvaltojen haastajaksi on nousemassa Kiina. Sen oman version nimi on Beidou, jonka viimeisimmät satelliitit(siirryt toiseen palveluun) matkasivat avaruuteen syyskuussa.. Venäjällä ja EU:lla on omat maailmanlaajuiset versionsa. EU:n ja Kiinan versioiden arvioidaan valmistuvan kokonaan vuonna 2020. Myös Japanilla ja Intialla on omat paikalliset järjestelmänsä.. Syynä on se, että aika- ja paikkatiedot ovat paitsi tuottoisa bisnes myös turvallisuuskysymys.

Detecting and characterizing lateral phishing at scale

blog.acolyer.org/2019/10/04/lateral-phishing-at-scale/ This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation).

NSA Launches New Cybersecurity Directorate

securityaffairs.co/wordpress/92144/intelligence/nsa-launches-cybersecurity-directorate.html The NSA announced the new Cybersecurity Directorate which will help defend domestic organizations from foreign cyberattacks in a short press release. The NSA, sometimes called by its nickname, No Such Agency, is known for being secretive. But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past.. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

You might be interested in …

Daily NCSC-FI news followup 2021-06-09

Summary of June 8 outage www.fastly.com/blog/summary-of-june-8-outage We experienced a global outage due to an undiscovered software bug that surfaced on June 8 when it was triggered by a valid customer configuration change. We detected the disruption within one minute, then identified and isolated the cause, and disabled the configuration. Within 49 minutes, 95% of our […]

Read More

Daily NCSC-FI news followup 2019-12-14

New Orleans city government under cyberattack; workers told to turn off, unplug computers www.nola.com/news/politics/article_0039909a-1dd3-11ea-919e-938ea62f03b5.html Workers in New Orleans City Hall were told a cyberattack has struck the city government, multiple sources said on Friday. The exact extent of the attack is unknown. The attack was announced over the loudspeaker system in City Hall and workers […]

Read More

Daily NCSC-FI news followup 2019-09-12

1B Mobile Users Vulnerable to Ongoing SimJacker Surveillance Attack threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surveillance-attack/148277/ More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn.. Also: www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/. Report: simjacker.com/ New Clues Show How Russias Grid Hackers Aimed for Physical Destruction www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ A fresh look at the 2016 blackout […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.