Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications

www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Security researchers initially believed Urgent/11 only impacted devices using VxWorks, a real-time operating system (RTOS) created by Wind River.. The actual issue was tracked down to IPnet, a TCP/IP networking library that was part of VxWorks.. However, additional testing over the summer confirmed that devices running real-time operating systems were also impacted, such as OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/ The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week..

english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dns-monitoring-will-get-harder

Kiinan satelliitit haastavat GPS:n Yhdysvaltain yksinvalta murenee miljardimarkkinoilla, mutta se on myös turvallisuuskysymys

yle.fi/uutiset/3-10968814 Yhdysvallat on vuosikymmenten ajan tarjonnut pohjan paikannukselle ja navigoinnille eri puolilla maailmaa GPS-satelliittijärjestelmänsä avulla. Etumatka on nyt murenemassa ja Yhdysvaltojen haastajaksi on nousemassa Kiina. Sen oman version nimi on Beidou, jonka viimeisimmät satelliitit(siirryt toiseen palveluun) matkasivat avaruuteen syyskuussa.. Venäjällä ja EU:lla on omat maailmanlaajuiset versionsa. EU:n ja Kiinan versioiden arvioidaan valmistuvan kokonaan vuonna 2020. Myös Japanilla ja Intialla on omat paikalliset järjestelmänsä.. Syynä on se, että aika- ja paikkatiedot ovat paitsi tuottoisa bisnes myös turvallisuuskysymys.

Detecting and characterizing lateral phishing at scale

blog.acolyer.org/2019/10/04/lateral-phishing-at-scale/ This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation).

NSA Launches New Cybersecurity Directorate

securityaffairs.co/wordpress/92144/intelligence/nsa-launches-cybersecurity-directorate.html The NSA announced the new Cybersecurity Directorate which will help defend domestic organizations from foreign cyberattacks in a short press release. The NSA, sometimes called by its nickname, No Such Agency, is known for being secretive. But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past.. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

You might be interested in …

Daily NCSC-FI news followup 2021-01-14

Brand Phishing Report Q4 2020 blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/ According to Check Point Research´s (CPR) analysis, Microsoft still lead the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials. Shipping and retail, mainly led by email phishing on DHL and Amazon, are up to the […]

Read More

Daily NCSC-FI news followup 2020-02-01

Exercise Crossed Swords 2020 Reached New Levels of Multinational and Interdisciplinary Cooperation ccdcoe.org/news/2020/exercise-crossed-swords-2020-reached-new-levels-of-multinational-and-interdisciplinary-cooperation/ The 6th iteration of the annual cyber exercise Crossed Swords in Riga, Latvia, brought together more than 120 technical experts, Cyber Commands´ members, Special Forces operators and military police. Organized jointly by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and […]

Read More

Daily NCSC-FI news followup 2020-07-13

The NCSC-UK’s Exercise in a Box tool set has been updated to help organisations keep their employees safe while working from home www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/ The ‘Home and Remote Working’ exercise has been added to the NCSC-UK’s Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyber attacks by […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.