Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications

www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Security researchers initially believed Urgent/11 only impacted devices using VxWorks, a real-time operating system (RTOS) created by Wind River.. The actual issue was tracked down to IPnet, a TCP/IP networking library that was part of VxWorks.. However, additional testing over the summer confirmed that devices running real-time operating systems were also impacted, such as OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/ The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week..

english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dns-monitoring-will-get-harder

Kiinan satelliitit haastavat GPS:n Yhdysvaltain yksinvalta murenee miljardimarkkinoilla, mutta se on myös turvallisuuskysymys

yle.fi/uutiset/3-10968814 Yhdysvallat on vuosikymmenten ajan tarjonnut pohjan paikannukselle ja navigoinnille eri puolilla maailmaa GPS-satelliittijärjestelmänsä avulla. Etumatka on nyt murenemassa ja Yhdysvaltojen haastajaksi on nousemassa Kiina. Sen oman version nimi on Beidou, jonka viimeisimmät satelliitit(siirryt toiseen palveluun) matkasivat avaruuteen syyskuussa.. Venäjällä ja EU:lla on omat maailmanlaajuiset versionsa. EU:n ja Kiinan versioiden arvioidaan valmistuvan kokonaan vuonna 2020. Myös Japanilla ja Intialla on omat paikalliset järjestelmänsä.. Syynä on se, että aika- ja paikkatiedot ovat paitsi tuottoisa bisnes myös turvallisuuskysymys.

Detecting and characterizing lateral phishing at scale

blog.acolyer.org/2019/10/04/lateral-phishing-at-scale/ This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation).

NSA Launches New Cybersecurity Directorate

securityaffairs.co/wordpress/92144/intelligence/nsa-launches-cybersecurity-directorate.html The NSA announced the new Cybersecurity Directorate which will help defend domestic organizations from foreign cyberattacks in a short press release. The NSA, sometimes called by its nickname, No Such Agency, is known for being secretive. But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past.. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.