Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications

www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Security researchers initially believed Urgent/11 only impacted devices using VxWorks, a real-time operating system (RTOS) created by Wind River.. The actual issue was tracked down to IPnet, a TCP/IP networking library that was part of VxWorks.. However, additional testing over the summer confirmed that devices running real-time operating systems were also impacted, such as OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/ The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week..

english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dns-monitoring-will-get-harder

Kiinan satelliitit haastavat GPS:n Yhdysvaltain yksinvalta murenee miljardimarkkinoilla, mutta se on myös turvallisuuskysymys

yle.fi/uutiset/3-10968814 Yhdysvallat on vuosikymmenten ajan tarjonnut pohjan paikannukselle ja navigoinnille eri puolilla maailmaa GPS-satelliittijärjestelmänsä avulla. Etumatka on nyt murenemassa ja Yhdysvaltojen haastajaksi on nousemassa Kiina. Sen oman version nimi on Beidou, jonka viimeisimmät satelliitit(siirryt toiseen palveluun) matkasivat avaruuteen syyskuussa.. Venäjällä ja EU:lla on omat maailmanlaajuiset versionsa. EU:n ja Kiinan versioiden arvioidaan valmistuvan kokonaan vuonna 2020. Myös Japanilla ja Intialla on omat paikalliset järjestelmänsä.. Syynä on se, että aika- ja paikkatiedot ovat paitsi tuottoisa bisnes myös turvallisuuskysymys.

Detecting and characterizing lateral phishing at scale

blog.acolyer.org/2019/10/04/lateral-phishing-at-scale/ This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation).

NSA Launches New Cybersecurity Directorate

securityaffairs.co/wordpress/92144/intelligence/nsa-launches-cybersecurity-directorate.html The NSA announced the new Cybersecurity Directorate which will help defend domestic organizations from foreign cyberattacks in a short press release. The NSA, sometimes called by its nickname, No Such Agency, is known for being secretive. But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past.. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

You might be interested in …

Daily NCSC-FI news followup 2020-04-09

HMR targeted by cyber criminals www.hmrlondon.com/hmr-targeted-by-cyber-criminals On Saturday 14 March 2020, HMR was subjected to a targeted and sophisticated attack by cyber criminals. We took immediate action to stop the attack, but not before the attackers had stolen copies of some of our files.. Were sorry to report that, during 2123 March 2020, the criminals […]

Read More

Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current […]

Read More

Daily NCSC-FI news followup 2019-12-21

170m passwords stolen in September Zynga hack www.theguardian.com/games/2019/dec/19/170m-passwords-stolen-in-zynga-words-with-friends-hack-monitor-says Words With Friends company admitted hack in September but size only now revealed Siemens Contractor Jailed for Sabotage With Logic Bombs www.bleepingcomputer.com/news/security/siemens-contractor-jailed-for-sabotage-with-logic-bombs/ While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.