Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications

www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/#ftag=RSSbaffb68 Security researchers initially believed Urgent/11 only impacted devices using VxWorks, a real-time operating system (RTOS) created by Wind River.. The actual issue was tracked down to IPnet, a TCP/IP networking library that was part of VxWorks.. However, additional testing over the summer confirmed that devices running real-time operating systems were also impacted, such as OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/ The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week..

english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dns-monitoring-will-get-harder

Kiinan satelliitit haastavat GPS:n Yhdysvaltain yksinvalta murenee miljardimarkkinoilla, mutta se on myös turvallisuuskysymys

yle.fi/uutiset/3-10968814 Yhdysvallat on vuosikymmenten ajan tarjonnut pohjan paikannukselle ja navigoinnille eri puolilla maailmaa GPS-satelliittijärjestelmänsä avulla. Etumatka on nyt murenemassa ja Yhdysvaltojen haastajaksi on nousemassa Kiina. Sen oman version nimi on Beidou, jonka viimeisimmät satelliitit(siirryt toiseen palveluun) matkasivat avaruuteen syyskuussa.. Venäjällä ja EU:lla on omat maailmanlaajuiset versionsa. EU:n ja Kiinan versioiden arvioidaan valmistuvan kokonaan vuonna 2020. Myös Japanilla ja Intialla on omat paikalliset järjestelmänsä.. Syynä on se, että aika- ja paikkatiedot ovat paitsi tuottoisa bisnes myös turvallisuuskysymys.

Detecting and characterizing lateral phishing at scale

blog.acolyer.org/2019/10/04/lateral-phishing-at-scale/ This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation).

NSA Launches New Cybersecurity Directorate

securityaffairs.co/wordpress/92144/intelligence/nsa-launches-cybersecurity-directorate.html The NSA announced the new Cybersecurity Directorate which will help defend domestic organizations from foreign cyberattacks in a short press release. The NSA, sometimes called by its nickname, No Such Agency, is known for being secretive. But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past.. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

You might be interested in …

Daily NCSC-FI news followup 2019-10-24

Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI). Cyber chief: The IoT could provide a model for improved […]

Read More

Daily NCSC-FI news followup 2019-09-27

Some Voting Machines Still Have Decade-Old Vulnerabilities www.wired.com/story/voting-village-results-hacking-decade-old-bugs/ The results of the 2019 Defcon Voting Village are inand they paint an ugly picture for voting machine security.. In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers […]

Read More

Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa. Italian police arrest two over hacking at defence group Leonardo www.reuters.com/article/idUSL8N2IL08W A manager and a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.