KRP epäilee: Rikosliiga hankki suomalaisia henkilötunnuksia ja pankkitilejä kuin liukuhihnalta kansainvälisessä petossarjassa
yle.fi/uutiset/3-11026054 KRP:n mukaan asianomistajille aiheutuneet vahingot ovat olleet tutkittavassa kokonaisuudessa yhteensä noin 725 000 euroa.
APT trends report Q3 2019
UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors.
US Girl Scouts Launch First National Cybersecurity Challenge
Guarding against supply chain attacksPart 1: The big picture
Microsofts 4 principles for an effective security operations center
Stay Calm, Your Incident Response Is Ready
Smart Meters The Spanish Scenario and the Telemanagement System.
www.tarlogic.com/en/blog/smart-meters-spanish-scenario-telemanagement/ In accordance with Order IRC /3860/2007 of the 28th of December, all electricity meters supplied with a contracted power of up to 15 kW should have been replaced by equipment which allows time-based pricing and remote management by the 31st of December 2018.
A Review of Cybersecurity Incidents in the Water Sector a good start but with technical issues
Tibetan Groups Targeted with 1-Click Mobile Exploits
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
Free decrypter released for STOP ransomware, today’s most popular ransomware strain
www.zdnet.com/article/free-decrypter-released-for-stop-ransomware-todays-most-popular-ransomware-strain/ The decrypter can unlock 148 of the 160 variants of the STOP ransomware.
Germany’s BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features.
Inspired by gitrob, my new tool shhgit will watch this real-time stream and pull out any accidentally committed secrets.
Using open source products to prevent common passwords from being used
Yubico security keys can now be used to log into Windows computers
RDP Honeypot: How attackers take over vulnerable servers and pivot onwards
Docker Enterprise has become the first container platform to complete the Security Technical Implementation Guides (STIG) certification process.
www.docker.com/blog/docker-enterprise-first-disa-stig-container-platform/ The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems.. The STIGs contain technical guidance to lock down information systems/software that might otherwise be vulnerable to a malicious computer attack.. See also public.cyber.mil/stigs/downloads/. See also Katakri.
IBM 2019 Cost of a Data Breach Report
www.ibm.com/security/data-breach Average total cost of a data breach USD 3.92 million.. Average size of a data breach 25,575 records.
Recruitment Sites Expose Personal Data of 250k Jobseekers
www.infosecurity-magazine.com/news/personal-data-of-200k-jobseekers/ Applicants’ data was exposed when both companies set the privacy settings on their buckets to public instead of private. This error meant that the resume of someone who applied for a job could be viewed and also downloaded by anyone who knew the location of the buckets.
Italy is experiencing a rash of ransomware attacks that play dark German rock music [Rammstein] while encrypting victims’ files.
Rogue Mobile App Fraud Soars 191% in 2019
www.infosecurity-magazine.com/news/rogue-mobile-app-fraud-soars-191/ There were also significant increases in detections of financial malware (up 80%) and social media attacks (37%).
Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing
Maze Ransomware Now Delivered by Spelevo Exploit Kit
REvil Ransomware Affiliates Partner with Corporate Intruders
NCSC-UK: Mass credential harvesting phishing campaign active in the UK
An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program.
www.infosecurity-magazine.com/news/mississippi-disregards/ A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever.
Android version of Chrome 77 gets Site Isolation to thwart side-channel attacks
Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem
www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/ 391 highly influential maintainers affect more than 10,000 packages. It only takes access to 20 popular npm maintainer accounts to deploy malicious code impacting more than half of the npm ecosystem.