NCSC-FI News followup

Daily NCSC-FI news followup 2019-10-18

KRP epäilee: Rikosliiga hankki suomalaisia henkilötunnuksia ja pankkitilejä kuin liukuhihnalta kansainvälisessä petossarjassa KRP:n mukaan asianomistajille aiheutuneet vahingot ovat olleet tutkittavassa kokonaisuudessa yhteensä noin 725 000 euroa.

APT trends report Q3 2019

UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors. See also

US Girl Scouts Launch First National Cybersecurity Challenge See also

Guarding against supply chain attacksPart 1: The big picture

Microsofts 4 principles for an effective security operations center

Stay Calm, Your Incident Response Is Ready

Smart Meters The Spanish Scenario and the Telemanagement System. In accordance with Order IRC /3860/2007 of the 28th of December, all electricity meters supplied with a contracted power of up to 15 kW should have been replaced by equipment which allows time-based pricing and remote management by the 31st of December 2018.

A Review of Cybersecurity Incidents in the Water Sector a good start but with technical issues See also:

Tibetan Groups Targeted with 1-Click Mobile Exploits

Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise

Free decrypter released for STOP ransomware, today’s most popular ransomware strain The decrypter can unlock 148 of the 160 variants of the STOP ransomware.

Germany’s BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features.

Inspired by gitrob, my new tool shhgit will watch this real-time stream and pull out any accidentally committed secrets.!/

Using open source products to prevent common passwords from being used

Yubico security keys can now be used to log into Windows computers

RDP Honeypot: How attackers take over vulnerable servers and pivot onwards

Docker Enterprise has become the first container platform to complete the Security Technical Implementation Guides (STIG) certification process. The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems.. The STIGs contain technical guidance to lock down information systems/software that might otherwise be vulnerable to a malicious computer attack.. See also See also Katakri.

IBM 2019 Cost of a Data Breach Report Average total cost of a data breach USD 3.92 million.. Average size of a data breach 25,575 records.

Recruitment Sites Expose Personal Data of 250k Jobseekers Applicants’ data was exposed when both companies set the privacy settings on their buckets to public instead of private. This error meant that the resume of someone who applied for a job could be viewed and also downloaded by anyone who knew the location of the buckets.

Italy is experiencing a rash of ransomware attacks that play dark German rock music [Rammstein] while encrypting victims’ files.

Rogue Mobile App Fraud Soars 191% in 2019 There were also significant increases in detections of financial malware (up 80%) and social media attacks (37%).

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing

Maze Ransomware Now Delivered by Spelevo Exploit Kit

REvil Ransomware Affiliates Partner with Corporate Intruders

NCSC-UK: Mass credential harvesting phishing campaign active in the UK

An audit of Mississippi government institutions has revealed an alarming lack of compliance with standard cybersecurity practices and with the state’s own enterprise security program. A survey of 125 state agencies, boards, commissions, and universities conducted by the Office of the State Auditor (OSA) revealed that only 53 had a cybersecurity policy in place. Eleven reported having no security policy or disaster recovery plan whatsoever.

Android version of Chrome 77 gets Site Isolation to thwart side-channel attacks

Hacking 20 high-profile dev accounts could compromise half of the npm ecosystem 391 highly influential maintainers affect more than 10,000 packages. It only takes access to 20 popular npm maintainer accounts to deploy malicious code impacting more than half of the npm ecosystem.

Outage: Multifactor authentication issue hitting North American Azure, Office 365 users

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.