Daily NCSC-FI news followup 2019-10-19

Schneier: Why Technologists Need to Get Involved in Public Policy

www.schneier.com/blog/archives/2019/10/why_technologis.html

US stopped using floppy disks to manage nuclear weapons arsenal

www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/ The system was created in 1968 and has been running for nearly 50 years on top of an IBM Series/1 mainframe, using 8-inch floppy disks as its storage medium.

US.GOV: Mind Your Own Business Act – Execs Could Face Jail Time For Privacy Violations

threatpost.com/execs-jail-time-privacy-violations/149334/ In addition to fines, senior executives who knowingly lie to the FTC could face up to 10- to 20-year criminal penalties under the act.

Debug mode in popular webdev tool Laravel exposes credentials for hundreds of websites, including Donald Trumps

www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/

Microsoft Tackles Election Security with Bug Bounties

threatpost.com/microsoft-election-security-bug-bounties/149347/ Researchers can earn up to $15,000, depending on the severity of the bug found.

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/

UC Browser app abuses may have exposed 500 million users

www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users

Vatican sponsored eRosary Application Account Takeover

fidusinfosec.com/clicktopray-erosary-account-takeover/ See also

www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/

Redaman banking malware C&C servers hidden inside the Bitcoin blockchain

research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/

SIMATIC IPC – Security Guidelines for Linux systems

support.industry.siemens.com/cs/document/109768383/simatic-ipc-security-guidelines-for-linux-systems

You might be interested in …

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2021-06-06

Hacker lexicon: What is a supply chain attack? arstechnica.com/information-technology/2021/06/hacker-lexicon-what-is-a-supply-chain-attack/ Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate […]

Read More

Daily NCSC-FI news followup 2021-02-25

Attackers scan for vulnerable VMware servers after PoC exploit release www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/ After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. Lisäksi: www.zdnet.com/article/more-than-6700-vmware-servers-exposed-online-and-vulnerable-to-major-new-bug Health Website Leaks 8 Million COVID-19 Test Results threatpost.com/health-website-leaks-covid-19-test/164274/ A teenaged ethical […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.