Daily NCSC-FI news followup 2019-10-19

Schneier: Why Technologists Need to Get Involved in Public Policy


US stopped using floppy disks to manage nuclear weapons arsenal

www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/ The system was created in 1968 and has been running for nearly 50 years on top of an IBM Series/1 mainframe, using 8-inch floppy disks as its storage medium.

US.GOV: Mind Your Own Business Act – Execs Could Face Jail Time For Privacy Violations

threatpost.com/execs-jail-time-privacy-violations/149334/ In addition to fines, senior executives who knowingly lie to the FTC could face up to 10- to 20-year criminal penalties under the act.

Debug mode in popular webdev tool Laravel exposes credentials for hundreds of websites, including Donald Trumps


Microsoft Tackles Election Security with Bug Bounties

threatpost.com/microsoft-election-security-bug-bounties/149347/ Researchers can earn up to $15,000, depending on the severity of the bug found.

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed


UC Browser app abuses may have exposed 500 million users


Vatican sponsored eRosary Application Account Takeover

fidusinfosec.com/clicktopray-erosary-account-takeover/ See also


Redaman banking malware C&C servers hidden inside the Bitcoin blockchain


SIMATIC IPC – Security Guidelines for Linux systems


You might be interested in …

Daily NCSC-FI news followup 2020-09-01

Norjan parlamenttiin on tehty laajamittainen kyberhyökkäys yle.fi/uutiset/3-11522222 Joidenkin kansanedustajien ja Suurkäräjien työntekijöiden sähköposteihin on murtauduttu. Otamme asian erittäin vakavasti ja analysoimme tilannetta saadaksemme kuvan tapauksesta ja haittojen laajuudesta, Suurkäräjien hallinnon johtaja Marianne Andreassen sanoo. myös: www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/. also: www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/ Cisco says it will issue patch as soon as possible’ for bugs hackers are trying to exploit […]

Read More

Daily NCSC-FI news followup 2021-06-06

Hacker lexicon: What is a supply chain attack? arstechnica.com/information-technology/2021/06/hacker-lexicon-what-is-a-supply-chain-attack/ Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate […]

Read More

Daily NCSC-FI news followup 2021-02-25

Attackers scan for vulnerable VMware servers after PoC exploit release www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/ After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. Lisäksi: www.zdnet.com/article/more-than-6700-vmware-servers-exposed-online-and-vulnerable-to-major-new-bug Health Website Leaks 8 Million COVID-19 Test Results threatpost.com/health-website-leaks-covid-19-test/164274/ A teenaged ethical […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.