Daily NCSC-FI news followup 2019-10-23
NCSC-UK Annual Review 2019
www.ncsc.gov.uk/news/annual-review-2019 Single-page version PDF:
www.ncsc.gov.uk/files/NCSC_Annual%20Review_2019%20single%20pagination.pdf
Virus Bulletin confernce 2019: Papers on Emotet and Ryuk
www.virusbulletin.com/blog/2019/10/vb2019-papers-emotet-and-ryuk/ Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations ‘chosen’ through an infection with another piece of malware that is then used as a foothold for the ransomware.. Quite often, this malware is Emotet, which made a spectacular comeback in September. The ransomware is deployed often through a second malware family like Trickbot. Various ransomware families are making use of this scheme to be installed on high-value networks, with Ryuk being one of the most prominent.
Eksoten tietoturva petti: satojen ihmisten tiedot olivat vaarassa paljastua vuodon takia, pahimmassa tapauksessa
esaimaa.fi/uutiset/lahella/d33b098d-05af-454d-a230-1c72957481f5 ulkopuoliset ovat voineet lukea yksityisiä tietoja keväästä 2018 lähtien
Spanish Police Arrest Three in 10-million EUR BEC Bust
www.infosecurity-magazine.com/news/spanish-police-arrest-three-in-10m/ They are said to have run a complex network of 83 fake companies and 185 bank accounts designed to launder the funds. Money was moved frequently between these to put investigators off the scent. So far, Spanish police have only been able to recover 1.3m of the total 10.7m stolen.. The FBI estimates that $1.3bn was lost to BEC scams last year.
Amazon Web Services’ DNS systems knackered by hours-long cyber-attack
www.theregister.co.uk/2019/10/22/aws_dns_ddos/
10% of Small Businesses Breached Shut Down in 2019
www.darkreading.com/operations/10–of-small-businesses-breached-shut-down-in-2019/d/d-id/1336156 As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss. 25% filed for bankruptcy.. Source survey:
staysafeonline.org/small-business-target-survey-data/
Office 365 Adds Malware ZAP Toggle to Security & Compliance Center
www.bleepingcomputer.com/news/security/office-365-adds-malware-zap-toggle-to-security-and-compliance-center/ Microsoft’s developers are adding a new malware Zero-hour Auto Purge (ZAP) toggle to the Office 365 Security & Compliance Center to allow configuration without using a PowerShell cmdlet.. ZAP comes with all Office 365 subscriptions that have an Exchange Online mailbox and is available with the default Exchange Online Protection.
Huawei: Easier to bribe telco staff than build backdoors
www.zdnet.com/article/huawei-easier-to-bribe-telco-staff-then-build-backdoors/ It requires so much effort to build backdoors into networking equipment that work across different global communications networks and system configurations that it likely is easier and more effective to bribe a telco executive, says Huawei’s chief cybersecurity officer.
‘No such thing’ as cyber warfare: Australia’s head of cyber warfare
www.zdnet.com/article/no-such-thing-as-cyber-warfare-australias-head-of-cyber-warfare/ Warfare is warfare, espionage is internationally normal, and cyber is just one of a suite of potential capabilities for a military response, says Major General Marcus Thompson.
Simplify and cooperate to beat back the cybercrime wave
www.zdnet.com/article/simplify-and-cooperate-to-beat-back-the-cyber-crime-wave/ Complexity, recent data breaches, and perceived urgency are creating opportunities for online criminals.. One approach businesses take is to invoke a zero trust policy where no user or device is considered to be safe.
How Can Airlines Protect Their Customers and Data From Evolving Cyberthreats?
What Has Cybersecurity Pros So Stressed — And Why It’s Everyone’s Problem
www.darkreading.com/edge/theedge/what-has-cybersecurity-pros-so-stressed—-and-why-its-everyones-problem/b/d-id/1336146 According to a 2018 study published by ISC(2), more than 84% of cybersecurity professionals said they were either open to new job opportunities or already planned on pursuing a new opportunity that year.. 63% of respondents said they wanted to work at an organization where their opinions on the existing security posture were taken seriously.
Google Claims a Quantum Breakthrough That Could Change Computing
www.nytimes.com/2019/10/23/technology/quantum-computing-google.html
Quantum supremacy from Google? Not so fast, says IBM.
www.technologyreview.com/s/614604/quantum-supremacy-from-google-not-so-fast-says-ibm/
$35B face data class action lawsuit against Facebook will proceed
techcrunch.com/2019/10/18/facebook-35-billion-lawsuit/ Facebook could face $1,000 to $5,000 in penalties per user for 7 million people, which could sum to a maximum of $35 billion.
Chrome 78 arrives with new APIs, dark mode improvements on Android and iOS
venturebeat.com/2019/10/22/google-chrome-78/ Google spent at least $58,500 in bug bounties for this release.
End-of-life Fujitsu Wireless Keyboard Plagued By Unpatched Flaws
threatpost.com/fujitsu-wireless-keyboard-unpatched-flaws/149477/ Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.
Firefox, Chrome Bugs Allow Arbitrary Code-Execution
threatpost.com/critical-firefox-bugs-arbitrary-code-execution/149455/ Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
