Daily NCSC-FI news followup 2019-11-23

FBI says hackers are targeting US auto industry

us.cnn.com/2019/11/20/politics/fbi-us-auto-industry-hackers/index.html The American automotive industry has been the target of malicious cyber actors since at least late 2018, according to an FBI report obtained by CNN.

Leaky Gekko Group database exposes info on hotel brands, travelers

www.scmagazine.com/home/security-news/data-breach/leaky-gekko-group-database-exposes-info-on-hotel-brands-travelers/ European hotel booking platform provider Gekko Group mistakenly stored over 1 terabyte of information on a publicly configured server, exposing troves of data related to its hotel B2B clients, as well as travel agents and their customers.

Over 28,000 web domains suspended for criminal activity

www.zdnet.com/article/over-28000-web-domains-suspended-for-criminal-activity/ Over 28,000 .uk domain names were suspended in the last year over reports of criminal activity. Nominet, which is responsible for keeping the .uk internet infrastructure secure, can suspend domains following notification from the police or other law enforcement agencies that the domain is being used for criminal activity.

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

thehackernews.com/2019/11/vnc-remote-software-hacking.html Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

thehackernews.com/2019/11/oneplus-store-data-breach.html Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.

Extensive hacking operation discovered in Kazakhstan

www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/#ftag=RSSbaffb68 Chinese cyber-security vendor Qihoo 360 published a report on Friday exposing an extensive hacking operation targeting the country of Kazakhstan.

TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys

www.bleepingcomputer.com/news/security/trickbot-trojan-getting-ready-to-steal-openssh-and-openvpn-keys/ The Trickbot banking trojan keeps evolving according to researchers who spotted this week an updated password grabber module that could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files.

Clop Ransomware Tries to Disable Windows Defender

www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/ In order to successfully encrypt a victim’s data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes’ standalone Anti-Ransomware programs.

You might be interested in …

Daily NCSC-FI news followup 2020-05-02

Scammers Using COVID-19/Coronavirus Lure to Target Medical Suppliers www.fortinet.com/blog/threat-research/scammers-using-covid-19-coronavirus-lure-to-target-medical-suppliers.html FortiGuard Labs has discovered a new malicious spearphishing campaign, once again using the COVID-19/Coronavirus pandemic as a lure. This latest email campaign targets a medical device supplier, wherein the attacker is inquiring about various materials needed to address the COVID-19 pandemic due to high demand for […]

Read More

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Daily NCSC-FI news followup 2020-11-03

Tietoturvan suunnannäyttäjä -tunnustuksen voittajat tekevät korvaamatonta työtä yhteiskunnan kyberturvallisuuden hyväksi www.epressi.com/tiedotteet/teknologia/tietoturvan-suunnannayttaja-tunnustuksen-voittajat-tekevat-korvaamatonta-tyota-yhteiskunnan-kyberturvallisuuden-hyvaksi.html Tietoturvan suunnannäyttäjä -tunnustus jaettiin 3.11.2020 Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen ja Huoltovarmuuskeskuksen vuosittaisessa tietoturvaseminaarissa. Tunnustuksen saivat Jouko Katainen (Ilmarinen), Jussi Törhönen (Enfo), Tomi Vehkasalo (Aditro) ja Jani Räty (Aditro) tunnustuksena aktiivisesta yhteistyöstä Traficomin Kyberturvallisuuskeskuksen kanssa. Lue myös: www.tivi.fi/uutiset/tv/7d1639eb-94bc-452a-ab6b-0058bb0cbb51 Vastaamon tietomurto aiheutti vyöryn: viikossa tehty […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.