Daily NCSC-FI news followup 2019-11-25

Livingston School District in New Jersey Hit With Ransomware

www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/ Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from.

Hidden Cam Above Bluetooth Pump Skimmer

krebsonsecurity.com/2019/11/hidden-cam-above-bluetooth-pump-skimmer/ Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week Id never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/ CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, . which is part of the android-gif-drawable package. While this flaw has also been patched, many applications still use the older version and remain at risk.

Exploit code published for dangerous Apache Solr remote code execution flaw

www.zdnet.com/article/exploit-code-published-for-dangerous-apache-solr-remote-code-execution-flaw/ Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought.

UN Secretary-General: US-China Tech Divide Could Cause More Havoc Than the Cold War

www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/ In an interview with WIRED editor in chief Nicholas Thompson, António Guterres says the world’s next major conflict will start in cyberspace.

Näin Venäjällä: pakollinen ohjelmistolataus tulossa kaikkiin puhelimiin ja tietokoneisiin

www.tekniikkatalous.fi/uutiset/nain-venajalla-pakollinen-ohjelmistolataus-tulossa-kaikkiin-puhelimiin-ja-tietokoneisiin/b61592a3-229a-421f-80ed-7101c44c28ed Venäjän parlamentin alahuone eli duuma on hyväksynyt lain, jonka mukaan kaikkiin puhelimiin, tietokoneisiin ja älytelevisioihin on tulevaisuudessa asennettava venäläinen ohjelmisto.

You might be interested in …

Daily NCSC-FI news followup 2020-07-13

The NCSC-UK’s Exercise in a Box tool set has been updated to help organisations keep their employees safe while working from home www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/ The ‘Home and Remote Working’ exercise has been added to the NCSC-UK’s Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyber attacks by […]

Read More

Daily NCSC-FI news followup 2020-03-21

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears threatpost.com/revamped-hawkeye-keylogger-coronavirus-fears/154013/ Theres a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. Its being distributed using spam that purports to be an alert from the Director-General of the World Health […]

Read More

Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also: www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and Microsoft Phishing Attack Uses Google Redirects to Evade Detection www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.