Daily NCSC-FI news followup 2019-11-30

How is NordVPN unblocking Disney+? It might be through YOUR own computer. Even if youve never used Disney+ or NordVPN.

medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/ A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.

iOS apps could really benefit from the newly proposed Security.plist standard

www.zdnet.com/article/ios-apps-could-really-benefit-from-the-newly-proposed-security-plist-standard/ The idea is simple. App makers would create a property list file (plist) named security.plist that they would embed inside the root of their iOS apps.. The file would contain all the basic contact details for reporting a security flaw to the app’s creator. Security researchers analyzing an app would have an easy way to get in contact with the app’s creators.

You might be interested in …

Daily NCSC-FI news followup 2020-09-22

How to fight delayed phishing www.kaspersky.com/blog/delayed-phishing-countermeasures/37153/ Phishing links in e-mails to company employees often become active after initial scanning. But they still can and must be caught. Phishing has long been a major attack vector on corporate networks. Its no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, […]

Read More

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.