Daily NCSC-FI news followup 2019-12-08

Clever Microsoft Phishing Scam Creates a Local Login Form

www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/ A clever phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. A typical credential-stealing phishing scam consists of an email where the attacker tries to convince the user to click a link in order to retrieve a document or prevent something from happening. These links will then bring the user to a web site, or landing page, that includes a login form where the user must enter their login credentials to proceed. With this type of attack, users can either detect the scam by the contents of the email, by a suspicious remote site and landing page, or by alerts from security solutions. Read also:

isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/ A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services including network security, data backup and voice-over-IP phone service.

#kyberpuolustus-kirja opastaa kyberin maailmaan

maanpuolustuskorkeakoulu.fi/artikkeli/-/asset_publisher/-kyberpuolustus-kirja-opastaa-kyberin-maailmaan Kybertoimintaympäristö kehittyy kovalla vauhdilla, ja kyberturvallisuus koskettaa koko yhteiskuntaa kriittisestä infrastruktuurista aina kuluttajiin asti.. b#kyberpuolustus kuvaa kybertoimintaympäristöä ja siihen liittyviä ilmiöitä etenkin Puolustusvoimien henkilöstölle, mutta kirjan esimerkit soveltuvat myös ulkopuoliseen käyttöön. Kybertoimintaympäristö on tärkeä maanpuolustukselle, mutta monia kirjassa käsiteltäviä ilmiöitä ja uhkia lähestytään Puolustusvoimia laajemminkin. Kirjan sisältö soveltuukin hyvin lähteeksi myös muille toimijoille.. Kirjassa avataan monia kyberpuolustukseen liittyviä käsitteitä yksinkertaisesti, ja yhtenä kirjan tavoitteena on ollut mahdollisimman yleistajuinen ja helposti lähestyttävä kielenkäyttö. Kirja:

urn.fi/URN:ISBN:978-951-25-3120-2

You might be interested in …

Daily NCSC-FI news followup 2019-06-27

Firefox Will Give You a Fake Browsing History to Fool Advertisers www.vice.com/en_us/article/43j8qm/firefox-will-give-you-a-fake-browsing-history-to-fool-advertisers Using the ‘Track THIS’ tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. Google Public DNS over HTTPS (DoH) supports RFC 8484 standard security.googleblog.com/2019/06/google-public-dns-over-https-doh.html Ever since […]

Read More

Daily NCSC-FI news followup 2020-09-15

Windows Exploit Released For Microsoft Zerologon Flaw threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/ Security researchers and U.S. government authorities alike are urging admins to address Microsofts critical privilege escalation flaw.. Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies Active Directory domain […]

Read More

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.