Daily NCSC-FI news followup 2019-12-14

New Orleans city government under cyberattack; workers told to turn off, unplug computers

www.nola.com/news/politics/article_0039909a-1dd3-11ea-919e-938ea62f03b5.html Workers in New Orleans City Hall were told a cyberattack has struck the city government, multiple sources said on Friday. The exact extent of the attack is unknown. The attack was announced over the loudspeaker system in City Hall and workers were told to turn off and unplug their computers about before noon on Friday. City websites are also down.. Also:

www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/.

www.zdnet.com/article/new-orleans-hit-by-ransomware-city-employees-told-to-turn-off-computers/.

www.bleepingcomputer.com/news/security/new-orleans-suffers-ransomware-attack-emergency-services-intact/

GitLab Doles Out Half a Million Bucks to White Hats

threatpost.com/gitlab-doles-out-half-a-million-bucks-to-white-hats/151138/ The DevOps lifecycle management said that response to its year-old bug-bounty program has been robust. GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year and has announced the winners of its latest hacking contest.

One in every 172 active RSA certificates are vulnerable to attack

www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/ Researchers say improper number generation can impact the security of keys used to protect everything from IoT to medical devices. A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use. On Saturday at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in Los Angeles, Calfornia, a team of researchers from Keyfactor presented their findings into the security posture of digital certificates.

Todellisen tietomurron tekijän mukaan lähti Facebookin salaamattomia henkilötietoja ei syytä paniikkiin

www.tivi.fi/uutiset/tv/5f3096e0-22be-45f2-853c-b6305f242956 Tietomurrot hoidetaan nykyisin yleensä näppäimistön ja näytön avulla. Perinteisellä sorkkarautametodillakin datavarkauksia silti tapahtuu. Somejätti Facebook on julkaissut tietoja ikävästä tapauksesta. Yhtiön työntekijän autoon oli murtauduttu ja autosta varastettu kiintolevyjä, CNBC kertoo. Levyille oli tallennettu salaamattomassa muodossa tietoja yhtiön entisistä ja nykyisistä työntekijöistä.. Also:

www.theregister.co.uk/2019/12/13/facebook_data_loss/

Attackers Terrify Homeowners After Hacking Ring Devices

www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/ In a series of hacks targeting Ring camera devices, attackers are terrifying homeowners and making them feel violated in their own homes after taunting them or speaking to their children over the device’s speakers. On December 12th, numerous media outlets reported that homeowner’s Ring devices were being hacked and used to talk to people in their homes while they are making dinner, having breakfast, or playing in their rooms.

You might be interested in …

Daily NCSC-FI news followup 2020-01-17

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html As noted in Rough Patch: I Promise It’ll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix […]

Read More

Daily NCSC-FI news followup 2020-05-31

Nettipetoksia tehnyt vangittiin www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/nettipetoksia_tehnyt_vangittiin_90541?language=fi Petokset ovat olleet enimmäkseen tyypillisiä nettipetoksia, joissa myydään olematonta tavaraa hyväuskoisille ihmisille lähinnä Tori.fi-sivustolla. Hacker leaks database of dark web hosting provider www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/ “This information could substantially help law enforcement track the individuals running or taking part in illegal activities on these darknet sites, ” Under the Breach told ZDNet. The […]

Read More

Daily NCSC-FI news followup 2020-12-05

Toimittaja Aarno Malin hankki poliisille Vastaamo-kiristäjän jahdissa käytettäviä tietoja sai koneelleen 32 000 potilaskertomusta www.mtvuutiset.fi/artikkeli/toimittaja-aarno-malin-hankki-poliisille-vastaamo-kiristajan-jahdissa-kaytettavia-tietoja-sai-koneelleen-32-000-potilaskertomusta/8002876 Vastaamo-kiristäjän jahtaaminen on mobilisoinut runsaasti ihmisiä yhteiskunnan eri sektoreilla. Toimittaja Aarno Malin on yksi heistä, joiden avulla kiristäjää koskevia tietoja on saatu viranomaisille osaksi tutkintaa. Italian police arrest two over hacking at defence group Leonardo www.reuters.com/article/idUSL8N2IL08W A manager and a […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.