Daily NCSC-FI news followup 2019-12-15

(Lazy) Sunday Maldoc Analysis: A Bit More …

isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis+A+Bit+More/25608/ At the end of my diary entry “(Lazy) Sunday Maldoc Analysis”, I wrote that there was something unusal about this document. Let’s take a look at the content of the file and compare that with the file size.

Luulitko älylukon olevan turvallinen? Varoittava esimerkki panee miettimään

www.is.fi/digitoday/tietoturva/art-2000006342753.html Kännykällä ohjattava ja yksityisasunnoissa käytetty KeyWe Smart Lock – -niminen älylukko on haavoittuva, eikä sitä voi edes korjata jälkikäteen. Näin kertoo suomalainen tietoturvayhtiö F-Secure, joka perehtyi lukon toimintaan syvällisesti.

Chrome Will Automatically Scan Your Passwords Against Data Breaches

www.wired.com/story/chrome-79-password-check/ Google’s password checking feature has slowly been spreading across the Google ecosystem this past year. It started as the “Password Checkup” extension for desktop versions of Chrome, which would audit individual passwords when you entered them, and several months later it was integrated into every Google account as an on-demand audit you can run on all your saved passwords. Now, instead of a Chrome extension, Password Checkup is being integrated into the desktop and mobile versions of Chrome 79.

Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long

www.forbes.com/sites/louiscolumbus/2019/12/15/shadow-it-is-the-cybersecurity-threat-that-keeps-giving-all-year-long/ More than 5,000 personal devices connect to enterprise networks every day with little or no endpoint security enabled in one of every three companies in the U.S., U.K., and Germany. More than 1,000 shadow IoT devices connect to enterprise networks every day in 30% of the U.S., U.K., and German companies. 12% of U.K. organizations are seeing more than 10,000 shadow IoT devices connect to their enterprise networks every day.

#hacking | The biggest tech threats to 2020 elections

nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/ As our election system modernizes, securing our democratic process has become a chief concern for both U.S. legislators and voters. Just last month, the House passed the SHIELD Act, which is focused on securing our elections. But thats not going to be enough in an era when technology is turning out entirely new attack surfaces.

You might be interested in …

Daily NCSC-FI news followup 2021-02-22

Jian The Chinese Double-edged Cyber Sword blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword/ In the last few months, Check Point Research (CPR) focused on recent Windows Local Privilege Escalation (LPE) exploits attributed to Chinese actors. An LPE is used by attackers to acquire Administrator rights on a Windows machine. During this investigation, our malware and vulnerability researchers managed to unravel the […]

Read More

Daily NCSC-FI news followup 2020-09-11

New cyberattacks targeting U.S. elections blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below.. Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties […]

Read More

Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.