Daily NCSC-FI news followup 2019-12-24

Google Chrome impacted by new Magellan 2.0 vulnerabilities

www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/ A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.. All apps that use an SQLite database to store data are vulnerable, although, the vector for “remote attacks over the internet” is

How to secure your digital Christmas presents

www.welivesecurity.com/2019/12/23/how-secure-digital-christmas-presents/ Whether its a smartphone, laptop or, say, an Internet-of-Things (IoT) gadget, theres a number of things you should consider even before you begin to use your new device.

A Twitter app bug was used to match 17 million phone numbers to user accounts

techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/ He said Twitters contact upload feature doesnt accept lists of phone numbers in sequential format likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app.

Cyber attack forces airline to cancel flights in Alaska

techxplore.com/news/2019-12-cyber-ravnair-cancel-flights-alaska.html RavnAir canceled at least a half-dozen flights in Alaska on Saturdayat the peak of holiday travelfollowing what the company described as “a malicious cyber attack” on its computer network.

Looking into Attacks and Techniques Used Against WordPress Sites

blog.trendmicro.com/trendlabs-security-intelligence/looking-into-attacks-and-techniques-used-against-wordpress-sites/ Wordpess is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors.

Using WebRTC ICE Servers for Port Scanning in Chrome

medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474

Hardware hacks: The next generation of cybercrime

www.helpnetsecurity.com/2019/12/19/hardware-hacks/

Analysis of RDP attacks: Defender Quarantines Lsass Dumps

www.wilbursecurity.com/2019/12/defender-quarantines-lsass-dumps/

Wireshark Tutorial: Examining Ursnif Infections

unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

You might be interested in …

Daily NCSC-FI news followup 2019-12-20

267 miljoonan Facebook-käyttäjän tiedot päätyivät nettiin – älä silti hätäile www.is.fi/digitoday/tietoturva/art-2000006350462.html Vuoto ei kuitenkaan ole hälyttävin mahdollinen, vaikka koskeekin suurta määrää käyttäjiä. Tietueessa ei esimerkiksi ole salasanoja tai maksukortin tietoja. Lisäksi tiedot ovat enimmäkseen amerikkalaisilta käyttäjiltä.. Src: www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/ Supo: 5g-verkkotoimijat arvioitava ja poliittinen keskustelu käytävä www.is.fi/digitoday/tietoturva/art-2000006348909.html Cisco ASA DoS Bug Attacked in Wild blogs.cisco.com/security/talos/cisco-asa-dos-bug-attacked-in-wild Cisco […]

Read More

Daily NCSC-FI news followup 2020-12-19

Tietoturva NYT! – SolarWinds Orion Platformin takaovi mahdollisti vakoilun ja tietomurtoja www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/solarwinds-orion-platformin-takaovi-mahdollisti-vakoilun-ja-tietomurtoja SolarWinds Orion Platform -hallintatyökaluun lisätty takaovi on merkittävä tietoturvatapaus. Tietomurron ja vakoilun mahdollistanut takaovi onnistuttiin levittämään tuhansiin organisaatioihin. Työkalun haavoittuvaa versiota käyttävien organisaatioiden pyydetään olemaan yhteydessä Kyberturvallisuuskeskukseen. Lue myös: yle.fi/uutiset/3-11707606 Google OAuth incident – 14.12.2020 status.cloud.google.com/incident/zall/20013 On Monday 14 December, 2020, for a […]

Read More

Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.