Daily NCSC-FI news followup 2019-12-24

Google Chrome impacted by new Magellan 2.0 vulnerabilities

www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/ A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.. All apps that use an SQLite database to store data are vulnerable, although, the vector for “remote attacks over the internet” is

How to secure your digital Christmas presents

www.welivesecurity.com/2019/12/23/how-secure-digital-christmas-presents/ Whether its a smartphone, laptop or, say, an Internet-of-Things (IoT) gadget, theres a number of things you should consider even before you begin to use your new device.

A Twitter app bug was used to match 17 million phone numbers to user accounts

techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/ He said Twitters contact upload feature doesnt accept lists of phone numbers in sequential format likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app.

Cyber attack forces airline to cancel flights in Alaska

techxplore.com/news/2019-12-cyber-ravnair-cancel-flights-alaska.html RavnAir canceled at least a half-dozen flights in Alaska on Saturdayat the peak of holiday travelfollowing what the company described as “a malicious cyber attack” on its computer network.

Looking into Attacks and Techniques Used Against WordPress Sites

blog.trendmicro.com/trendlabs-security-intelligence/looking-into-attacks-and-techniques-used-against-wordpress-sites/ Wordpess is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors.

Using WebRTC ICE Servers for Port Scanning in Chrome

medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474

Hardware hacks: The next generation of cybercrime

www.helpnetsecurity.com/2019/12/19/hardware-hacks/

Analysis of RDP attacks: Defender Quarantines Lsass Dumps

www.wilbursecurity.com/2019/12/defender-quarantines-lsass-dumps/

Wireshark Tutorial: Examining Ursnif Infections

unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

You might be interested in …

Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also www.is.fi/digitoday/tietoturva/art-2000006605860.html World’s largest cruise line operator discloses ransomware attack www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack […]

Read More

Daily NCSC-FI news followup 2020-01-19

Kohta kaikki tapahtuu pilvessä Amazonin evankelista vertaa pilvipalveluita sähkölaitoksiin yle.fi/uutiset/3-11151242 Pilvipalveluista on lyhyessä ajassa muodostunut perusta, jonka päälle arkemme rakentuu. Sähköpostit, valokuvat ja pikaviestit tallentuvat kaikki palvelinkeskuksiin eri puolille maailmaa.. Suomessa yritykset ovat viime vuosien aikana siirtyneet vauhdilla pilvipalveluiden asiakkaiksi. Elinkeinoelämän keskusliiton EK:n tilastojen mukaan suurista suomalaisyrityksistä 90 prosenttia käyttää maksullisia pilvipalveluita.. Suunta on aivan […]

Read More

Daily NCSC-FI news followup 2021-01-13

Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement Under the Radar blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/ A sign of a truly sophisticated attack in the cloud is the ability to move laterally undetected. Doing so successfully requires knowledge of many techniques. In this latest installation of the Cloud Threat Hunting: Attack and Investigation Series, we present the most […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.