Daily NCSC-FI news followup 2019-12-24

Google Chrome impacted by new Magellan 2.0 vulnerabilities

www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/ A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.. All apps that use an SQLite database to store data are vulnerable, although, the vector for “remote attacks over the internet” is

How to secure your digital Christmas presents

www.welivesecurity.com/2019/12/23/how-secure-digital-christmas-presents/ Whether its a smartphone, laptop or, say, an Internet-of-Things (IoT) gadget, theres a number of things you should consider even before you begin to use your new device.

A Twitter app bug was used to match 17 million phone numbers to user accounts

techcrunch.com/2019/12/24/twitter-android-bug-phone-numbers/ He said Twitters contact upload feature doesnt accept lists of phone numbers in sequential format likely as a way to prevent this kind of matching. Instead, he generated more than two billion phone numbers, one after the other, then randomized the numbers, and uploaded them to Twitter through the Android app.

Cyber attack forces airline to cancel flights in Alaska

techxplore.com/news/2019-12-cyber-ravnair-cancel-flights-alaska.html RavnAir canceled at least a half-dozen flights in Alaska on Saturdayat the peak of holiday travelfollowing what the company described as “a malicious cyber attack” on its computer network.

Looking into Attacks and Techniques Used Against WordPress Sites

blog.trendmicro.com/trendlabs-security-intelligence/looking-into-attacks-and-techniques-used-against-wordpress-sites/ Wordpess is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors.

Using WebRTC ICE Servers for Port Scanning in Chrome

medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474

Hardware hacks: The next generation of cybercrime

www.helpnetsecurity.com/2019/12/19/hardware-hacks/

Analysis of RDP attacks: Defender Quarantines Lsass Dumps

www.wilbursecurity.com/2019/12/defender-quarantines-lsass-dumps/

Wireshark Tutorial: Examining Ursnif Infections

unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/

You might be interested in …

Daily NCSC-FI news followup 2020-04-03

A hacker has wiped, defaced more than 15,000 Elasticsearch servers www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/ For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. […]

Read More

Daily NCSC-FI news followup 2019-08-27

US GOV: DHS stored data from bioterrorism defense on an insecure website for a decade www.latimes.com/science/sciencenow/la-sci-biowatch-20190402-story.html Nato: a serious cyberattack could trigger Article 5 of our founding treaty. www.prospectmagazine.co.uk/world/nato-will-defend-itself We have designated cyberspace a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at […]

Read More

Daily NCSC-FI news followup 2020-09-03

Suomalaisten ammattiliittojen jäsenten tietoja kalasteltiin toimi näin, jos lankesit ansaan www.tivi.fi/uutiset/tv/3b254379-c90e-48fa-b97f-282f4e7086ee Ylemmät toimihenkilöt YTN edustaa Suomessa 20 akavalaisen liiton kautta noin 170 000 asiantuntijaa ja esimiestä eri toimialoilla. YTN kertoo tiedotteessaan joutuneensa 25. elokuuta tietomurron kohteeksi. Uhriksi joutui yksi YTN:n työntekijän sähköpostilaatikko. YTN:n mukaan hyökkäys rajoittui tähän, eikä esimerkiksi henkilötietoja päätynyt murron myötä vääriin käsiin. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.