Daily NCSC-FI news followup 2019-12-29

UK Government exposes addresses of new year honours recipients

www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients More than 1,000 celebrities, government employees and politicians recognized in the U.K.’s traditional New Year’s Honours list this year “have had their home and work addresses posted on a government website.”

IoT vendor Wyze confirms server leak

www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/ Wyze, a company that sells smart devices like security cameras, smart plugs, smart lightbulbs, and smart door locks, confirmed today a server leak that exposed the details of roughly 2.4 million customers.. The leak occurred after an internal database was accidentally exposed online, Wyze co-founder Dongsheng Song said in a forum post published over Christmas.

2019 Data Breaches: These were the biggest data breaches of the year

www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/ The words “unsecured database” seemed to run on repeat through security journalism in 2019. Every month, another company was asking its customers to change their passwords and report any damage.

Top 10 Breaches and Leaky Server Screw Ups of 2019

threatpost.com/top-10-breaches-leaky-server-2019/151386/ 2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Heres the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.

The Uncommon Becomes Ordinary: 4 Trends That Defined Data Breaches in 2019

securityintelligence.com/articles/the-uncommon-becomes-ordinary-4-trends-that-defined-data-breaches-in-2019/

The iOS, Android security landscape in 2019

www.zdnet.com/pictures/these-are-the-ios-android-malware-families-most-likely-to-hit-your-handset-in-2019/

Biggest Malware Threats of 2019

threatpost.com/biggest-malware-threats-of-2019/151423/ 2019 was another banner year for bots, trojans, RATS and ransomware. Lets take a look back.

The Internet of Things (IoT) and security in 2019

www.zdnet.com/pictures/the-biggest-internet-of-things-smart-home-hacks-over-2019/ Attackers targeted everything from gas pumps to your smart TV this year.

Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap

threatpost.com/top-zero-days-data-breaches-and-security-stories-of-2019-news-wrap/151340/

Reviewing our 2019 AppSec predictions: Supply chain attacks

blog.barracuda.com/2019/12/24/reviewing-our-2019-appsec-predictions-supply-chain-attacks/ At the start of the year, I made three predictions on attacks vectors that would become big problems over the year and beyond. This is the look at where the three are, now, at the end of the year.

Catalog of Supply Chain Compromises

github.com/cncf/sig-security/tree/master/supply-chain-security/compromises The goal is not to catalog every known supply chain attack, but rather to capture many examples of different kinds of attack, so that we can better understand the patterns and develop best practices and tools.

A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s

blog.malwarebytes.com/awareness/2019/12/a-decade-in-cybersecurity-fails-top-breaches-threats-of-2010s/

Start the Year Right with a Security and Privacy Check Up

www.tripwire.com/state-of-security/security-awareness/start-year-right-security-privacy-check-up/ Change passwords, enable multi-factor authentication, review security and privacy settings.

7 signs your cybersecurity is doomed to fail in 2020

www.helpnetsecurity.com/2019/12/20/cybersecurity-fail-2020/

Looking Ahead to 2020 Cybersecurity Trends and a New Decade

securityintelligence.com/articles/looking-ahead-to-2020-cybersecurity-trends-and-a-new-decade/

2020 Predictions: Mobile Security

www.scmagazine.com/home/security-news/mobile-security/2020-predictions-mobile-security/

Bringing Starchild Down to Earth: Soraka SDK

www.whiteops.com/blog/bringing-starchild-down-to-earth-soraka-sdk The White Ops Threat Intelligence team recently identified 100+ malicious apps, with more than 4.6 million downloads, performing ad fraud. All of the apps use a common code package White Ops has dubbed Soraka (com.android.sorakalibrary)

You might be interested in …

Daily NCSC-FI news followup 2019-07-28

Who’s Behind the Syrian Electronic Army? – An OSINT Analysis ddanchev.blogspot.com/2019/07/whos-behind-syrian-electronic-army.html Continuing the “FBI Most Wanted Cybercriminals” series I’ve decided to continue providing actionable threat intelligence on some of the most prolific and wanted cybercriminals in the World through the distribution and dissemination of actionable intelligence regarding some of the most prolific and wanted cybercriminals.. […]

Read More

Daily NCSC-FI news followup 2021-08-26

Microsoft Breaks Silence on Barrage of ProxyShell Attacks threatpost.com/microsoft-barrage-proxyshell-attacks/168943/ Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers […]

Read More

Daily NCSC-FI news followup 2021-05-19

Email attachment believed to have opened door to cyber-attack on Waikato hospitals www.stuff.co.nz/national/125175283/email-attachment-believed-to-have-opened-door-to-cyberattack-on-waikato-hospitals This crashed phone lines and computers on Tuesday morning, blocking all information technology (IT) services except email in Waikato, Thames, Tokoroa, Te Kiti and Taumarunui hospitals. Evil Logitech – erm I ment USB cable luemmelsec.github.io/Building-An-Evil-USB-Cable/ I already heared about something like this […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.