Daily NCSC-FI news followup 2019-12-29

UK Government exposes addresses of new year honours recipients

www.theguardian.com/uk-news/2019/dec/28/government-exposes-addresses-of-new-year-honours-recipients More than 1,000 celebrities, government employees and politicians recognized in the U.K.’s traditional New Year’s Honours list this year “have had their home and work addresses posted on a government website.”

IoT vendor Wyze confirms server leak

www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/ Wyze, a company that sells smart devices like security cameras, smart plugs, smart lightbulbs, and smart door locks, confirmed today a server leak that exposed the details of roughly 2.4 million customers.. The leak occurred after an internal database was accidentally exposed online, Wyze co-founder Dongsheng Song said in a forum post published over Christmas.

2019 Data Breaches: These were the biggest data breaches of the year

www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/ The words “unsecured database” seemed to run on repeat through security journalism in 2019. Every month, another company was asking its customers to change their passwords and report any damage.

Top 10 Breaches and Leaky Server Screw Ups of 2019

threatpost.com/top-10-breaches-leaky-server-2019/151386/ 2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Heres the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.

The Uncommon Becomes Ordinary: 4 Trends That Defined Data Breaches in 2019

securityintelligence.com/articles/the-uncommon-becomes-ordinary-4-trends-that-defined-data-breaches-in-2019/

The iOS, Android security landscape in 2019

www.zdnet.com/pictures/these-are-the-ios-android-malware-families-most-likely-to-hit-your-handset-in-2019/

Biggest Malware Threats of 2019

threatpost.com/biggest-malware-threats-of-2019/151423/ 2019 was another banner year for bots, trojans, RATS and ransomware. Lets take a look back.

The Internet of Things (IoT) and security in 2019

www.zdnet.com/pictures/the-biggest-internet-of-things-smart-home-hacks-over-2019/ Attackers targeted everything from gas pumps to your smart TV this year.

Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap

threatpost.com/top-zero-days-data-breaches-and-security-stories-of-2019-news-wrap/151340/

Reviewing our 2019 AppSec predictions: Supply chain attacks

blog.barracuda.com/2019/12/24/reviewing-our-2019-appsec-predictions-supply-chain-attacks/ At the start of the year, I made three predictions on attacks vectors that would become big problems over the year and beyond. This is the look at where the three are, now, at the end of the year.

Catalog of Supply Chain Compromises

github.com/cncf/sig-security/tree/master/supply-chain-security/compromises The goal is not to catalog every known supply chain attack, but rather to capture many examples of different kinds of attack, so that we can better understand the patterns and develop best practices and tools.

A decade in cybersecurity fails: the top breaches, threats, and ‘whoopsies’ of the 2010s

blog.malwarebytes.com/awareness/2019/12/a-decade-in-cybersecurity-fails-top-breaches-threats-of-2010s/

Start the Year Right with a Security and Privacy Check Up

www.tripwire.com/state-of-security/security-awareness/start-year-right-security-privacy-check-up/ Change passwords, enable multi-factor authentication, review security and privacy settings.

7 signs your cybersecurity is doomed to fail in 2020

www.helpnetsecurity.com/2019/12/20/cybersecurity-fail-2020/

Looking Ahead to 2020 Cybersecurity Trends and a New Decade

securityintelligence.com/articles/looking-ahead-to-2020-cybersecurity-trends-and-a-new-decade/

2020 Predictions: Mobile Security

www.scmagazine.com/home/security-news/mobile-security/2020-predictions-mobile-security/

Bringing Starchild Down to Earth: Soraka SDK

www.whiteops.com/blog/bringing-starchild-down-to-earth-soraka-sdk The White Ops Threat Intelligence team recently identified 100+ malicious apps, with more than 4.6 million downloads, performing ad fraud. All of the apps use a common code package White Ops has dubbed Soraka (com.android.sorakalibrary)

You might be interested in …

Daily NCSC-FI news followup 2020-10-30

Attacks exploiting Netlogon vulnerability (CVE-2020-1472) msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/ Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to […]

Read More

Daily NCSC-FI news followup 2019-10-11

Hakkeriryhmä testasi Jyväskylän yliopiston tietoturvaa www.jyu.fi/fi/ajankohtaista/arkisto/2019/10/hakkeriryhma-testasi-jyvaskylan-yliopiston-tietoturvaa Useiden Jyväskylän yliopiston tietojärjestelmien tietoturvaa testattiin syyskuussa normaalista poikkeavalla tavalla, kun valkohattuhakkeriryhmä Team ROT etsi niistä tietoturvaongelmia toteuttamassaan tietoturvatestauksessa.. Tietoturvatestaus toteutettiin viikonlopun aikana niin, että se haittasi mahdollisimman vähän yliopiston normaalia toimintaa. Testaajilla ei ollut fyysistä pääsyä yliopiston järjestelmiin, vaan yhteys niihin muodostettiin etäältä avoimen verkon kautta juuri niin […]

Read More

Daily NCSC-FI news followup 2019-10-01

Yritysten kybervarautumisen tilanne ei juurikaan ole muuttunut uhat ovat yleistyneet www.kauppakamarilehti.fi/index.php/ajankohtaista/yritysten-kybervarautumisen-tilanne-ei-juurikaan-ole-muuttunut-uhat-ovat-yleistyneet/ Selvitys tehtiin syksyllä 2019 yhteistyössä CyVantage LLC:n kanssa. Yrityksiin kohdistuvat kyberuhat 2019 -selvitys osoittaa että niin yritysten kuin viranomaisten toiminnassa torjua kyberuhkia on paljon kehitettävää. Selvitys on kolmas, mikä aiheesta on tehty. Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.