Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers

blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart.

Landry’s restaurant chain disclose POS malware incident

www.zdnet.com/article/landrys-restaurant-chain-disclose-pos-malware-incident/ US restaurant chain Landry’s disclosed a security incident that involved the discovery of malware on the network of hundreds of restaurants.

Ransomware Attackers Offer Holiday Discounts and Greetings

www.bleepingcomputer.com/news/security/ransomware-attackers-offer-holiday-discounts-and-greetings/ To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand.Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.

Starbucks Devs Leave API Key in GitHub Public Repo

www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/ One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

Post-quantum TLS now supported in AWS KMS https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ AWS Key Management Service (AWS KMS) now supports post-quantum hybrid key exchange for the Transport Layer Security (TLS) network encryption protocol that is used when connecting to KMS API endpoints. In this post, Ill tell you what post-quantum TLS is, what hybrid key exchange is, why its important, how to take advantage of this new feature, and how to give us feedback.

You might be interested in …

Daily NCSC-FI news followup 2020-09-03

Suomalaisten ammattiliittojen jäsenten tietoja kalasteltiin toimi näin, jos lankesit ansaan www.tivi.fi/uutiset/tv/3b254379-c90e-48fa-b97f-282f4e7086ee Ylemmät toimihenkilöt YTN edustaa Suomessa 20 akavalaisen liiton kautta noin 170 000 asiantuntijaa ja esimiestä eri toimialoilla. YTN kertoo tiedotteessaan joutuneensa 25. elokuuta tietomurron kohteeksi. Uhriksi joutui yksi YTN:n työntekijän sähköpostilaatikko. YTN:n mukaan hyökkäys rajoittui tähän, eikä esimerkiksi henkilötietoja päätynyt murron myötä vääriin käsiin. […]

Read More

Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating […]

Read More

Daily NCSC-FI news followup 2020-08-03

EU imposes the first ever sanctions against cyber-attacks www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/ The Council today decided to impose restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.