Daily NCSC-FI news followup 2020-01-02

New evasion techniques found in web skimmers

blog.malwarebytes.com/threat-analysis/2019/12/new-evasion-techniques-found-in-web-skimmers/ For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart.

Landry’s restaurant chain disclose POS malware incident

www.zdnet.com/article/landrys-restaurant-chain-disclose-pos-malware-incident/ US restaurant chain Landry’s disclosed a security incident that involved the discovery of malware on the network of hundreds of restaurants.

Ransomware Attackers Offer Holiday Discounts and Greetings

www.bleepingcomputer.com/news/security/ransomware-attackers-offer-holiday-discounts-and-greetings/ To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand.Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.

Starbucks Devs Leave API Key in GitHub Public Repo

www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/ One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

Post-quantum TLS now supported in AWS KMS https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/ AWS Key Management Service (AWS KMS) now supports post-quantum hybrid key exchange for the Transport Layer Security (TLS) network encryption protocol that is used when connecting to KMS API endpoints. In this post, Ill tell you what post-quantum TLS is, what hybrid key exchange is, why its important, how to take advantage of this new feature, and how to give us feedback.

Daily NCSC-FI news followup 2020-10-23

Inhimillinen virhe, haittaohjelma vai jotakin muuta? Kysyimme asiantuntijalta, miten Vastaamon järkyttävä tietomurto oli mahdollinen yle.fi/uutiset/3-11611051 Vuodon taustalla voi olla inhimillinen virhe ylläpidossa, joka on mahdollistanut tietomurron. Silloin järjestelmän ylläpitäjä olisi esimerkiksi paljastanut järjestelmästä sellaisia osia, joiden avulla hyökkääjä on voinut ohittaa suojauksia. Se ei kuitenkaan ole ainoa vaihtoehto, Liikenne- ja viestintäviraston Kyberturvallisuuskeskuksen erityisasiantuntija Perttu Halonen […]

Daily NCSC-FI news followup 2019-06-08

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover threatpost.com/amcrest-critical-security-issues/145507/ Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade ($50) Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the six security flaws in the IPM-721S […]

Daily NCSC-FI news followup 2021-09-24

SonicWall warns users to patch critical vulnerability as soon as possible blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/ SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device. Uusi pankkihuijaus […]