Daily NCSC-FI news followup 2020-01-29

EXCLUSIVE: The cyber attack the UN tried to keep under wraps

www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack The UN did not publicly disclose a major hacking attack into its IT systems in Europe a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates.. also: apnews.com/0d958e15d7f5081dd612f07482f48b73

Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia.

www.nytimes.com/2020/01/28/reader-center/phone-hacking-saudi-arabia.html – From a suspicious text message I received, technology researchers concluded that hackers working for Saudi Arabia had targeted my phone with powerful Israeli software.. also:

citizenlab.ca/2020/01/stopping-the-press-new-york-times-journalist-targeted-by-saudi-linked-pegasus-spyware-operator/

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/ In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the undergrounds most popular crime shops, which claims

Canadian insurer paid for ransomware decryptor. Now it’s hunting the scum down

www.theregister.co.uk/2020/01/29/canadian_insurer_paid_ransomware_hunt/ A Canadian insurance business struck by ransomware paid off the crooks via a cyber insurance policy and their English reinsurers, having shelled out 109.25 Bitcoins, want it back from the alleged blackmailers.. Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a “blockchain investigations firm”, which eventually pinpointed the people responsible.. also:

www.coindesk.com/british-court-freezes-860000-in-bitcoin-linked-to-ransomware-payout

2019 saw more cryptocurrency hacks than any other year

www.zdnet.com/article/2019-saw-more-cryptocurrency-hacks-than-any-other-year/ Hackers launched more attacks against cryptocurrency exchanges in 2019, but stole fewer funds.. In 2019, hackers have successfully breached 11 major cryptocurrency exchanges and have stolen more than $283 million worth of cryptocurrency, according to blockchain analysis firm Chainalysis.

Sitra: Datan liikkumista mahdoton hahmottaa gdpr täysin riittämätön

www.tivi.fi/uutiset/tv/e060fafc-9a03-486e-9f5b-421fe366fdb0

Sprint Exposed Customer Support Site to Web

krebsonsecurity.com/2020/01/sprint-exposed-customer-support-site-to-web/ Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.

SIM Swappers Are Phishing Telecom Company Employees to Access Internal Tools

www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools SIM swappers are particularly interested in a tool called Omni from Verizon that allows hackers to take over phone numbers.

Leaked Documents Expose the Secretive Market for Your Web Browsing Data

www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation An Avast antivirus subsidiary sells ‘Every search. Every click. Every buy. On every site.’ Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

Why the UK is banning default passwords in IoT devices

tech.newstatesman.com/security/uk-banning-default-passwords

Apple has a Vladimir Putin problem

www.fastcompany.com/90456530/apple-has-a-vladimir-putin-problem In November 2019, Russian parliament passed whats become

Google Continues to Prod Holes in Apples Security

www.cbronline.com/news/apple-cves-google One vulnerability could allow attackers nearby to remote control any Mac systems with zero interaction.

You might be interested in …

Daily NCSC-FI news followup 2020-02-18

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin threatpost.com/active-exploits-hit-vulnerable-wordpress-themegrill-plugin/152947/ Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. Ole organisaatiosi tietoturvan vahvin lenkki myös matkustaessasi ek.fi/ajankohtaista/uutiset/2020/02/18/ole-organisaatiosi-tietoturvan-vahvin-lenkki-myos-matkustaessasi/ Matkustaessa korostuvat mahdollisuus henkilötiedusteluun, eli ihmisiltä tehtävään tiedonhankintaan, sekä riski […]

Read More

Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/ The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. 2, 000 coronavirus scammers taken offline in major phishing crackdown www.zdnet.com/article/2000-coronavirus-scammers-taken-offline-in-major-phishing-crackdown/ And now cybersecurity authorities want your help with spotting […]

Read More

Daily NCSC-FI news followup 2020-06-01

Postin nimissä käynnissä kolme huijausta, yksi on erityisen häijy – numerostasi lähetetään viestejä www.is.fi/digitoday/tietoturva/art-2000006523529.html Oikeissa Postin viesteissä ei pääsääntöisesti ole linkkejä. Jos seuraat linkkiä verkkosivulle, tarkista sen osoite osoiteriviltä. Väärien sivujen osoitteet eivät usein muistuta juuri lainkaan aitoa osoitetta. Suhtaudu varauksella kaikkiin viesteihin, joissa sinulta pyydetään maksua tai sinun halutaan kirjautuvan jonnekin pankkitunnuksillasi. Katso myös: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.