Daily NCSC-FI news followup 2020-01-29

EXCLUSIVE: The cyber attack the UN tried to keep under wraps

www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack The UN did not publicly disclose a major hacking attack into its IT systems in Europe a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates.. also: apnews.com/0d958e15d7f5081dd612f07482f48b73

Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia.

www.nytimes.com/2020/01/28/reader-center/phone-hacking-saudi-arabia.html – From a suspicious text message I received, technology researchers concluded that hackers working for Saudi Arabia had targeted my phone with powerful Israeli software.. also:

citizenlab.ca/2020/01/stopping-the-press-new-york-times-journalist-targeted-by-saudi-linked-pegasus-spyware-operator/

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/ In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the undergrounds most popular crime shops, which claims

Canadian insurer paid for ransomware decryptor. Now it’s hunting the scum down

www.theregister.co.uk/2020/01/29/canadian_insurer_paid_ransomware_hunt/ A Canadian insurance business struck by ransomware paid off the crooks via a cyber insurance policy and their English reinsurers, having shelled out 109.25 Bitcoins, want it back from the alleged blackmailers.. Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a “blockchain investigations firm”, which eventually pinpointed the people responsible.. also:

www.coindesk.com/british-court-freezes-860000-in-bitcoin-linked-to-ransomware-payout

2019 saw more cryptocurrency hacks than any other year

www.zdnet.com/article/2019-saw-more-cryptocurrency-hacks-than-any-other-year/ Hackers launched more attacks against cryptocurrency exchanges in 2019, but stole fewer funds.. In 2019, hackers have successfully breached 11 major cryptocurrency exchanges and have stolen more than $283 million worth of cryptocurrency, according to blockchain analysis firm Chainalysis.

Sitra: Datan liikkumista mahdoton hahmottaa gdpr täysin riittämätön

www.tivi.fi/uutiset/tv/e060fafc-9a03-486e-9f5b-421fe366fdb0

Sprint Exposed Customer Support Site to Web

krebsonsecurity.com/2020/01/sprint-exposed-customer-support-site-to-web/ Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.

SIM Swappers Are Phishing Telecom Company Employees to Access Internal Tools

www.vice.com/en_us/article/v74b4d/sim-swappers-phishing-verizon-sprint-tmobile-to-access-internal-tools SIM swappers are particularly interested in a tool called Omni from Verizon that allows hackers to take over phone numbers.

Leaked Documents Expose the Secretive Market for Your Web Browsing Data

www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation An Avast antivirus subsidiary sells ‘Every search. Every click. Every buy. On every site.’ Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

Why the UK is banning default passwords in IoT devices

tech.newstatesman.com/security/uk-banning-default-passwords

Apple has a Vladimir Putin problem

www.fastcompany.com/90456530/apple-has-a-vladimir-putin-problem In November 2019, Russian parliament passed whats become

Google Continues to Prod Holes in Apples Security

www.cbronline.com/news/apple-cves-google One vulnerability could allow attackers nearby to remote control any Mac systems with zero interaction.

You might be interested in …

Daily NCSC-FI news followup 2019-07-26

Stock Trading Service Robinhood Admits To Storing Some Passwords in Cleartext www.zdnet.com/article/robinhood-admits-to-storing-some-passwords-in-cleartext/ “On Monday night, we discovered that some user credentials were stored in a readable format within our internal system,” the company said.. “We resolved the issue, and after thorough review, found no evidence that this information was accessed by anyone outside our response […]

Read More

Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites […]

Read More

Daily NCSC-FI news followup 2021-04-20

Pulse Connect Secure Security Update blog.pulsesecure.net/pulse-connect-secure-security-update/ The Pulse Secure team recently discovered that a limited number of customers have experienced evidence of exploit behavior on their Pulse Connect Secure (PCS) appliances. We are sharing information about the investigation and our actions through several communications channels in the best interests of our customers and the greater […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.