Daily NCSC-FI news followup 2020-01-30

Enterprise Hardware Still Vulnerable to Memory Lane Attacks

www.darkreading.com/vulnerabilities—threats/enterprise-hardware-still-vulnerable-to-memory-lane-attacks/d/d-id/1336921 Most laptops, workstations, and servers are still vulnerable to physical attacks via direct memory access, despite mitigations often being available, report says.. Report:

eclypsium.com/2020/01/30/direct-memory-access-attacks/

Dozens of companies have data dumped online by ransomware ring seeking leverage

arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leverage/ Maze operators “gift” Pensacola by removing data dump, but others not so lucky.. The Maze ransomware ring has taken extortion to new heights by publicly posting breached data on the Internetand threatening full dumps of stolen data if the ring’s “customers” don’t pay for their files to be unencrypted. But the group appears to be making one exception: the City of Pensacola, which was hit by Maze ransomware in December.

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

www.theregister.co.uk/2020/01/30/cops_crime_failure/ ‘We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime’

Varo uutta huijausta: Ilmoitus tekstiviestillä vie kalliiseen ansaan

www.is.fi/digitoday/tietoturva/art-2000006388489.html Saapuvasta paketista kertovassa tekstiviestissä on linkki hämäräsivuille, joiden tärkein tieto on pienellä ja harmaalla kirjoitettu.

Government Report Reveals Its Favorite Way to Hack iPhones, Without Backdoors

www.vice.com/en_us/article/n7jevz/government-report-reveals-its-favorite-way-to-hack-iphones-without-backdoors Feds are once again demanding encryption backdoors, but its own data shows it can extract data from phones without them.

US DOI halts operations for its entire drone fleet over Chinese cybersecurity concerns

www.zdnet.com/article/us-doi-halts-operations-for-its-entire-drone-fleet-over-cybersecurity-concerns/ The US Department of the Interior (DOI) has halted the operations of its entire drone fleet except in emergency situations as the department wants to review whether the drones manufactured by “designated foreign-owned companies” are a threat to national security.

U.N. Hack Stemmed From Microsoft SharePoint Flaw

threatpost.com/un-hack-microsoft-sharepoint-flaw/152378/ Reportedly, the bug wasnt patched, leading to a data breach in July.

Coronavirus Campaigns Spread Emotet, Malware

threatpost.com/coronavirus-propagate-emotet/152404/

Apple wants to standardize the format of SMS OTPs (one-time passcodes)

www.zdnet.com/article/apple-wants-to-standardize-the-format-of-sms-otps-one-time-passcodes/ WebKit team proposal aims to improve the security of one-time passcodes sent to users via SMS.

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

An Emotet campaign hits the United Nations

www.pandasecurity.com/mediacenter/news/emotet-united-nations/

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

threatpost.com/dell-hp-memory-access-bugskernel-privileges/152369/ The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.

Forensics detective says Android phones are now harder to crack than iPhones

www.androidauthority.com/android-encryption-forensics-1078668/

You might be interested in …

Daily NCSC-FI news followup 2020-03-01

Switzerland files criminal complaint over Crypto spying scandal www.reuters.com/article/us-swiss-spying-crypto/switzerland-files-criminal-complaint-over-crypto-spying-scandal-idUSKBN20O1VD The Swiss government has filed a criminal complaint over the U.S. Central Intelligence Agencys alleged use of a cryptography company as a front to spy on various governments secret communications, the Swiss attorney generals office said on Sunday.. The complaint against persons unknown for alleged breaches […]

Read More

Daily NCSC-FI news followup 2020-11-22

Manchester United Shuts Down Systems To Fend Off A Sophisticated Cyber Attack www.forbes.com/sites/leemathews/2020/11/21/manchester-united-shuts-down-systems-to-fend-off-a-sophisticated-cyber-attack/?sh=2759d59b4b60 Its not often that you find cybersecurity headlines on sports websites, but you will this weekend. Manchester United, the third most valuable soccer team in the world, announced yesterday that its network had been breached by hackers.

Read More

Daily NCSC-FI news followup 2020-12-07

KRP: Tässä ovat Vastaamo-kiristyksen päätutkintalinjat www.is.fi/digitoday/tietoturva/art-2000007666543.html Keskusrikospoliisi käy yhä läpi valtavia datamääriä, joista etsitään Vastaamo-kiristäjän jättämiä jälkiä. KRP saa edelleen arvokkaita vihjeitä yleisöltä. Tutkintalinjoja on useita, ja niiden määrä vaihtelee uusien löydösten myötä. Päätutkintalinjat ovat itse tietomurron ja kiristäjän yhteys sekä Vastaamon kiristäjän ja yksittäisten uhrien kiristäjän yhteys. Vapaaehtoiset tietoturva-asiantuntijat, valkohattuhakkerit sekä monet yritykset ovat […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.