Daily NCSC-FI news followup 2020-02-02

Firefox now shows what telemetry data it’s collecting about you

www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you/ Users can no go to about:telemetry and see what Mozilla is collecting about their Firefox installs.

Poliisin ohje Nivalan Nuorisoseuran täydelle salille ikäihmisiä, miten pitää rahat ja omaisuus varkailta suojassa: “Jos Töllin Keijo soittaa teille, älkää antako tunnuslukua.”

www.nivala-lehti.fi/uutinen/588218 Kun sosiaalisessa mediassa kuitenkin ollaan, niin ei ole syytä kertoa sitäkään, että naapuri on reissussa. Seppälä antoi muutenkin hyviä neuvoja, mitä sosiaaliseen mediaan ei kannata laittaa. Jos lataa kuvia, niissä ei kannata esitellä omaisuutta.

Bouygues Construction joutui kiristyshaittaohjelman uhriksi

www.bouygues.com/wp-content/uploads/2020/01/prbouyguesconstructioncyberattack01-31-2020-pdf.pdf

Hakkeri käräytti Messin ja Ronaldon veronkierrosta, mutta isoin paljastus liittyi Afrikan rikkaimpaan naiseen Nyt Rui Pinto odottaa tuomiota vankeudessa

www.hs.fi/ulkomaat/art-2000006392763.html Portugalilainen hakkeri Rui Pinto oli mukana paljastamassa Lionel Messiä ja Cristiano Ronaldoa veronkierrosta. Tammikuussa hakkerille luettiin syytteet yhteensä 90 rikosepäilystä, muun muassa yksityisyyden suojan rikkomisesta, tietomurroista ja kiristyksen yrityksestä.

Pirated Software is All Fun and Games Until Your Data’s Stolen

www.bleepingcomputer.com/news/security/pirated-software-is-all-fun-and-games-until-your-data-s-stolen/ It may be tempting to try to download the latest games or applications for free, but doing so will ultimately land you in a hotbed of trouble as your computer becomes infected with adware, ransomware, and password-stealing Trojans.

Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break

www.bleepingcomputer.com/news/security/tech-support-scam-hitting-microsoft-edge-start-page-takes-a-break/ A sophisticated browser locker campaign that ran on high-profile pages, like Microsoft Edge’s home or popular tech sites, was deactivated this week after in-depth research was published. The actors behind it used a compromised an ad content supplier for top-tier distribution and combined targeted traffic filtering with steganography. This mix allowed the operation to survive for at least two years, bringing victims to a tech support scam page and threat researchers to a dead end as they scratched their heads about how the redirect to the fake malware reporting page happened.

Jäikö Gmailisi auki vieraalle koneelle? Näin suljet sen etänä

www.is.fi/digitoday/art-2000006391076.html Avaa Gmail jollakin tietokoneella. Vieritä Gmailin etusivu pohjaan saakka, ja paina oikean alakulman Tiedot-linkkiä. Se vie sivulle, jossa kerrotaan toiminnasta tällä tilillä. Siellä on myös nappi nimeltä Kirjaudu ulos kaikista muista Gmail-verkkoistunnoista. Paina sitä, niin olet valmis.

Weekend Vulnerability and Patch Report, February 3, 2020

citadel-information.com/2020/02/weekend-vulnerability-and-patch-report-february-3-2020/

Hackers are hijacking smart building access systems to launch DDoS attacks

www.zdnet.com/article/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/ More than 2, 300 building access systems can be hijacked due to a severe vulnerability left without a fix. Hackers are actively searching the internet and hijacking smart door/building access control systems, which they are using to launch DDoS attacks, according to firewall company SonicWall. The attacks are targeting Linear eMerge E3, a product of Nortek Security & Control (NSC).

You might be interested in …

Daily NCSC-FI news followup 2020-06-22

Google Analytics as a data exfiltration channel www.kaspersky.com/blog/web-skimming-with-ga/35986/ Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Lets explore why this is dangerous and how […]

Read More

Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and […]

Read More

Daily NCSC-FI news followup 2020-06-21

Ransomware operators lurk on your network after their attack www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won’t get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.