Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery

www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing people to let them access their computer to fix a “detected” issue. Once the scammers gain access to the computer, though, they would use the Windows Syskey program to lock the user out of Windows with a password unless they paid for the “support” call.

Windows 7 bug prevents users from shutting down or rebooting computers

www.zdnet.com/article/windows-7-bug-prevents-users-from-shutting-down-or-rebooting-computers/ A weird bug of unknown origins has been hitting Windows 7 computers this week, according to multiple reports online. Windows 7 users have been reporting that they are receiving a popup message that reads “You don’t have permission to shut down this computer” every time they attempt to shut down or reboot their systems.

Security in 2020: Revisited

www.schneier.com/blog/archives/2020/02/security_in_202_1.html Ten years ago, I wrote an essay: “Security in 2020.” Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then…

Cybersecurity Priorities Are A Matter Of Perspective

www.forbes.com/sites/tonybradley/2020/02/05/cybersecurity-priorities-are-a-matter-of-perspective/ Youre probably familiar with the phrase, When all you have is a hammer, every problem looks like a nail. That phraseor variations on itare frequently used to describe how teams or individuals often have a myopic approach to addressing challenges based on their unique perspectives and skill sets. The problem is illustrated in a recent report that highlights issues organizations face when it comes to cybersecurity and compliance.

Massive DDoS attack brought down 25% Iranian Internet connectivity

securityaffairs.co/wordpress/97559/breaking-news/iran-internet-access-outage.html Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The NetBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the countrys connectivity to the Internet.. Also:

www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/

Apple iCloud Credential Stealing

www.secjuice.com/apple-icloud-credential-stealing/ In August 2019 I found a vulnerability in Apples iOS (CVE-2020-3841) during a Red Team Assessment. We were trying to lure users into entering their credentials in a Wi-Fi Phishing Attack. In this case iOS/Safari (macOS was also affected) helped us with it’s AutoFill features. It turned out to be somewhat buggy, but let’s have a quick look how and why it worked, and how we exploited it.

You might be interested in …

Daily NCSC-FI news followup 2020-03-14

Etätyö kaatoi valtion salatun verkkoyhteyden työntekijöiltä estetään Facebookiin pääsy ensi viikolla yle.fi/uutiset/3-11255717 Moni työpaikka kehottaa nyt tekemään etätöitä koronaviruksen leviämisen estämiseksi. Salattuja eli VPN-verkkoyhteyksiä ei ole kuitenkaan suunniteltu siten, että suurin osa työntekijöistä olisi etätöissä. Silloin ne saattavat kaatua. Kapasiteettia kuormittaa käyttäjämäärän lisäksi se, mitä käyttäjät tekevät verkossa. Esimerkiksi videoiden katsominen kuormittaa verkkoa. Keskisuurissa ja […]

Read More

Daily NCSC-FI news followup 2019-12-11

How we turned 5G into 5k medium.com/sensorfu/how-we-turned-5g-into-5k-a8636b549248 Hacking is a good way to learn and hackathons are a great place to learn with other like-minded people. And that was exactly what we had in mind when we invited our friends and signed in as a team to the first 5G hackathon in the world. We […]

Read More

Daily NCSC-FI news followup 2020-07-03

New Apple macOS Big Sur feature to hamper adware operations www.zdnet.com/article/new-apple-macos-big-sur-feature-to-hamper-adware-operations/#ftag=RSSbaffb68 Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs. Windows 10: Microsoft Defender ATP now rates your security configurations www.zdnet.com/article/windows-10-microsoft-defender-atp-now-rates-your-security-configurations/#ftag=RSSbaffb68 New Microsoft Defender ATP service will […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.