Daily NCSC-FI news followup 2020-02-22

Slickwraps Data Breach Exposes Financial and Customer Info

www.bleepingcomputer.com/news/security/slickwraps-data-breach-exposes-financial-and-customer-info/ Slickwraps has suffered a data breach after a security researcher was able to access their systems and after receiving no response to emails, publicly disclosed how they gained access to the site and the data that was exposed.. Slickwraps is a mobile device case retailer who sells a large assortment of premade cases and custom cases from images uploaded by customers.

Android Malware: Joker Still Fools Google’s Defense, New Clicker Found

www.bleepingcomputer.com/news/security/android-malware-joker-still-fools-googles-defense-new-clicker-found/ Joker malware that subscribes Android users to premium services without consent is giving Google a hard time as new samples constantly bypass scrutiny and end up in Play Store.

WhatsApp Phishing URLs Skyrocket With Over 13,000% Surge

www.bleepingcomputer.com/news/security/whatsapp-phishing-urls-skyrocket-with-over-13-000-percent-surge/

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months

www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/

The Linux Foundation identifies most important open-source software components and their problems

www.zdnet.com/article/the-linux-foundation-identifies-the-most-important-open-source-software-components-and-their-problems/ In its latest study, the Linux Foundation’s Core Infrastructure Initiative discovered just how prevalent open-source components are in all software and their shared problems and vulnerabilities.

Threat spotlight: RobbinHood ransomware takes the drivers seat

blog.malwarebytes.com/threat-spotlight/2020/02/threat-spotlight-robbinhood-ransomware-takes-the-drivers-seat/ Despite their name, the RobbinHood cybercriminal gang is not stealing from the rich to give to the poor. Instead, these ransomware developers are more like big game huntersattacking enterprise organizations and critical infrastructure and keeping all the spoils for themselves.

Google to put a muzzle on Android apps accessing location data in the background

www.zdnet.com/article/google-to-put-a-muzzle-on-android-apps-accessing-location-data-in-the-background/ Google has announced this week plans to crack down on Android apps that abuse the OS permissions system and request access to user geo-location data when the app is not in use.. Starting with May, the OS maker plans to show warnings in the Play Store backend to all Android app developers about the need to update their apps.

ObliqueRAT linked to threat group launching attacks against government targets

www.zdnet.com/article/new-obliquerat-malware-linked-to-crimsonrat-group-striking-government-targets/ The new Trojan is attacking organizations across Southeast Asia.

You might be interested in …

Daily NCSC-FI news followup 2020-07-24

Garmin outage caused by confirmed WastedLocker ransomware attack www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/ Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Lisäksi www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/ ja www.forbes.com/sites/leemathews/2020/07/23/garmins-alleged-ransomware-wastedlocker-evil-corp/ ja thehackernews.com/2020/07/garmin-ransomware-attack.html ja threatpost.com/garmin-suffers-ransomware-attack/157698/ Poliisi varoittaa Microsoft huijaussoitoista […]

Read More

Daily NCSC-FI news followup 2019-09-17

Calling all breakers & builders: BlueHat Seattle registration is open! msrc-blog.microsoft.com/2019/09/16/calling-all-breakers-builders-bluehat-seattle-registration-is-open/ Exciting changes are coming to BlueHat Seattle 2019! If youd like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register. . Wait, isnt BlueHat invitation-only? It isbut if we […]

Read More

Daily NCSC-FI news followup 2021-02-24

Haavoittuvuuksia VMwaren tuotteissa – päivitä heti www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti VMware julkaisi päivityksiä, jotka tulisi asentaa välittömästi. Haavoittuvuudet mahdollistavat esimerkiksi etänä suoritettavat komennot sekä mielivaltaisen ohjelmakoodin suorittamisen. Kriittinen haavoittuvuus CVE-2021-21972 koskee VMware vCenter Server – -hallinta-alustaa, joka mahdollistaa etänä suoritettavien komentojen suorittamisen. Julkaistu vakava haavoittuvuus CVE-2021-21974 koskee ESXi OpenSLP -puskurin ylivuotoa. Google funds Linux maintainers to boost Linux […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.