Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices

blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating system backdoor accounts, and even creating a specific Malicious Web Session

Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers

www.bloomberg.com/news/features/2020-03-27/bosses-panic-buy-spy-software-to-keep-tabs-on-remote-workers We have seen individuals taking unfair advantage of flexible work arrangements by essentially taking vacations, Gregory Garrabrants, the online banks chief executive officer, wrote in the March 16 message reviewed by Bloomberg News. If daily tasks arent completed, workers will be subject to disciplinary action, up to and including termination.

Quantum entanglement breakthrough could boost encryption, secure communications

www.zdnet.com/article/quantum-entanglement-breakthrough-could-boost-encryption-secure-communications/ A team of researchers has published details of a new way to reliably create particles that are well-suited to use in quantum communications, which could lead to the unhackable communication protocols that have long been pitched as one of the most useful applications of the technology.

Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’

www.theregister.co.uk/2020/03/27/doc_searls_zoom_privacy/ Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.. And he concluded: “Zoom is in the advertising business, and in the worst end of it: the one that lives off harvested personal data.

China and Huawei propose reinvention of the internet

www.ft.com/content/c78be2cf-a1a1-40b1-8ab7-904d7095e0f2 China has suggested a radical change to the way the internet works to the UN, in a proposal that claims to enable cutting-edge technologies such as holograms and self-driving cars but which critics say will also bake authoritarianism into the architecture underpinning the web.

You might be interested in …

Daily NCSC-FI news followup 2019-09-15

Attack Landscape H1 2019: IoT, SMB traffic abound blog.f-secure.com/attack-landscape-h1-2019-iot-smb-traffic-abound/ To no ones surprise, internet of things (IoT) device insecurity has emerged as a top concern and top driver of internet attack traffic in the first half of 2019. According to our new report, Attack Landscape H1 2019, which details traffic measured by F-Secures global network […]

Read More

Daily NCSC-FI news followup 2020-10-03

Kyberturvallisuuden superkuukausi on täällä taas! www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuden-superkuukausi-taalla-taas Lokakuussa kyberturvallisuus saa siivet, kun Euroopan kyberturvallisuuskuukausi, European Cyber Security Month taas alkaa. Eurooppalainen kyberin yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Kampanja on tarkoitettu meille kaikille. Laitetaan yhdessä kyberturvallisuuden perustaidot kuntoon! CERT-SE Challenge 2020 – Will you accept our challenge? cert.se/2020/09/cert-se-challenge-2020 CERT-SE kicks the cybersecurity month off with […]

Read More

Daily NCSC-FI news followup 2021-08-17

BadAlloc Vulnerability Affecting BlackBerry QNX RTOS us-cert.cisa.gov/ncas/alerts/aa21-229a On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerabilityCVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. myös: www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_24/2021 Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Today, Mandiant disclosed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.