Daily NCSC-FI news followup 2020-03-28

Two zero days are Targeting DrayTek Broadband CPE Devices

blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ rom December 4, 2019, 360Netlab Threat Detection System has observed two different attack groups using two 0-day vulnerabilities of DrayTek[1] Vigor enterprise routers and switch devices to conduct a series of attacks, including eavesdropping on devices network traffic, running SSH services on high ports, creating system backdoor accounts, and even creating a specific Malicious Web Session

Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers

www.bloomberg.com/news/features/2020-03-27/bosses-panic-buy-spy-software-to-keep-tabs-on-remote-workers We have seen individuals taking unfair advantage of flexible work arrangements by essentially taking vacations, Gregory Garrabrants, the online banks chief executive officer, wrote in the March 16 message reviewed by Bloomberg News. If daily tasks arent completed, workers will be subject to disciplinary action, up to and including termination.

Quantum entanglement breakthrough could boost encryption, secure communications

www.zdnet.com/article/quantum-entanglement-breakthrough-could-boost-encryption-secure-communications/ A team of researchers has published details of a new way to reliably create particles that are well-suited to use in quantum communications, which could lead to the unhackable communication protocols that have long been pitched as one of the most useful applications of the technology.

Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’

www.theregister.co.uk/2020/03/27/doc_searls_zoom_privacy/ Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.. And he concluded: “Zoom is in the advertising business, and in the worst end of it: the one that lives off harvested personal data.

China and Huawei propose reinvention of the internet

www.ft.com/content/c78be2cf-a1a1-40b1-8ab7-904d7095e0f2 China has suggested a radical change to the way the internet works to the UN, in a proposal that claims to enable cutting-edge technologies such as holograms and self-driving cars but which critics say will also bake authoritarianism into the architecture underpinning the web.

You might be interested in …

Daily NCSC-FI news followup 2019-11-10

Tällaisilla viesteillä suomalaisilta yrityksiltä kalastellaan rahaa katso, olisitko itse haksahtanut yle.fi/uutiset/3-11026269?origin=rss Tässä jutussa näet esimerkkejä aidoista työpaikoille tulevista huijausviesteistä. The state of JavaScript frameworks security report 2019 snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf A security review of Angular and React with a sneak peek into Vue.js, Bootstrap and jQuery. Also www.i-programmer.info/news/167-javascript/13232-the-perils-of-jquery.html. ” Although the JavaScript library jQuery is no longer […]

Read More

Daily NCSC-FI news followup 2021-03-14

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone www.bleepingcomputer.com/news/security/new-poc-for-microsoft-exchange-bugs-puts-attacks-in-reach-of-anyone/ A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities. Will Dorman, a Vulnerability Analyst at the CERT/CC, tested the vulnerability on […]

Read More

Daily NCSC-FI news followup 2020-04-08

COVID-19 Exploited by Malicious Cyber Actors www.us-cert.gov/ncas/alerts/aa20-099a This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.. This is a joint alert from the United […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.