Daily NCSC-FI news followup 2020-04-03

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/ For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.

A Quick Look at the Confidentiality of Zoom Meetings

citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has rolled their own encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zooms infrastructure, including observing the transmission of meeting encryption keys through China.

Europol report on cybercrime and disinformation amid the COVID-19 pandemic

www.europol.europa.eu/newsroom/news/catching-virus During the COVID-19 pandemic, criminals have been quick to seize opportunities to exploit the crisis by adapting their modi operandi and engaging in new criminal activities. Cybercriminals have been among the most adept at exploiting the pandemic. The threat from cybercrime activities during the crisis is dynamic and has the potential to increase further. With a record number of potential victims . staying at home and using online services across the EU, the ways for cybercriminals seeking to exploit emerging opportunities and vulnerabilities have multiplied.. Report at

www.europol.europa.eu/sites/default/files/documents/catching_the_virus_cybercrime_disinformation_and_the_covid-19_pandemic_0.pdf

Thousands of Zoom video calls left exposed on open Web

www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/ The problem is not exclusive to Zoom video or Amazon storage. But in designing their service, Zooms engineers bypassed some common security features of other video-chat programs, such as requiring people to use a unique file name before saving their own clips. That style of operating simplicity has powered Zoom to become the most popular video-chat application in the United States, but it has . also frustrated some security researchers who believe such shortcuts can leave users more vulnerable to hacks or abuse.

Supo: Poikkeusolojen pitkittyminen voi lisätä kansallisen turvallisuuden uhkia myös etätyö aiheuttaa oman riskinsä

yle.fi/uutiset/3-11288420?origin=rss Supo harvoin ohjeistaa suoraan kansalaisia, mutta koronavirustilanteen keskellä se lähettää terveiset kotikonttoreille. Nyt olisi hyvä aika muistaa tietoturva.

Poikkeuksellisen taitavat huijarit vaativat Postin nimissä valemaksuja lasku voi tulla aitoon viestiketjuun

yle.fi/uutiset/3-11290792?origin=rss Tekstiviestihuijaus voi tulla puhelimeen samaan viestiketjuun ja ikään kuin samalta lähettäjältä kuin aidot saapumisilmoitusviestit.

Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls

www.eff.org/deeplinks/2020/04/harden-your-zoom-settings-protect-your-privacy-and-avoid-trolls In the meantime, take these steps to harden your Zoom privacy settings and protect your meetings from Zoombombing trolls. The settings below are all separate, which means you dont need to change them all, and you dont need to change them in any particular order. Consider which settings make sense for you and the groups you communicate with, and do your best to make sure meeting . organizers and participants are on the same page about settings and shared expectations.

You might be interested in …

Daily NCSC-FI news followup 2020-11-06

Update Your iOS Devices Now 3 Actively Exploited 0-Days Discovered thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges. Lisäksi: support.apple.com/en-us/HT201222. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/06/apple-releases-security-updates-multiple-products. Lisäksi: threatpost.com/apple-patches-bugs-zero-days/161010/. Lisäksi: www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild. […]

Read More

Daily NCSC-FI news followup 2021-03-29

Channel Nine cyber-attack disrupts live broadcasts in Australia www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also: www.smh.com.au/technology/nine-cyber-attack-has-all-the-hallmarks-of-ransomware-without-the-ransom-20210329-p57eum.html Docker Hub images downloaded 20M times […]

Read More

Daily NCSC-FI news followup 2021-04-14

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.. see […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.