Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-04-03

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/ For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.

A Quick Look at the Confidentiality of Zoom Meetings

citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has rolled their own encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zooms infrastructure, including observing the transmission of meeting encryption keys through China.

Europol report on cybercrime and disinformation amid the COVID-19 pandemic

www.europol.europa.eu/newsroom/news/catching-virus During the COVID-19 pandemic, criminals have been quick to seize opportunities to exploit the crisis by adapting their modi operandi and engaging in new criminal activities. Cybercriminals have been among the most adept at exploiting the pandemic. The threat from cybercrime activities during the crisis is dynamic and has the potential to increase further. With a record number of potential victims . staying at home and using online services across the EU, the ways for cybercriminals seeking to exploit emerging opportunities and vulnerabilities have multiplied.. Report at

www.europol.europa.eu/sites/default/files/documents/catching_the_virus_cybercrime_disinformation_and_the_covid-19_pandemic_0.pdf

Thousands of Zoom video calls left exposed on open Web

www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/ The problem is not exclusive to Zoom video or Amazon storage. But in designing their service, Zooms engineers bypassed some common security features of other video-chat programs, such as requiring people to use a unique file name before saving their own clips. That style of operating simplicity has powered Zoom to become the most popular video-chat application in the United States, but it has . also frustrated some security researchers who believe such shortcuts can leave users more vulnerable to hacks or abuse.

Supo: Poikkeusolojen pitkittyminen voi lisätä kansallisen turvallisuuden uhkia myös etätyö aiheuttaa oman riskinsä

yle.fi/uutiset/3-11288420?origin=rss Supo harvoin ohjeistaa suoraan kansalaisia, mutta koronavirustilanteen keskellä se lähettää terveiset kotikonttoreille. Nyt olisi hyvä aika muistaa tietoturva.

Poikkeuksellisen taitavat huijarit vaativat Postin nimissä valemaksuja lasku voi tulla aitoon viestiketjuun

yle.fi/uutiset/3-11290792?origin=rss Tekstiviestihuijaus voi tulla puhelimeen samaan viestiketjuun ja ikään kuin samalta lähettäjältä kuin aidot saapumisilmoitusviestit.

Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls

www.eff.org/deeplinks/2020/04/harden-your-zoom-settings-protect-your-privacy-and-avoid-trolls In the meantime, take these steps to harden your Zoom privacy settings and protect your meetings from Zoombombing trolls. The settings below are all separate, which means you dont need to change them all, and you dont need to change them in any particular order. Consider which settings make sense for you and the groups you communicate with, and do your best to make sure meeting . organizers and participants are on the same page about settings and shared expectations.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.