Daily NCSC-FI news followup 2020-04-26

Hackers are exploiting a Sophos firewall zero-day

www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/ Read also: community.sophos.com/kb/en-us/135412 and

www.theregister.co.uk/2020/04/26/security_roundup_240420/. As well as:

www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/

Reopen Domains: Shut the Front Dorr

www.domaintools.com/resources/blog/reopen-domains-shut-the-front-dorr Update: We noticed that while working on this piece Brian Krebs posted an excellent article on the same. What can we say, but great minds think alike? Since we dug into different pieces we have decided to post as well. Read also:

krebsonsecurity.com/2020/04/whos-behind-the-reopen-domain-surge/. Update: We noticed that while working on this piece Brian Krebs posted an excellent article on the same. What can we say, but great minds think alike? Since we dug into different pieces we have decided to post as well. Read also:

krebsonsecurity.com/2020/04/whos-behind-the-reopen-domain-surge/

How to Child-Proof Your Devices and Apps During Lockdown

www.wired.com/story/child-proof-tech-parental-controls-iphone-netflix-hulu/ Having kids home all the time doesn’t mean they get full run of your devices. Here’s how to keep control.

Free online ‘threat blocker’ launched in Canada as successful COVID-19 scams multiply

www.cbc.ca/news/politics/free-cyber-blocker-cse-1.5542888 Canadian Internet Registration Authority teamed up with spy agency on service to thwart malicious websites. The CIRA Canadian Shield is a free new protected DNS service that prevents Canadians from connecting to malicious websites that might infect their devices and steal their personal information. (Trevor Brine/CBC). Read also:

www.cira.ca/cybersecurity-services/canadian-shield

Yhdysvaltain senaatin julkaisema raportti tukee tiedusteluviranomaisten arviota: Venäjä sekaantui vuoden 2016 presidentinvaaleihin

yle.fi/uutiset/3-11316642

Kiina painosti EU:n disinformaatioyksikköä lieventämään raporttia, joka arvostelee Kiinaa suomalaismeppi Ylelle: “Vakava asia, jos paljastuu todeksi”

yle.fi/uutiset/3-11323531 EU kiistää taipumisen painostukseen. Yhden lehtitiedon mukaan Kiina olisi uhannut EU:ta lääkintätoimitusten katkaisulla.

Yksi laite hajosi, ja pian sadoiltatuhansilta katkesi internet, paketit jäivät automaatteihin ja valtionhallinnon yhteydet pätkivät: Miten se on mahdollista?

www.hs.fi/kotimaa/art-2000006487834.html Telian mukaan ongelma johtui vikaantuneesta reitittimestä, jonka varareititin ei käynnistynyt normaalisti. Kerrannaisvaikutukset ulottuivat laajalle.

Huijausyritykset ovat lisääntyneet koronatilanteen aikana poliisille tullut ilmoituksia huijauksista verkossa ja sen ulkopuolella

yle.fi/uutiset/3-11313981 Poliisille on tullut ilmoituksia huijauksista ja huijausyrityksistä.

Beware of criminals pretending to be WHO

www.who.int/about/communications/cyber-security Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments.

COVIDSafe app

www.health.gov.au/resources/apps-and-tools/covidsafe-app The COVIDSafe app speeds up contacting people exposed to coronavirus (COVID-19). This helps us support and protect you, your friends and family.

Welt: Saksa haluaa Googlen ja Applen mukaan tartuntasovelluksen toimintaan, yhtiöt lupaavat entistä parempaa yksityisyyttä

www.hs.fi/ulkomaat/art-2000006487731.html Kaksi korkea-arvoista saksalaisministeriä linjasi lehdessä sunnuntaina, että suurimpien käyttöjärjestelmäkehittäjien on hyvä olla mukana koronavirusta torjuvan kännykkäsovelluksen kehittämisessä. Linjauksen odotetaan ratkaisevan teknologiakehittäjien yhteisöä vaivanneen riidan.

You might be interested in …

Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2020-05-27

Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to arstechnica.com/information-technology/2020/05/choosing-2fa-authenticator-apps-can-be-hard-ars-did-it-so-you-dont-have-to/ Losing your 2FA codes can be bad. Having backups stolen can be worse. What to do? New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/ Eighteen of the 26 bugs impact Linux. Eleven have […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.