Daily NCSC-FI news followup 2020-05-10

Microsoft adds protection against Reply-All email storms in Office 365

www.zdnet.com/article/microsoft-adds-protection-against-reply-all-email-storms-in-office-365/ Microsoft rolled out this week a new feature to Office 365 customers to help their IT staff detect and stop “Reply-All email storms.”. The term refers to situations when employees use the Reply-All option in mass-mailed emails, such as company-wide notifications.

Sodinokibi ransomware can now encrypt open and locked files

www.bleepingcomputer.com/news/security/sodinokibi-ransomware-can-now-encrypt-open-and-locked-files/ The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim’s files, even those that are opened and locked by another process. Some applications, such as database or mail servers, will lock files that they have open so that other programs cannot modify them. These file locks prevent the data from being corrupted by two processes writing to a file at the same time.

5 common password mistakes you should avoid

www.welivesecurity.com/2020/05/07/5-common-password-mistakes-you-should-avoid/ Typing in a password to access one of the tens or hundreds of services that we use has become such an everyday part of our lives that we rarely give it a second thought. Quite often we try to keep our passwords simple and easy to remember so we can move quickly past logging in and get on with what matters. That is just one of the many mistakes we make when it comes to something that we rely on to secure a part of our digital identity.

Hackers Turned Virginia Government Websites Into Elaborate eBooks Scam Pages

www.vice.com/en_us/article/88947x/hackers-virginia-government-websites-ebooks-scam Hackers hijacked and took over control of two subdomains on the official website of the Virginia state government. For some reason, they then turned the two sites into some sort of eBook scam. The two subdomains, vwn.virginia.gov and crc.virginia.gov had the same content, a list of eBook titles and genres, which redirect to a messy page filled with links to download PDFs.

ChatBooks discloses data breach after data sold on dark web

www.bleepingcomputer.com/news/security/chatbooks-discloses-data-breach-after-data-sold-on-dark-web/ ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyber attack. Data consisting of 15 million user records is now being offered for sale on the dark web. This breach is part of a spree of leaks from a group of hackers that is now selling over 73 million user records from 11 companies.

Nmap Basics – The Security Practitioner’s Swiss Army Knife

isc.sans.edu/forums/diary/Nmap+Basics+The+Security+Practitioners+Swiss+Army+Knife/26104/ To elaborate on Xavier’s and Bojan’s excellent nmap diaries over the last few days, I thought that today might be a good day to go back to basics on nmap and demonstrate why nmap really is a security practitioners swiss army knife and should be in each of our testing toolkits.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.