Daily NCSC-FI news followup 2020-06-01

Postin nimissä käynnissä kolme huijausta, yksi on erityisen häijy – numerostasi lähetetään viestejä

www.is.fi/digitoday/tietoturva/art-2000006523529.html Oikeissa Postin viesteissä ei pääsääntöisesti ole linkkejä. Jos seuraat linkkiä verkkosivulle, tarkista sen osoite osoiteriviltä. Väärien sivujen osoitteet eivät usein muistuta juuri lainkaan aitoa osoitetta. Suhtaudu varauksella kaikkiin viesteihin, joissa sinulta pyydetään maksua tai sinun halutaan kirjautuvan jonnekin pankkitunnuksillasi. Katso myös:

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus

Cisco security breach hits corporate servers that ran unpatched software (Salt stack)

arstechnica.com/information-technology/2020/05/cisco-security-breach-hits-corporate-servers-that-ran-unpatched-software/ Six servers Cisco uses to provide a virtual networking service were compromised by hackers who exploited critical flaws contained in unpatched versions of Salt management framework, the company disclosed on Thursday.

Joomla data breach leaks 2, 700 user records via exposed backups

www.bleepingcomputer.com/news/security/joomla-data-breach-leaks-2-700-user-records-via-exposed-backups/ A Joomla database leak has exposed the personal information, including hashed passwords, of 2, 700 individuals registered on the Joomla Resources Directory (JRD).

REvil ransomware gang publishes ‘Elexon staff’s passports’ after UK electrical middleman shrugs off attack

www.theregister.com/2020/06/01/elexon_ransomware_was_revil_sodinokibi/ It appears the company shrugged off the ransomware attack and simply rebuilt its IT infrastructure from backups, ignoring the criminals’ demands to pay them lots of money. As a response the stolen data was published on REvil’s Tor webpage as a cache of 1, 280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form.

Vulnerability Summary for the Week of May 25, 2020

www.us-cert.gov/ncas/bulletins/sb20-153 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

This Bot Hunts Software Bugs for the Pentagon

www.wired.com/story/bot-hunts-software-bugs-pentagon/ Mayhem emerged from a 2016 government-sponsored contest at a Las Vegas casino hotel. Now it’s used by the military. Other bugs found by Mayhem include one discovered earlier this year in the OpenWRT software used in millions of networking devices.

Office 365 to give detailed info on malicious email attachments

www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/ Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation. “We’re working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Office 365 ATP, ” the new feature’s Microsoft 365 roadmap entry reads.

Here are the new security features in Windows 10 2004

www.bleepingcomputer.com/news/microsoft/here-are-the-new-security-features-in-windows-10-2004/ Windows 10’s May 2020 Update is rolling out to seekers, and it comes with new security features that offer better malware protection, easier logins, and stronger encryption for your wireless connections.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.