Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit

www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also

www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa

US aerospace services provider breached by Maze Ransomware

www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company’s compromised devices in April 2020.

Fitness Depot hit by data breach after ISP fails to ‘activate the antivirus’

www.bleepingcomputer.com/news/security/fitness-depot-hit-by-data-breach-after-isp-fails-to-activate-the-antivirus/ Canadian retailer Fitness Depot announced customers that their personal and financial information was stolen following a breach that affected the company’s e-commerce platform last month.

Apple publishes free resources to improve password security

www.zdnet.com/article/apple-publishes-free-resources-to-improve-password-security/ The new tools are meant to help the developers of password managers and Apple hopes the tools will reduce the instances where users chose their own password rather than rely on the password manager.

Digiloikka kasvattaa kyberrikollisuuden riskiä Hakkerit ovat taitavia kansainvälisiä rikollisia

www.tivi.fi/uutiset/tv/a4a56b3f-c98f-42fa-91d0-d3772be7bfdc Korona-aika ja kesälomakausi lisäävät riskiä, uskoo MySafetyn toimitusjohtaja Niclas Fagerlund.

ZEE5 allegedly hacked by ‘Korean hackers’, customer info at risk

www.bleepingcomputer.com/news/security/zee5-allegedly-hacked-by-korean-hackers-customer-info-at-risk/ A hacker identifying themselves as “John Wick” and “Korean Hackers” claim to have breached the systems for Indian media giant ZEE5 and are threatening to sell the database on criminal markets.

You might be interested in …

Daily NCSC-FI news followup 2020-11-30

German users targeted with Gootkit banker or REvil ransomware blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/ On November 23, we received an alert from a partner about a resurgence of Gootkit infections in Germany. Gootkit is a very capable banking Trojan that has been around since 2014 and possesses a number of functionalities such as keystroke or video recording designed to […]

Read More

Daily NCSC-FI news followup 2020-03-04

Are our police forces equipped to deal with modern cybercrimes? blog.malwarebytes.com/opinion/2020/03/are-our-police-forces-equipped-to-deal-with-modern-cybercrimes/ You should have asked for the presence of a digital detective, Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file […]

Read More

Daily NCSC-FI news followup 2019-12-19

How to keep spies off your phone in real life, not the movies www.kaspersky.com/blog/smartphone-spying-protection/31894/ In the new Terminator movie, Sarah Connor puts her phone inside an empty bag of chips to hide her movements from the bad guys. Our recent experiment showed that this method is actually workable (with some provisos): A couple of foil […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.