Daily NCSC-FI news followup 2020-06-06

Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit

www.bleepingcomputer.com/news/security/windows-10-smbghost-bug-gets-public-proof-of-concept-rce-exploit/ Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).. see also

www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-microsoftin-smbv3-toteutuksessa

US aerospace services provider breached by Maze Ransomware

www.bleepingcomputer.com/news/security/us-aerospace-services-provider-breached-by-maze-ransomware/ The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company’s compromised devices in April 2020.

Fitness Depot hit by data breach after ISP fails to ‘activate the antivirus’

www.bleepingcomputer.com/news/security/fitness-depot-hit-by-data-breach-after-isp-fails-to-activate-the-antivirus/ Canadian retailer Fitness Depot announced customers that their personal and financial information was stolen following a breach that affected the company’s e-commerce platform last month.

Apple publishes free resources to improve password security

www.zdnet.com/article/apple-publishes-free-resources-to-improve-password-security/ The new tools are meant to help the developers of password managers and Apple hopes the tools will reduce the instances where users chose their own password rather than rely on the password manager.

Digiloikka kasvattaa kyberrikollisuuden riskiä Hakkerit ovat taitavia kansainvälisiä rikollisia

www.tivi.fi/uutiset/tv/a4a56b3f-c98f-42fa-91d0-d3772be7bfdc Korona-aika ja kesälomakausi lisäävät riskiä, uskoo MySafetyn toimitusjohtaja Niclas Fagerlund.

ZEE5 allegedly hacked by ‘Korean hackers’, customer info at risk

www.bleepingcomputer.com/news/security/zee5-allegedly-hacked-by-korean-hackers-customer-info-at-risk/ A hacker identifying themselves as “John Wick” and “Korean Hackers” claim to have breached the systems for Indian media giant ZEE5 and are threatening to sell the database on criminal markets.

You might be interested in …

Daily NCSC-FI news followup 2019-09-20

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite www.wired.com/story/air-force-defcon-satellite-hacking/ When the Air Force showed up at the Defcon hacker conference in Las Vegas last month, it didnt come empty-handed. It brought along an F-15 fighter-jet data systemone that security researchers thoroughly dismantled, finding serious vulnerabilities along the way. The USAF was […]

Read More

Daily NCSC-FI news followup 2020-04-11

How Apple and Google Are Enabling Covid-19 Contact-Tracing www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19/ The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy. The Challenge of Proximity Apps For COVID-19 Contact Tracing www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing Around the world, a diverse and growing chorus is calling for the use […]

Read More

Daily NCSC-FI news followup 2019-10-04

COMpfun successor Reductor infects files on the fly to compromise TLS traffic securelist.com/compfun-successor-reductor/93633/ In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the targets network channel and could replace legitimate installers with infected […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.