Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards

threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.

Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months

www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai and Qbot-based DDoS botnets used in DDoS attacks against targets from all over the world.

New Charges, Sentencing in Satori IoT Botnet Conspiracy

krebsonsecurity.com/2020/06/new-charges-sentencing-in-satori-iot-botnet-conspiracy/ The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks.

Hackers hide credit card stealing script in favicon metadata

www.bleepingcomputer.com/news/security/hackers-hide-credit-card-stealing-scripts-in-favicon-exif-data/ Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection.

New Ransom X Ransomware used in Texas TxDOT cyberattack

www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/ A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises.

Evil Corp blocked from deploying ransomware on 30 major US firms

www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/ The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies.

Chinese bank requires foreign firm to install app with covert backdoor

arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/ A multinational tech company gets schooled in the risks of doing business in China.

Hämärä singaporelaisfirma kerää suomalaisten yhteystietoja harhauttamalla listaa kumppaneikseen nimekkäitä suomalaisyrityksiä

www.is.fi/digitoday/art-2000006553111.html Ihmisille näytetään tällä hetkellä McDonald’sin nimissä mainoksia, joissa heidät houkutellaan kyselysivulle. Tämän jälkeen aukeaa sivu, jossa kysytään vastaajan yhteystietoja “lahjakorttiarvontaan osallistumiseksi”.

Näin Suomen koronasovellus toimii tartuntatautilain väliaikainen muutos hyväksyttiin tänään

yle.fi/uutiset/3-11420551

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

threatpost.com/tiktok-to-stop-clipboard-snooping-after-apple-privacy-feature-exposes-behavior/156945/ App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.

More than 75% of all vulnerabilities reside in indirect dependencies

www.zdnet.com/article/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies/ JavaScript, Ruby, and Java are the ecosystems with most bugs in indirect dependencies.

Best Practices for IoT Security: What Does That Even Mean?

arxiv.org/abs/2004.12179 We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what (generically) “best practice” means, independent of meaningfully identifying specific individual practices. We also find that an overwhelming majority of recommendations (91%) are not actual practices but rather desired outcomes.

Nvidia squashes display driver code execution, information leak bugs

www.zdnet.com/article/nvidia-squashes-display-driver-code-execution-information-leak-bugs/ The vulnerabilities impact both Windows and Linux machines.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.