Daily NCSC-FI news followup 2020-07-13

The NCSC-UK’s Exercise in a Box tool set has been updated to help organisations keep their employees safe while working from home

www.zdnet.com/article/remote-working-this-free-tool-tests-how-good-your-security-really-is/ The ‘Home and Remote Working’ exercise has been added to the NCSC-UK’s Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyber attacks by testing employees with scenarios based around real hacking incidents – and lessons on how to respond.

US Secret Service creates new Cyber Fraud Task Force

www.bleepingcomputer.com/news/security/us-secret-service-creates-new-cyber-fraud-task-force/ CFTF’s main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email compromise (BEC) scams and ransomware attacks to data breaches and the illegal sale of stolen personal information and credit cards on the Internet and the dark web.

Injecting Magecart into Magento Global Config

www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/injecting-magecart-into-magento-global-config/ This attack shows the relative ease in which a Magento system can be compromised to inject malicious JavaScript into web pages.

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Daily NCSC-FI news followup 2021-09-18

Researchers compile list of vulnerabilities abused by ransomware gangs www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/ Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks. All this started with a call to action made by Allan Liska, a member of Recorded Future’s CSIRT, on Twitter over the […]

Daily NCSC-FI news followup 2021-07-07

Out-of-Band (OOB) Security Update available for CVE-2021-34527 msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.. Lisäksi:https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. Lisäksi: msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527. Lisäksi: www.darkreading.com/endpoint/microsoft-releases-emergency-patch-for-printnightmare-flaw. Lisäksi: www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/. […]