Daily NCSC-FI news followup 2020-07-15

Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans – starting September 1, 2020

rootdaemon.com/2020/07/14/mozilla-joins-apple-google-in-reducing-tls-certificate-lifespans/ Currently, SSL/TLS certificates have a maximum lifespan of 825 days, but, in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days.

The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?

threatpost.com/riskrecon-the-tls-1-2-deadline-is-looming-do-you-have-your-act-together/157296/ The biggest standards bodies and regulators, including IETF, NIST, and the PCI Security Standards Council, mandate that operators of web servers ensure that they’re using the most up-to-date version of the protocol, TLS 1.2 before the end of 2020. The good news is that the report concluded that the vast majority of the internet is now running TLS 1.2. Only about 2.2% of web hosts don’t support it.

Report: CIA most likely behind APT34 and FSB hacks and data dumps

www.zdnet.com/article/report-cia-most-likely-behind-apt34-and-fsb-hacks-and-data-dumps/ In 2018, US President Trump gave the CIA more powers to carry out covert cyber operations resulting in several hacks and data dumps from Iranian and Russian spy agencies.

A hacker is selling details of 142 million MGM hotel guests on the dark web

www.zdnet.com/article/a-hacker-is-selling-details-of-142-million-mgm-hotel-guests-on-the-dark-web/ The MGM Resorts 2019 data breach is much larger than initially reported, and is now believed to have impacted more than 142 million hotel guests, and not just the 10.6 million that ZDNet initially reported back in February 2020.

You might be interested in …

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More

Daily NCSC-FI news followup 2019-08-25

Kiristyshaittaohjelmat pistävät kaupunkien sisun koetukselle ympäri Amerikkaa www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html Android 10 julkaisu tulee korjaamaan melkein kaksisataa tietoturvaongelmaa. www.forbes.com/sites/daveywinder/2019/08/23/android-10-google-confirms-193-security-vulnerabilities-need-fixing/ Hostinger: Jopa 14 miljoonaa asiakasta tietomurron uhrina. Salasanat vaihdettu turvatoimena. www.hostinger.com/blog/security-incident-what-you-need-to-know/ Webmin liittyy Pulse Securen ja Fortigaten joukkoon, kun rikolliset aktiivisesti yrittävät hyväksikäyttää viimeaikaisia tietoturvahaavoittuvuuksia. www.zdnet.com/article/hackers-mount-attacks-on-webmin-servers-pulse-secure-and-fortinet-vpns/ Tekninen analyysi APT34 (OilRig, CobaltGypsy) TwoFace webshell – -työkalusta. www.emanueledelucia.net/a-dive-into-apt34-aka-oilrig-aka-cobalt-gypsy-twoface-webshell/

Read More

Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS. 8 U.S. City Websites Targeted in Magecart Attacks threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. Admin of carding portal behind $568M […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.