Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack

www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name Servers (DNS) used to route your traffic online are experiencing a cyber attack, known as a Denial of Service (DoS),” Telstra said on Twitter just before noon.

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen

www.tivi.fi/uutiset/merenkulun-kyberiskut-rajahtavat-kasiin-eika-virustorjunta-auta-kiristyskeinona-voi-olla-rahtioljyn-vuodatus-mereen/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä rikotaan taas ennätyksiä, israelilainen merialan tietoturvaan erikoistunut Naval Dome varoittaa.

Havenly discloses data breach after 1.3M accounts leaked online

www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/ Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. Havenly is an online interior design and home decoration site where users can get help designing a room in their house from certified designers. Last week, BleepingComputer reported that the ShinyHunters hacking group had leaked the databases for 18 companies on a hacker forum for free. These databases contained a combined total of 386 million user records.

Incognito Mode May Not Work the Way You Think It Does

www.wired.com/story/incognito-mode-explainer/ NO MATTER WHICH browser you preferChrome, Firefox, Edge, Safari, Opera, or any of the othersit will almost certainly offer an incognito or private mode, one which ostensibly keeps your web browsing secret. (Google Chrome still shows a hat-and-glasses icon when you go incognito, as if you’re now in disguise.). Incognito or private mode does indeed keep certain aspects of your browsing private, but it’s important to be aware of what it hides and erases from your computer or phone and what it doesn’t.

Microsoft has the highest rate of zero-days detected in the wild, but not all is as it seems

portswigger.net/daily-swig/microsoft-has-the-highest-rate-of-zero-days-detected-in-the-wild-but-not-all-is-as-it-seems When zero-day vulnerabilities are discovered, direct disclosure to vendors usually results in rapid patch development. However, not every hacker wears a white hat, and in some cases, security flaws may be actively exploited for criminal or financial gain. Alternatively, as in the case of the US National Security Agencys Eternal Blue exploit, these high-value, unpatched vulnerabilities may be reserved for government surveillance and other covert purposes.

You might be interested in …

Daily NCSC-FI news followup 2020-07-06

U.K. Set to Start Huawei 5G Phase-Out as Soon as This Year www.bloomberg.com/news/articles/2020-07-05/u-k-prepares-to-start-huawei-5g-phase-out-as-soon-as-this-year Prime Minister Boris Johnson is preparing to begin phasing out the use of Huawei Technologies Co. equipment in the U.K.s 5G telecoms network as soon as this year, a person familiar with the matter said. OVER 1,800 F5 BIG-IP ENDPOINTS VULNERABLE TO […]

Read More

Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also: www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and Microsoft Phishing Attack Uses Google Redirects to Evade Detection www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign […]

Read More

Daily NCSC-FI news followup 2020-03-24

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.