Daily NCSC-FI news followup 2020-08-02

Telstra DNS falls over after denial of service attack

www.zdnet.com/article/telstra-dns-falls-over-after-denial-of-service-attack/ Customers with Telstra’s default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the telco was facing a denial of service attack. The attack kicked off some time before 10:30am on the Australian east coast. Some of our Domain Name Servers (DNS) used to route your traffic online are experiencing a cyber attack, known as a Denial of Service (DoS),” Telstra said on Twitter just before noon.

Merenkulun kyberiskut räjähtävät käsiin, eikä virustorjunta auta kiristyskeinona voi olla rahtiöljyn vuodatus mereen

www.tivi.fi/uutiset/merenkulun-kyberiskut-rajahtavat-kasiin-eika-virustorjunta-auta-kiristyskeinona-voi-olla-rahtioljyn-vuodatus-mereen/59eb2925-2fb9-4fdf-bafc-da96eaca6b18 Merenkulun operatiiviset järjestelmät ovat nopeasti nousseet kyberrikollisten muotikohteiksi. Osa alan yrityksistä tuudittautuu väärän turvallisuuden tunteeseen sen sijasta, että opittaisiin suojaamaan edes oikeita kohteita. Satamissa ja varustamoissa tietoturvatapausten määrä on vuodesta 2017 lähtien kivunnut huikeat 900 prosenttia. Vuoden loppuun mennessä rikotaan taas ennätyksiä, israelilainen merialan tietoturvaan erikoistunut Naval Dome varoittaa.

Havenly discloses data breach after 1.3M accounts leaked online

www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/ Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. Havenly is an online interior design and home decoration site where users can get help designing a room in their house from certified designers. Last week, BleepingComputer reported that the ShinyHunters hacking group had leaked the databases for 18 companies on a hacker forum for free. These databases contained a combined total of 386 million user records.

Incognito Mode May Not Work the Way You Think It Does

www.wired.com/story/incognito-mode-explainer/ NO MATTER WHICH browser you preferChrome, Firefox, Edge, Safari, Opera, or any of the othersit will almost certainly offer an incognito or private mode, one which ostensibly keeps your web browsing secret. (Google Chrome still shows a hat-and-glasses icon when you go incognito, as if you’re now in disguise.). Incognito or private mode does indeed keep certain aspects of your browsing private, but it’s important to be aware of what it hides and erases from your computer or phone and what it doesn’t.

Microsoft has the highest rate of zero-days detected in the wild, but not all is as it seems

portswigger.net/daily-swig/microsoft-has-the-highest-rate-of-zero-days-detected-in-the-wild-but-not-all-is-as-it-seems When zero-day vulnerabilities are discovered, direct disclosure to vendors usually results in rapid patch development. However, not every hacker wears a white hat, and in some cases, security flaws may be actively exploited for criminal or financial gain. Alternatively, as in the case of the US National Security Agencys Eternal Blue exploit, these high-value, unpatched vulnerabilities may be reserved for government surveillance and other covert purposes.

You might be interested in …

Daily NCSC-FI news followup 2021-05-11

Companies 5 Million Personal identifiable information records detected on an AWS service due to misconception of users blog.checkpoint.com/2021/05/11/companies-5-million-personal-identifiable-information-records-detected-on-an-aws-service-due-to-misconception-of-users/ CPR was able to detect personal records in Amazon Web Services (AWS). By analyzing and enumerating public AWS Systems Manager (SSM) documents, CPR retrieved over five million personally identifiable information records and credit card transactions of companies, […]

Read More

Daily NCSC-FI news followup 2019-12-12

Hackers in Finland Test 5G Networks, Devices in Security Exercise www.wsj.com/articles/hackers-in-finland-test-5g-networks-devices-in-security-exercise-11576146601 We understand better how we need to change our approach from 4G to 5G, says government official. Read also: www.synopsys.com/blogs/software-security/5g-cyber-security-hackathon/, www.tivi.fi/uutiset/tv/32850776-f76d-4bdd-91af-445d5e3efefa and www.oulu.fi/yliopisto/uutiset/5ghack Microsoft details the most clever phishing techniques it saw in 2019 www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/ Earlier this month, Microsoft released a report on this […]

Read More

Daily NCSC-FI news followup 2019-11-02

Yhdysvallat tutkii TikTok-videosovellusta “Se on vastavakoilu-uhka” yle.fi/uutiset/3-11048631 Yhdysvaltalaissenaattorien mukaan yrityst voitaisiin pakottaa jakamaan tietoja kiinalaisten tiedusteluelinten kanssa. Yhdysvaltain hallinto on alkanut tutkia kiinalaisomisteista TikTok-videosovellusta, kertoi New York Times (siirryt toiseen palveluun)perjantaina. Tutkinnan on mr selvitt, onko sovellus lhettnyt tietoja Kiinaan, kertoo lehti nimettmiin lhteisiin viitaten. Yhdysvaltalaissenaattorit ovat vaatineet selvityst sovelluksesta jo viime kuussa. TikTok on […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.