Daily NCSC-FI news followup 2020-09-05

Suomi ennakoi 5g:n tuomia riskejä – Supo mukana arvioimassa laitteita

www.kauppalehti.fi/uutiset/suomi-ennakoi-5gn-tuomia-riskeja-supo-mukana-arvioimassa-laitteita/15541875-2408-4a72-9f79-7e8f1922ef38 Tuleva lakimuutos mahdollistaa verkoista kansallisesti vaaralliseksi arvioitavien verkkolaitteiden poistamisen. “Tämä on osittain liitoksissa 5g-turvallisuuteen, mutta laissa ei ole tarkoituksena millään tavalla jonkin verkkolaitevalmistajan säänteleminen tai markkinoilta poistaminen. Laki lähtee aivan neutraalista näkökulmasta”, johtaja Jukka-Pekka Juutinen Traficomista kertoo.

Australian Cyber Security Centre (ACSC) releases cyber report 2019-2020

www.cyber.gov.au/acsc/view-all-content/news/new-acsc-report-details-cyber-threats-across-australia The inaugural ACSC Annual Cyber Threat Report: July 2019 to June 2020 has been developed with our law enforcement partners, the Australian Federal Police and the Australian Criminal Intelligence Commission, to provide important information about emerging cyber security and cybercrime threats impacting different sectors of the Australian economy.

ACSC has also developed information to help the community buy and use internet-connected devices securely – such as smart fridges, smart televisions, baby monitors and security cameras

www.cyber.gov.au/acsc/view-all-content/news/advice-users-and-manufacturers-internet-things-devices The Australian Government has released a voluntary Code of Practice to improve the security of the Internet of Things (IoT) in Australia – including everyday devices such as smart fridges, smart televisions, baby monitors and security cameras.

FBI issues second alert about ProLock ransomware stealing data

www.bleepingcomputer.com/news/security/fbi-issues-second-alert-about-prolock-ransomware-stealing-data/ The boost in activity was most likely caused by partnering with the QakBot banking trojan gang which made it a lot easier to gain access to new victims’ networks.

White House publishes a cyber-security rulebook for space systems

www.zdnet.com/article/white-house-publishes-a-cyber-security-rulebook-for-space-systems/ The new rules, detailed in Space Policy Directive-5 (SPD-5), are meant to establish a cybersecurity baseline for all space-bound craft, systems, networks, and communications channels built and operated by US government agencies and commercial space entities. “Examples of malicious cyber activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks, ” said officials.

Researchers find a way to spot security fixes from Linux kernel with data mining

www.theregister.com/2020/09/04/linux_kernel_flaws/ Researchers affiliated with BMW, Siemens, and two German universities have found that they can detect Linux kernel security fixes before they get released, insight that could allow miscreants to develop and deploy exploit code for which there’s no defense. In an ArXiv-distributed paper titled, “The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects, ” researchers outline a data mining scheme that amounts to a side channel attack on the open source vulnerability disclosure process. PDF: arxiv.org/pdf/2009.01694.pdf

Cybersecurity – the new dimension of automotive quality

www.kaspersky.com/blog/cybersecurity-automotive/36924/ Modern computerized car require a secure-by-design platform. And that’s just what we’ve come up with. A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.

You might be interested in …

Daily NCSC-FI news followup 2019-09-11

Ryuk Related Malware Steals Confidential Military, Financial Files www.bleepingcomputer.com/news/security/ryuk-related-malware-steals-confidential-military-financial-files/ A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. Microsoft to Improve Office 365 Phishing Email Notifications www.bleepingcomputer.com/news/security/microsoft-to-improve-office-365-phishing-email-notifications/ Microsoft is currently working on enhancing the notification system for quarantined malware […]

Read More

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. Russian Hacks on U.S. Voting System Wider Than Previously Known www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.