Daily NCSC-FI news followup 2020-09-06

Ransomware attack halts Argentinian border crossing for four hours

www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/ Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. The ransomware demanded $4 million and leaked data from the breach online.

Visa warns of new Baka credit card JavaScript skimmer

www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/ Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data. The credit card stealing script was discovered by researchers with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while examining a command and control (C2) server that previously hosted an ImageID web skimming kit.

Which cybersecurity failures cost companies the most and which defenses have the highest ROI?

www.helpnetsecurity.com/2020/09/03/cost-cybersecurity-failures/ Massachusetts Institute of Technology (MIT) scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. Also:

www.csail.mit.edu/news/helping-companies-prioritize-their-cybersecurity-investments

Threema E2EE chat app to go ‘fully open source’ within months

www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source-within-months/ Threema, which is one of a handful of instant messaging services that support end-to-end encryption (E2EE) between users, is the third service to go open source, after Signal and Wickr.

You might be interested in …

Daily NCSC-FI news followup 2021-02-28

Bombardier Blindsided By Extortion Threat After Hackers Breach Server www.forbes.com/sites/leemathews/2021/02/27/bombardier-blindsided-by-extortion-threat-after-hackers-breach-server/ It seems likely that the attackers intent was never to launch a more sophisticated and lucrative attack. Instead they sought to use a fresh exploit to hit as many Accellion FTA customers as quickly as possible. A 2020 Go Malware Round-Up www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf In the last […]

Read More

Daily NCSC-FI news followup 2020-02-04

TeamViewer whynotsecurity.com/blog/teamviewer/ TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also […]

Read More

Daily NCSC-FI news followup 2021-07-21

Virtuaalivaluuttoihin liittyviä rahanpesuilmoituksia alkuvuonna yli 3, 4 miljoonaa kappaletta, kertoo KRP www.is.fi/digitoday/tietoturva/art-2000008140592.html Selvittelykeskus kirjasi kesäkuun loppuun mennessä rahanpesurekisteriin ennätykselliset yli 3466000 epäilyttävää liiketoimea tai epäiltyä terrorismin rahoittamista koskevaa ilmoitusta. Näistä noin 26600 tuli muilta kuin virtuaalivaluuttapalveluihin liittyviltä tahoilta. Suomi ja Singapore 6g-yhteistyöhön “Voimme saavuttaa molemminpuolista etua” www.tivi.fi/uutiset/tv/45e16ffc-1ba1-411e-87be-edbcd797803f Oulun yliopiston koordinoima 6g-teknologian tutkimus- ja kehitysohjelma 6g […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.