Daily NCSC-FI news followup 2020-09-12

IT staffing firm Artech says ransomware attack led to data breach

www.bleepingcomputer.com/news/security/it-staffing-firm-artech-says-ransomware-attack-led-to-data-breach/ Artech Information Systems, one of the largest US IT staffing companies, has disclosed a data breach caused by a ransomware attack that affected some of its systems during early January 2020.

Its No Giggle: Managing Expectations for Vulnerability Disclosure

threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.

Fairfax County schools hit by Maze ransomware, student data leaked

www.bleepingcomputer.com/news/security/fairfax-county-schools-hit-by-maze-ransomware-student-data-leaked/ Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.

Researcher kept a major Bitcoin bug secret for two years to prevent attacks

www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/ The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.

Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods

www.theregister.com/2020/09/12/follow_security_basics_and_you/ Most online attacks could be easily avoided by following basic cyber security advice, Australias national cyber security bureau has said even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/ Attackers check the victims Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Office Documents with Embedded Objects

isc.sans.edu/forums/diary/Office+Documents+with+Embedded+Objects/26558/

You might be interested in …

Daily NCSC-FI news followup 2019-10-28

800 cyberattacks an hour in the United Kingdom www.pandasecurity.com/mediacenter/security/cyberattacks-united-kingdom-councils/ In 2019, public administrations have suffered a great deal at the hands of cybercriminals. In January, the city hall of Del Rio, Texas, suffered a ransomware attack that forced its employees to carry out their work with pen and paper. This incident was first in a […]

Read More

Daily NCSC-FI news followup 2019-09-26

Magecart Group Targets Routers Behind Public Wi-Fi Networks threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/ Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers potentially opening up guests connecting to Wi-Fi networks to payment data theft.. Read also: www.zdnet.com/article/hackers-looking-into-injecting-card-stealing-code-on-routers-rather-than-websites/ and Microsoft Phishing Attack Uses Google Redirects to Evade Detection www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/ A new phishing campaign […]

Read More

Daily NCSC-FI news followup 2020-03-29

Source code of Dharma ransomware pops up for sale on hacking forums www.zdnet.com/article/source-code-of-dharma-ransomware-pops-up-for-sale-on-hacking-forums/ The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend.. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.