Daily NCSC-FI news followup 2020-09-12

IT staffing firm Artech says ransomware attack led to data breach

www.bleepingcomputer.com/news/security/it-staffing-firm-artech-says-ransomware-attack-led-to-data-breach/ Artech Information Systems, one of the largest US IT staffing companies, has disclosed a data breach caused by a ransomware attack that affected some of its systems during early January 2020.

Its No Giggle: Managing Expectations for Vulnerability Disclosure

threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.

Fairfax County schools hit by Maze ransomware, student data leaked

www.bleepingcomputer.com/news/security/fairfax-county-schools-hit-by-maze-ransomware-student-data-leaked/ Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.

Researcher kept a major Bitcoin bug secret for two years to prevent attacks

www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks/ The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.

Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods

www.theregister.com/2020/09/12/follow_security_basics_and_you/ Most online attacks could be easily avoided by following basic cyber security advice, Australias national cyber security bureau has said even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/ Attackers check the victims Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Office Documents with Embedded Objects

isc.sans.edu/forums/diary/Office+Documents+with+Embedded+Objects/26558/

You might be interested in …

Daily NCSC-FI news followup 2020-05-24

Securing smart infrastructure during the COVID-19 pandemic www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. AgentTesla Delivered via a Malicious PowerPoint Add-In isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/ Attackers are always trying to find new ways […]

Read More

Daily NCSC-FI news followup 2020-02-27

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now www.theregister.co.uk/2020/02/26/zyxel_security_hole/ Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right? www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/ Encryption keys forced to zero by chip-level KrØØk flaw Credit Card Skimmer Uses Fake CDNs To Evade Detection www.bleepingcomputer.com/news/security/credit-card-skimmer-uses-fake-cdns-to-evade-detection/ Threat […]

Read More

Daily NCSC-FI news followup 2019-07-22

Fuzz rising www.cloudatomiclab.com/fuzz/ – From the Debian stats, of the billion or so lines of code, 43% is ANSI C and 24% is C++ which has many of the same problems in many codebases. So 670 million lines of code, in general without enough maintainers to deal with the existing and coming waves of security […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.