Daily NCSC-FI news followup 2020-09-22

How to fight delayed phishing

www.kaspersky.com/blog/delayed-phishing-countermeasures/37153/ Phishing links in e-mails to company employees often become active after initial scanning. But they still can and must be caught. Phishing has long been a major attack vector on corporate networks. Its no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, use antiphishing filters and malicious address scanners. Therefore, cybercriminals are constantly inventing new, and refining old, circumvention methods. One such method is delayed phishing.

How identification, authentication, and authorization differ

www.kaspersky.com/blog/identification-authentication-authorization-difference/37143/ We use raccoons to explain how identification, authorization, and authentication differ, and why 2FA is necessary. t happens to every one of us every day. We are constantly identified, authenticated, and authorized by various systems. And yet, many people confuse the meanings of these words, often using the terms identification or authorization when, in fact, they are talking about authentication.

New and improved Security Update Guide!

msrc-blog.microsoft.com/2020/09/21/new-and-improved-security-update-guide/ Were excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment. Weve listened to your feedback and incorporated many of your suggestions and new feature ideas. For example, it is now much easier to get a simple list of all CVEs being released on an Update Tuesday or between your own custom date range (see Vulnerabilities tab).

Carlos Arnal: The economic impact of a DNS attack is too great to ignore the vulnerabilities that would enable it

www.pandasecurity.com/mediacenter/adaptive-defense/economic-impact-dns-attack/ One of the main problems with DNS attacks is the increasing cost of the damage they cause, as well as their rapid evolution and the diverse range of attack types. Data exfiltration over DNS is a major concern in corporate environments. In order to protect themselves, organizations are prioritizing the security of network endpoints and improving DNS traffic monitoring. We discussed this with Carlos Arnal, Product Marketing Manager Endpoint Security at Panda.

Uncover Return on Investment From Using a SOAR Platform

securityintelligence.com/posts/uncover-return-on-investment-from-using-soar-platform/ When a cybersecurity attack happens, people may be tempted to react impulsively. Instead, security leaders should take a proactive approach. Carefully considering the long-term effects of actions on resources and security posture becomes easier with the right tools. Using a Security Orchestration, Automation and Response (SOAR) platform from day one can help your organization be better positioned to respond to cyberattacks today and in the future. At the same time, it can mean a significant return on investment (ROI) for the security budget.

Alert (AA20-266A) – LokiBot Malware

us-cert.cisa.gov/ncas/alerts/aa20-266a CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020. Throughout this period, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity. LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.

Unsecured Microsoft Bing Server Exposed Users’ Search Queries and Location

thehackernews.com/2020/09/bing-search-hacking.html A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn’t include any personal details such as names or addresses.. The data leak, discovered by Ata Hakcil of WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams.

6% of all Google Cloud Buckets are vulnerable to unauthorized access

www.comparitech.com/blog/information-security/google-cloud-buckets-unauthorized-access-report/ 131 of 2,064 scanned Google Cloud buckets were vulnerable to unauthorized access by users who could list, download, and/or upload files. Amazons S3 buckets are the most popular means for apps, websites, and online services to store data in the cloud. So when data breaches and exposures occur, vulnerable S3 buckets are often cited as the target. But Amazon Web Services is far from the only provider of cloud file storage. Google Cloud buckets, for instance, are also quite common, and they are just as vulnerable (due to misconfiguration) as their more popular counterparts, according to the latest research by Comparitechs cybersecurity research team.

Firefox 81 Release Kills High-Severity Code-Execution Bugs

threatpost.com/firefox-81-release-bugs/159435/ Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code. Two severe bugs (CVE-2020-15674 and CVE-2020-15673) are errors in the browsers memory-safety protections, which prevent memory access issues like buffer overflows. CVE-2020-15674 was reported in Firefox 80, while CVE-2020-15673 was reported in Firefox 80 and Firefox ESR 78.2.

Healthcare lags behind in critical vulnerability management, banks hold their ground

www.zdnet.com/article/healthcare-lags-behind-in-vulnerability-management-banks-are-holding-their-ground/ Vulnerability management is a key component of modern strategies to combat cyberattackers, but which industries perform well in this area?. The general public faces phishing attempts, spam, malvertising, and more in their daily lives. However, in the business realm, successfully targeting major companies — including banks, industrial giants, and medical facilities — can be far more lucrative for cybercriminals.

Tämän takia paha bluetooth-aukko ei koske Koronavilkkua Itse pidän huoletta päällä

www.is.fi/digitoday/mobiili/art-2000006643445.html Jopa miljardeja laitteita koskeva bluetooth-haavoittuvuus nimeltä Blesa ei vaikuta mitenkään Koronavilkkuun, vaikka se nojaakin ongelmalliseksi todettuun bluetooth low energy (ble) -toimintoon. Asiasta kertoo Koronavilkun toteuttaneen Solitan teknologia-asiantuntija Sami Köykkä Twitterissä. Koronavilkun käyttö on turvallista, koska se ei käytä haavoittuvuuden hyödyntämiseen tarvittavaa toimintoa.

A tip from a kid helps detect iOS and Android scam apps 2.4 million downloads

arstechnica.com/information-technology/2020/09/scam-apps-with-2-4-million-downloads-found-on-apple-and-google-shelves/ Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasnt active. To prevent users from uninstalling them, the apps hid their icon, making it hard to identify where the ads were coming from.

Emotet double blunder: fake Windows 10 Mobile and outdated messages

www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/ The Emotet botnet has switched up their malicious spamming campaign and is now heavily distributing password-protected archives to bypass email security gateways. This campaign started on Friday with documents claiming to be created on the expired Windows 10 Mobile and continued with a large volume of messages pretending to be made on Android.

Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI

www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/ The Russian government is working on updating its technology laws so it can ban the use of modern internet protocols that can hinder its surveillance and censorship capabilities. According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3, DoH, DoT, and ESNI.

Nearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of Work

www.darkreading.com/operations/nearly-70–of-it-and-security-pros-hone-their-cyber-skills-outside-of-work/d/d-id/1338980 New research shows how security skills are lacking across multiple IT disciplines as well – including network engineers, sys admins, and cloud developers. early three out of four organizations are struggling with a gap in security skills, and 68% of IT and security professionals say they work on advancing their cyber skills on their own time, outside of work.

Russian hackers use fake NATO training docs to breach govt networks

www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/ A Russian hacker group known by names, APT28, Fancy Bear, Sofacy, Sednit, and STRONTIUM, is behind a targeted attack campaign aimed at government bodies. The group delivered a hard-to-detect strand of Zebrocy Delphi malware under the pretense of providing NATO training materials. Researchers further inspected the files containing the payload and discovered these impersonated JPG files showing NATO images when opened on a computer.

Cybersäkerhetscentret – Anvisning om cyberövningar

www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Anvisning%20om%20cyber%C3%B6vningar.pdf Cybersäkerhetscentret har i samarbete med Försörjningsberedskapscentralen upprättat manualen “Anvisning om cyberövningar” som nu finns tillgänglig på engelska och svenska.

NCSC-FI – Manual for cyber exercise Organisers

www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Instructions%20for%20organising%20cyber%20exercises.pdf The Finnish National Cyber Security Centre together with the Finnish National Emergency Supply Agency present their “Manual for cyber exercise Organisers”, now available for download in English.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.