Daily NCSC-FI news followup 2020-10-03

Kyberturvallisuuden superkuukausi on täällä taas!

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuden-superkuukausi-taalla-taas Lokakuussa kyberturvallisuus saa siivet, kun Euroopan kyberturvallisuuskuukausi, European Cyber Security Month taas alkaa. Eurooppalainen kyberin yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Kampanja on tarkoitettu meille kaikille. Laitetaan yhdessä kyberturvallisuuden perustaidot kuntoon!

CERT-SE Challenge 2020 – Will you accept our challenge?

cert.se/2020/09/cert-se-challenge-2020 CERT-SE kicks the cybersecurity month off with a challenge aimed to everyone with a cybersecurity interest.

Microsoft Says Russia Behind Most Nation-State Cyber-Attacks

www.bloomberg.com/news/articles/2020-09-29/microsoft-says-russia-behind-most-nation-state-hacking-attempts Russia-based hackers are responsible for the majority of nation-state attacks on Microsoft customers, according to new data from company.

Egregor Ransomware Threatens Mass-Media’ Release of Corporate Data

threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/ A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files.

How One Piece of Hardware Took Down a $6 Trillion Stock Market

www.bloomberg.com/news/articles/2020-10-02/how-one-piece-of-hardware-took-down-a-6-trillion-stock-market A data device critical to the Tokyo Stock Exchange’s trading system had malfunctioned, and the automatic backup had failed to kick in. It was less than an hour before the system, called Arrowhead, was due to start processing orders in the $6 trillion equity market. Exchange officials could see no solution.

Grindr fixed a bug allowing full takeover of any user account

www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/ Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user’s email address.

Google now discloses Android vulnerabilities for 3rd-party devices

www.bleepingcomputer.com/news/security/google-now-discloses-android-vulnerabilities-for-3rd-party-devices/ Google today announced the launch of a new program specifically designed to deal with security vulnerabilities the company finds in third-party Android devices and software serviced by Android OEMs.

Common Ways Attackers Are Stealing Credentials

www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/ A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense.

You might be interested in …

Daily NCSC-FI news followup 2020-01-01

Chrome extension caught stealing crypto-wallet private keys www.zdnet.com/article/chrome-extension-caught-stealing-crypto-wallet-private-keys/ A Google Chrome extension was caught injecting JavaScript code on web pages to steal passwords and private keys from cryptocurrency wallets and cryptocurrency portals.

Read More

Daily NCSC-FI news followup 2020-06-24

Why cloud first is not a security problem www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem When considering moving to the public cloud, one of the first questions is often, Is the cloud secure?. This is a natural question. Although the public cloud offers an impressive array of tools and services, hidden beneath that slick visible layer are the complex layers of […]

Read More

Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.