Daily NCSC-FI news followup 2020-10-03

Kyberturvallisuuden superkuukausi on täällä taas!

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuden-superkuukausi-taalla-taas Lokakuussa kyberturvallisuus saa siivet, kun Euroopan kyberturvallisuuskuukausi, European Cyber Security Month taas alkaa. Eurooppalainen kyberin yhteisponnistus näkyy ja kuuluu verkkosivuillamme ja somekanavissamme. Kampanja on tarkoitettu meille kaikille. Laitetaan yhdessä kyberturvallisuuden perustaidot kuntoon!

CERT-SE Challenge 2020 – Will you accept our challenge?

cert.se/2020/09/cert-se-challenge-2020 CERT-SE kicks the cybersecurity month off with a challenge aimed to everyone with a cybersecurity interest.

Microsoft Says Russia Behind Most Nation-State Cyber-Attacks

www.bloomberg.com/news/articles/2020-09-29/microsoft-says-russia-behind-most-nation-state-hacking-attempts Russia-based hackers are responsible for the majority of nation-state attacks on Microsoft customers, according to new data from company.

Egregor Ransomware Threatens Mass-Media’ Release of Corporate Data

threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/ A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files.

How One Piece of Hardware Took Down a $6 Trillion Stock Market

www.bloomberg.com/news/articles/2020-10-02/how-one-piece-of-hardware-took-down-a-6-trillion-stock-market A data device critical to the Tokyo Stock Exchange’s trading system had malfunctioned, and the automatic backup had failed to kick in. It was less than an hour before the system, called Arrowhead, was due to start processing orders in the $6 trillion equity market. Exchange officials could see no solution.

Grindr fixed a bug allowing full takeover of any user account

www.bleepingcomputer.com/news/security/grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/ Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user’s email address.

Google now discloses Android vulnerabilities for 3rd-party devices

www.bleepingcomputer.com/news/security/google-now-discloses-android-vulnerabilities-for-3rd-party-devices/ Google today announced the launch of a new program specifically designed to deal with security vulnerabilities the company finds in third-party Android devices and software serviced by Android OEMs.

Common Ways Attackers Are Stealing Credentials

www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/ A few weeks ago, we reviewed some of the worst website hacks we’ve ever seen. Every one of them started with poor password choices and escalated into a disastrous event for the site owner. Strong passwords and good password hygiene are often the first line of defense.

You might be interested in …

Daily NCSC-FI news followup 2021-01-09

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html Incident response investigations dont always involve standard host-based artifacts with fully developed parsing and analysis tools. At FireEye Mandiant, we frequently encounter incidents that involve a number of systems and solutions that utilize custom logging or artifact data. Determining what happened in an […]

Read More

Daily NCSC-FI news followup 2020-01-23

Increased Emotet Malware Activity www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute […]

Read More

Daily NCSC-FI news followup 2020-09-23

Phishers spoof reliable cybersecurity training company to garner clicks blog.malwarebytes.com/scams/2020/09/phishers-spoof-reliable-cybersecurity-training-company-to-garner-clicks/ It happens to the best of us. And, indeed, no adage is better suited to a phishing campaign that recently made headlines. Fraudsters used the brand, KnowBe4a trusted cybersecurity company that offers security awareness training for organizationsto gain recipients trust, their Microsoft Outlook credentials, and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.