Daily NCSC-FI news followup 2020-10-04

Ttint is a new form of IoT botnet that also includes remote access tools-like (RAT) features, rarely seen in these types of botnets before

www.zdnet.com/article/new-ttint-iot-botnet-caught-exploiting-two-zero-days-in-tenda-routers For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet.

Google offers up $50k in cloud credits to fuzz the hell out of JavaScript engines

www.theregister.com/2020/10/02/google_javascript_fuzzing_funds/ Google is offering bug hunters thousands of dollars worth of compute time on its cloud to hammer away at JavaScript engines and uncover new security flaws in the software.

Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt The Threat Hunter Team at Symantec, a division of Broadcom (NASDAQ: AVGO), has uncovered a new espionage campaign carried out by the Palmerworm group (aka BlackTech) involving a brand new suite of custom malware, targeting organizations in Japan, Taiwan, the U.S., and China.

Two Members of Notorious Videogame Piracy Group “Team Xecuter” in Custody

www.justice.gov/opa/pr/two-members-notorious-videogame-piracy-group-team-xecuter-custody Two leaders of one of the world’s most notorious videogame piracy groups, Team Xecuter, have been arrested and are in custody facing charges filed in U.S. District Court in Seattle.

Python programming in the final frontier: Microsoft and NASA release student learning portal

www.techrepublic.com/article/python-programming-in-the-final-frontier-microsoft-and-nasa-release-student-learning-portal/ Overall, the project includes three different NASA-inspired lessons. These learning pathways were created by computer scientist and entrepreneur Sarah Guthals to teach programming fundamentals using space exploration challenges and themes.

Online avatar service Gravatar allows mass collection of user info

www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/ A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots.

Two North American hospitality merchants hacked in May and June

www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/ Visa did not share the name of the two victims but said that one company had three different strains of point-of-sale (POS) malware on its network.

You might be interested in …

Daily NCSC-FI news followup 2019-08-24

Kyberhyökkäykset ravistelevat suomalaiskuntia Tampere: “Harjoittelemme säännöllisesti” www.tivi.fi/uutiset/tv/d884768a-4cba-4abb-b990-64620669935d Sähköpostihuijareiden toimintatapoja tarkemmin – eiliseen 80 huijarin kiinniottoon liittyvä analyysi garwarner.blogspot.com/2019/08/los-angeles-court-charges-80-nigerians.html Fortnite-pelin huijausohjelma sisältääkin haittaohjelman ja vaatii lunnaat www.kaspersky.com/blog/ransomware-in-fortnite-cheats/28104/ FireEyen tuore raportti sote-sektorin toistuvasta kohdennuksesta ja altistumisesta tietovuodoille www.fireeye.com/blog/threat-research/2019/08/healthcare-research-data-pii-continuously-targeted-by-multiple-threat-actors.html Facebook jakoi vuosittaisen Internet Defence Prize -palkintonsa saksalaisille tutkijoille: 100’000 USD uudesta suojausmekanismista. www.zdnet.com/article/facebook-awards-100000-prize-for-new-code-isolation-technique/ Esineiden internet: älyuunit päälle keskellä […]

Read More

Daily NCSC-FI news followup 2020-12-14

Kyberuhat yleistyvät Miten Suomen yritykset pärjäävät? www.etla.fi/julkaisut/kyberuhat-yleistyvat-miten-suomen-yritykset-parjaavat/ Vaikka Suomen yritysten kyberturva onkin Euroopan keskitasoa vahvempaa, on Suomi jäämässä kehityksen kärjestä useilla eri mittareilla arvioituna. Erityisesti tietovuodot vaikuttavat tuottavan kotimaisille yrityksille poikkeuksellisen paljon haasteita. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html FireEye has uncovered a widespread campaign, […]

Read More

Daily NCSC-FI news followup 2020-02-12

Valentines & Chocolate Dont Always Equal Love blog.checkpoint.com/2020/02/12/valentines-chocolate-dont-always-equal-love/ With Valentines Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones. Meanwhile cyber criminals around the world also seem to be caught up in the spirit of this unique day. Over the past 2 years, Check Point […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.