Daily NCSC-FI news followup 2020-10-07

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

threatpost.com/bahamut-spies-nation-state/159925/ Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.

QNAP fixes critical flaws that could lead to device takeover

www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/ QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

thehackernews.com/2020/10/p2p-iot-botnet.html Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Lisäksi: blog.netlab.360.com/heh-an-iot-p2p-botnet/

Comcast TV Remote Hack Opens Homes to Snooping

threatpost.com/comcast-tv-remote-homes-snooping/159899/ A security flaw allowing attackers to remotely snoop in on victims’ private conversations was found to stem from an unexpected device their TV remotes. Lisäksi:


FBI Drive-By’ Hacking Threat Gets Real: Here’s Why You Should Be Concerned

www.forbes.com/sites/zakdoffman/2020/10/07/fbi-drive-by-hacking-threat-gets-real-heres-why-you-should-be-concerned/ Warnings that our IoT devices might be spying on us are nothing newremember the smart speaker fiasco last year? But at least we expect those devices to be listening and can exercise some caution.

Sisäministeriön ja poliisin kampanja kannustaa nuoria miettimään sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/sisaministerion_ja_poliisin_kampanja_kannustaa_nuoria_miettimaan_sosiaalisen_median_keskustelukulttuuria_ja_vihapuheen_vaikutuksia_93843?language=fi Sisäministeriö ja Poliisihallitus ovat käynnistäneet nuorille suunnatun sosiaalisen median kampanjan, jonka tarkoituksena on kannustaa nuoria pohtimaan sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia lähipiirissä ja laajemmin yhteiskunnassa.

Risky business: survey shows majority of people use work devices for personal use

blog.malwarebytes.com/malwarebytes-news/2020/10/work-devices-for-personal-use/ There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies).

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/ Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Lisäksi:


Chrome-selain sai mittavan tietoturvapäivityksen asenna heti

www.tivi.fi/uutiset/tv/da62e2fe-6450-4fc1-945a-dbf33e9c43b0 Chrome 86 sisältää lukuisia tietoturvaparannuksia sekä uusia ohjelmointirajapintoja. Lisäksi:

www.zdnet.com/article/chrome-86-released-with-password-related-security-improvements/. Lisäksi:


September 2020’s Most Wanted Malware: New Info-stealing Valak Variant Enters Top 10 Malware List For First Time

blog.checkpoint.com/2020/10/07/september-2020s-most-wanted-malware-new-info-stealing-valak-variant-enters-top-10-malware-list-for-first-time/ Check Point researchers find sharp increase in attacks using new Valak malware, while the Emotet trojan remains in 1st place for third consecutive month

Had your face stolen lately?

www.welivesecurity.com/2020/10/06/had-face-stolen-lately-biometrics-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 You can reset your PIN after a data breach, you can reset your password after a data breach, you can reset your security questions after a data breach but can you reset your face?

You might be interested in …

Daily NCSC-FI news followup 2019-12-05

Suojelupoliisi: Ulkomaiset vakoojat entistä kiinnostuneempia Suomen kriittisestä infrasta mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work.. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC […]

Read More

Daily NCSC-FI news followup 2020-01-10

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/ The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current […]

Read More

Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.