Daily NCSC-FI news followup 2020-10-07

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

threatpost.com/bahamut-spies-nation-state/159925/ Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.

QNAP fixes critical flaws that could lead to device takeover

www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/ QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

thehackernews.com/2020/10/p2p-iot-botnet.html Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Lisäksi: blog.netlab.360.com/heh-an-iot-p2p-botnet/

Comcast TV Remote Hack Opens Homes to Snooping

threatpost.com/comcast-tv-remote-homes-snooping/159899/ A security flaw allowing attackers to remotely snoop in on victims’ private conversations was found to stem from an unexpected device their TV remotes. Lisäksi:

www.theregister.com/2020/10/07/comcast_xr11_voice_remote_pwnable/

FBI Drive-By’ Hacking Threat Gets Real: Here’s Why You Should Be Concerned

www.forbes.com/sites/zakdoffman/2020/10/07/fbi-drive-by-hacking-threat-gets-real-heres-why-you-should-be-concerned/ Warnings that our IoT devices might be spying on us are nothing newremember the smart speaker fiasco last year? But at least we expect those devices to be listening and can exercise some caution.

Sisäministeriön ja poliisin kampanja kannustaa nuoria miettimään sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/sisaministerion_ja_poliisin_kampanja_kannustaa_nuoria_miettimaan_sosiaalisen_median_keskustelukulttuuria_ja_vihapuheen_vaikutuksia_93843?language=fi Sisäministeriö ja Poliisihallitus ovat käynnistäneet nuorille suunnatun sosiaalisen median kampanjan, jonka tarkoituksena on kannustaa nuoria pohtimaan sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia lähipiirissä ja laajemmin yhteiskunnassa.

Risky business: survey shows majority of people use work devices for personal use

blog.malwarebytes.com/malwarebytes-news/2020/10/work-devices-for-personal-use/ There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies).

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/ Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Lisäksi:

blog.talosintelligence.com/2020/10/poetrat-update.html

Chrome-selain sai mittavan tietoturvapäivityksen asenna heti

www.tivi.fi/uutiset/tv/da62e2fe-6450-4fc1-945a-dbf33e9c43b0 Chrome 86 sisältää lukuisia tietoturvaparannuksia sekä uusia ohjelmointirajapintoja. Lisäksi:

www.zdnet.com/article/chrome-86-released-with-password-related-security-improvements/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/10/07/google-releases-security-updates-chrome

September 2020’s Most Wanted Malware: New Info-stealing Valak Variant Enters Top 10 Malware List For First Time

blog.checkpoint.com/2020/10/07/september-2020s-most-wanted-malware-new-info-stealing-valak-variant-enters-top-10-malware-list-for-first-time/ Check Point researchers find sharp increase in attacks using new Valak malware, while the Emotet trojan remains in 1st place for third consecutive month

Had your face stolen lately?

www.welivesecurity.com/2020/10/06/had-face-stolen-lately-biometrics-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 You can reset your PIN after a data breach, you can reset your password after a data breach, you can reset your security questions after a data breach but can you reset your face?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.