Daily NCSC-FI news followup 2020-10-07

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

threatpost.com/bahamut-spies-nation-state/159925/ Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.

QNAP fixes critical flaws that could lead to device takeover

www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/ QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

thehackernews.com/2020/10/p2p-iot-botnet.html Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Lisäksi: blog.netlab.360.com/heh-an-iot-p2p-botnet/

Comcast TV Remote Hack Opens Homes to Snooping

threatpost.com/comcast-tv-remote-homes-snooping/159899/ A security flaw allowing attackers to remotely snoop in on victims’ private conversations was found to stem from an unexpected device their TV remotes. Lisäksi:


FBI Drive-By’ Hacking Threat Gets Real: Here’s Why You Should Be Concerned

www.forbes.com/sites/zakdoffman/2020/10/07/fbi-drive-by-hacking-threat-gets-real-heres-why-you-should-be-concerned/ Warnings that our IoT devices might be spying on us are nothing newremember the smart speaker fiasco last year? But at least we expect those devices to be listening and can exercise some caution.

Sisäministeriön ja poliisin kampanja kannustaa nuoria miettimään sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/sisaministerion_ja_poliisin_kampanja_kannustaa_nuoria_miettimaan_sosiaalisen_median_keskustelukulttuuria_ja_vihapuheen_vaikutuksia_93843?language=fi Sisäministeriö ja Poliisihallitus ovat käynnistäneet nuorille suunnatun sosiaalisen median kampanjan, jonka tarkoituksena on kannustaa nuoria pohtimaan sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia lähipiirissä ja laajemmin yhteiskunnassa.

Risky business: survey shows majority of people use work devices for personal use

blog.malwarebytes.com/malwarebytes-news/2020/10/work-devices-for-personal-use/ There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies).

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/ Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Lisäksi:


Chrome-selain sai mittavan tietoturvapäivityksen asenna heti

www.tivi.fi/uutiset/tv/da62e2fe-6450-4fc1-945a-dbf33e9c43b0 Chrome 86 sisältää lukuisia tietoturvaparannuksia sekä uusia ohjelmointirajapintoja. Lisäksi:

www.zdnet.com/article/chrome-86-released-with-password-related-security-improvements/. Lisäksi:


September 2020’s Most Wanted Malware: New Info-stealing Valak Variant Enters Top 10 Malware List For First Time

blog.checkpoint.com/2020/10/07/september-2020s-most-wanted-malware-new-info-stealing-valak-variant-enters-top-10-malware-list-for-first-time/ Check Point researchers find sharp increase in attacks using new Valak malware, while the Emotet trojan remains in 1st place for third consecutive month

Had your face stolen lately?

www.welivesecurity.com/2020/10/06/had-face-stolen-lately-biometrics-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 You can reset your PIN after a data breach, you can reset your password after a data breach, you can reset your security questions after a data breach but can you reset your face?

You might be interested in …

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2019-12-18

MPY:n runkoverkkoon iski vakava häiriö ja suuri osa tietoliikenneyhteyksistä meni poikki “Liian pitkä katkos, palaverin paikka” lansi-savo.fi/uutiset/lahella/412aad43-f61a-4456-a342-9e98bd254d16 MPY tiedotti iltapäivällä vakavasta häiriöstä runkoverkossaan ja kertoi suuren osan yhteyksistä olevan poikki. Yhteys korjaantui seitsemän jälkeen illalla. . Myyntijohtaja Juha Putkonen kertoo, että asia havaittiin kahden maissa iltapäivällä eli katkos kesti noin viisi tuntia.. Myös: blogi.mpy.fi/kuluttajat/hairiotiedotteet/vakava-hairio-mpyn-runkoverkossa-suuri-osa-yhteyksista-poikki Seven […]

Read More

Daily NCSC-FI news followup 2019-10-10

Pair Locking your iPhone with Configurator 2 arkadiyt.com/2019/10/07/pair-locking-your-iphone-with-configurator-2/ “In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.