Daily NCSC-FI news followup 2020-10-07

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

threatpost.com/bahamut-spies-nation-state/159925/ Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.

QNAP fixes critical flaws that could lead to device takeover

www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/ QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

thehackernews.com/2020/10/p2p-iot-botnet.html Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Lisäksi: blog.netlab.360.com/heh-an-iot-p2p-botnet/

Comcast TV Remote Hack Opens Homes to Snooping

threatpost.com/comcast-tv-remote-homes-snooping/159899/ A security flaw allowing attackers to remotely snoop in on victims’ private conversations was found to stem from an unexpected device their TV remotes. Lisäksi:

www.theregister.com/2020/10/07/comcast_xr11_voice_remote_pwnable/

FBI Drive-By’ Hacking Threat Gets Real: Here’s Why You Should Be Concerned

www.forbes.com/sites/zakdoffman/2020/10/07/fbi-drive-by-hacking-threat-gets-real-heres-why-you-should-be-concerned/ Warnings that our IoT devices might be spying on us are nothing newremember the smart speaker fiasco last year? But at least we expect those devices to be listening and can exercise some caution.

Sisäministeriön ja poliisin kampanja kannustaa nuoria miettimään sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia

www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/sisaministerion_ja_poliisin_kampanja_kannustaa_nuoria_miettimaan_sosiaalisen_median_keskustelukulttuuria_ja_vihapuheen_vaikutuksia_93843?language=fi Sisäministeriö ja Poliisihallitus ovat käynnistäneet nuorille suunnatun sosiaalisen median kampanjan, jonka tarkoituksena on kannustaa nuoria pohtimaan sosiaalisen median keskustelukulttuuria ja vihapuheen vaikutuksia lähipiirissä ja laajemmin yhteiskunnassa.

Risky business: survey shows majority of people use work devices for personal use

blog.malwarebytes.com/malwarebytes-news/2020/10/work-devices-for-personal-use/ There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel like a subtle acceleration of behavioral shifts that were already well underway (i.e. more online shopping and more streaming TV/movies).

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/ Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Lisäksi:

blog.talosintelligence.com/2020/10/poetrat-update.html

Chrome-selain sai mittavan tietoturvapäivityksen asenna heti

www.tivi.fi/uutiset/tv/da62e2fe-6450-4fc1-945a-dbf33e9c43b0 Chrome 86 sisältää lukuisia tietoturvaparannuksia sekä uusia ohjelmointirajapintoja. Lisäksi:

www.zdnet.com/article/chrome-86-released-with-password-related-security-improvements/. Lisäksi:

us-cert.cisa.gov/ncas/current-activity/2020/10/07/google-releases-security-updates-chrome

September 2020’s Most Wanted Malware: New Info-stealing Valak Variant Enters Top 10 Malware List For First Time

blog.checkpoint.com/2020/10/07/september-2020s-most-wanted-malware-new-info-stealing-valak-variant-enters-top-10-malware-list-for-first-time/ Check Point researchers find sharp increase in attacks using new Valak malware, while the Emotet trojan remains in 1st place for third consecutive month

Had your face stolen lately?

www.welivesecurity.com/2020/10/06/had-face-stolen-lately-biometrics-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 You can reset your PIN after a data breach, you can reset your password after a data breach, you can reset your security questions after a data breach but can you reset your face?

You might be interested in …

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]

Read More

Daily NCSC-FI news followup 2021-02-17

Poliisi varoittaa erittäin vahingollisista huijaus­tekstiviesteistä älä klikkaa linkkiä www.is.fi/digitoday/tietoturva/art-2000007808031.html Poliisi ohjeistaa olemaan tarkkana tulevien tekstiviestien ja etenkin niiden sisältämien linkkien kanssa.. katso myös www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Alert (AA21-048A) – AppleJeus: Analysis of North Koreas Cryptocurrency Malware us-cert.cisa.gov/ncas/alerts/aa21-048a This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure […]

Read More

Daily NCSC-FI news followup 2021-02-21

Experian challenged over massive data leak in Brazil www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil Consumer rights body criticizes explanations from the credit bureau in relation to the data exposure of over 220 million citizens. After receiving feedback from Experian over a massive data leak in Brazil, São Paulo state consumer rights foundation Procon described the company’s explanations as “insufficient” and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.