Saitko tekstiviestin Postin nimissä? Varothan, viesti voi olla huijaus
www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Päivitetty 07.10.2020 14:28. Uudessa huijaustyypissä tekstiviestillä lähetetystä linkistä aukeava kalastelusivu muuntautuu päätelaitteesi mukaan: iOS-laitteilta kalastellaan iCloud-tunnuksia, Androideille tarjotaan haitallista sovellusta (.apk-paketti).
Android Users Beware: Delete These 240 Malicious Apps Now
www.forbes.com/sites/kateoflahertyuk/2020/10/08/android-users-beware-delete-these-240-malicious-apps-now/ Android users need to check their devices today after security researchers revealed 240 malicious apps have been barraging people with irrelevant ads. Lisäksi:
Android Ransomware Has Picked Up Some Foreboding New Tricks
www.wired.com/story/android-ransomware-worrying-evolution/ Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can’t tolerate downtime. But along with the various types of PC malware that are typically used in these attacks, there’s another burgeoning platform for ransomware as well: Android phones.
MontysThree: Industrial cyberspy
www.kaspersky.com/blog/montysthree-industrial-cyberspy/37263/ Our experts have found traces of activity of a new cybercriminal group that spies on industrial enterprises. The crooks are carrying out targeted attacks, using a tool that our researchers call MontysThree, looking for documents on victims’ computers. Lisäksi:
US seizes Iranian government domains masked as legitimate news outlets
www.zdnet.com/article/us-seizes-iranian-government-domains-masked-as-legitimate-news-outlets US law enforcement has seized 92 domains used to spread propaganda and fake news by Iran’s Islamic Revolutionary Guard Corps (IRGC).
Waterbear malware used in attack wave against government agencies
www.zdnet.com/article/waterbear-malware-used-in-attack-wave-against-government-agencies According to CyCraft researchers, the attacks took place in April 2020, but in an interesting twist, the threat group responsible leveraged malware already present on compromised servers — due to past attacks — in order to deploy malware.
Google Rolls Out Fixes for High-Severity Android System Flaws
threatpost.com/google-android-system-flaws/159948/ The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).
HEH P2P Botnet Sports Dangerous Wiper Function
threatpost.com/heh-p2p-botnet-wiper-function/159974/ The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.
Microsoft Azure Flaws Open Admin Servers to Takeover
threatpost.com/microsoft-azure-flaws-servers-takeover/159965/ Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks. Lisäksi:
Phishing emails lure victims with inside info on Trump’s health
www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/ A phishing campaign pushing a network-compromising backdoor pretends to have the inside scoop on President Trump’s health after being infected with COVID-19. Lisäksi:
Gmail users: Expect to see these new security alerts, says Google
www.zdnet.com/article/gmail-users-expect-to-see-these-new-security-alerts-says-google Over the next few weeks, Google will start rolling out new security alerts for critical issues affecting individual Google accounts, with the alert displayed in the Google app currently being used.. Lisäksi:
Facebook’s Most Recent Transparency Report Demonstrates the Pitfalls of Automated Content Moderation
www.eff.org/deeplinks/2020/10/facebooks-most-recent-transparency-report-demonstrates-pitfalls-automated-content In the wake of the coronavirus pandemic, many social media platforms shifted their content moderation policies to rely much more heavily on automated tools. Lisäksi:
Microsoft adds consent phishing protection to Office 365
www.bleepingcomputer.com/news/security/microsoft-adds-consent-phishing-protection-to-office-365/ Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365.
Highlights on the National Cybersecurity Strategies
www.enisa.europa.eu/news/enisa-news/Highlights-on-the-National-Cybersecurity-Strategies The purpose of the framework is to help Member States perform a self-assessment of their level of maturity. By assessing their National Cybersecurity Strategy objectives both at strategic and at operational level, Member States will be able to possibly enhance existing and build new cybersecurity capabilities.
Autonomous Vehicle Security Needs From A Hacker’s Perspective
securityintelligence.com/posts/autonomous-car-security-hackers-perspective/ With connected cars becoming more common, the industry has more standards and options when it comes to autonomous vehicle security.
ICANN turns on root server cluster in Singapore
www.zdnet.com/article/icann-turns-on-root-server-cluster-in-singapore The Internet Corporation for Assigned Names and Numbers (ICANN) has turned on an ICANN Managed Root Server (IMRS) cluster in Singapore, marking it the first of such site in Asia-Pacific. The region currently sees the highest volume of queries worldwide, receiving twice as many as Europe.
52 Alarming Cyberbullying Statistics in 2021
www.pandasecurity.com/mediacenter/family-safety/cyberbullying-statistics/ Standing up to bullies was once a brave act that defied social norms. Today, the landscape is not so clear-cut. Enter: cyberbullying. Adolescents are forced to endure pressure from peers at any given hour of the dayoften without even knowing the identity of bully.