Daily NCSC-FI news followup 2020-10-17

Google warned users of 33,000 state-sponsored attacks in 2020

www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/ Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts.

Political campaign emails contain dark patterns to manipulate donors, voters

www.zdnet.com/article/political-campaign-emails-contain-dark-patterns-to-manipulate-donors-voters/ Princeton researchers analyzed 100,000 different campaign emails from more than 3,000 political candidates.. US political candidates use psychological tricks and dark patterns in their emails to manipulate supporters to donate money and mobilize voters.

Suomi julkisti näkemyksensä kansainvälisestä oikeudesta kyberympäristössä

um.fi/ajankohtaista/-/asset_publisher/gc654PySnjTX/content/suomi-julkisti-n-c3-a4kemyksens-c3-a4-kansainv-c3-a4lisest-c3-a4-oikeudesta-kyberymp-c3-a4rist-c3-b6ss-c3-a4

Hackers now abuse BaseCamp for free malware hosting

www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/ Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials.

Phishers Capitalize on Headlines with Breakneck Speed

threatpost.com/phishers-capitalize-headlines-speed/160249/ Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams all with the same infrastructure.

Nation-state actor hit Google with the largest DDoS attack

www.bleepingcomputer.com/news/security/nation-state-actor-hit-google-with-the-largest-ddos-attack/ In an overview of distributed denial-of-service (DDoS) trends targeting its network links, Google revealed that in 2017 a nation-state actor used massive firepower that amounted to more than 2.54 terabits per second.

5 things you can do to secure your home office without hiring an expert

www.welivesecurity.com/2020/10/16/5-things-you-can-do-secure-home-office-without-hiring-expert/ You dont need a degree in cybersecurity or a bottomless budget to do the security basics well here are five things that will get you on the right track

Daily NCSC-FI news followup 2020-09-29

Koronavilkku päivittyi ja esittää tärkeän kysymyksen avattaessa vastaa siihen myöntävästi www.is.fi/digitoday/mobiili/art-2000006652361.html Jokaisen tulisi päivittää Koronavilkku ja avata sovellus kertaalleen. Sovellus ei enää päivityksen jälkeen voi vaipua sen toimintaa häiritsevään horrostilaan. These hackers have spent months hiding out in company networks undetected www.zdnet.com/article/these-hackers-have-spent-months-hiding-out-in-company-networks-undetected/ A state-sponsored hacking group been creeping around networks for almost a year as […]

Daily NCSC-FI news followup 2021-05-20

China could soon have stronger privacy laws than the U.S. www.protocol.com/china/china-privacy-laws-surpass-usa In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and […]

Daily NCSC-FI news followup 2021-08-07

Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/ Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together. […]