Daily NCSC-FI news followup 2020-10-20

Ruotsi rajaa kiinalaisyhtiöiden tekniikan pois 5G-verkostaan turvallisuuspoliisin ja puolustusvoimien suosituksesta

yle.fi/uutiset/3-11603515 Ruotsi on päättänyt estää Huawein ja ZTE:n tekniikan käyttämisen maan 5G-verkkoa rakennettaessa. Kyseessä ovat kiinalaiset yhtiöt.. katso myös www.is.fi/digitoday/mobiili/art-2000006675870.html

NSA: Top 25 vulnerabilities actively abused by Chinese hackers

www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/ The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests.. see also

media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

Seven mobile browsers vulnerable to address bar spoofing attacks

www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-bar-spoofing-attacks/ Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar.

Facebook: A Top Launching Pad For Phishing Attacks

threatpost.com/facebook-launching-pad-phishing-attacks/160351/ Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks including a recent strike on a half-million Facebook users.

Adobe fixes 18 critical bugs affecting its Windows, macOS apps

www.bleepingcomputer.com/news/security/adobe-fixes-18-critical-bugs-affecting-its-windows-macos-apps/ The software products patched today by Adobe include Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo.

Coinbase phishing hijacks Microsoft 365 accounts via OAuth app

www.bleepingcomputer.com/news/microsoft/coinbase-phishing-hijacks-microsoft-365-accounts-via-oauth-app/ A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim’s email.

Google removes two Chrome ad blockers caught collecting user data

www.zdnet.com/article/google-removes-two-chrome-ad-blockers-caught-collecting-user-data/ Nano Adblocker and Nano Defender have been removed from the official Chrome Web Store.

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/ Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.

Mirai-alike Python Scanner

isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/

Barnes & Noble hit by Egregor ransomware, strange data leaked

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/ The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack.

You might be interested in …

Daily NCSC-FI news followup 2021-03-21

Puolustusministeri Kaikkonen: Digitaalinen itsenäisyys on puolustamisen arvoinen www.erillisverkot.fi/puolustusministeri-kaikkonen-digitaalinen-itsenaisyys-on-puolustamisen-arvoinen/ Digitaalisen itsenäisyyden turvaaminen on osa modernia maanpuolustusta. Kyberpuolustus ja kyberhyökkäysten torjuminen kuuluu olennaisesti siihen, linjasi puolustusministeri Antti Kaikkonen Erve Foorumi 2021 -tervehdyksessään. Samsung Investigation Part 2: Exploiting Trusted Applications (TAs) www.riscure.com/blog/samsung-investigation-part2 In this second blog post, we will continue to explore TEEGRIS by reverse engineering TAs in […]

Read More

Daily NCSC-FI news followup 2021-02-01

Someväitteiden mukaan Vastaamo-uhrien pankkitilejä tyhjennetty – todellisuudessa kyse lienee kierosta huijauksesta Nordean ja OP:n nimissä www.is.fi/digitoday/tietoturva/art-2000007776104.html Suomessa on meneillään kehittynyt OP:n ja Nordean nimissä tehtävä tietojenkalastelu, joka sattuu samaan aikaan Vastaamon asiakastietojen aktiivisen leviämisen kanssa. – Vastaamo-tiedoissa ei ole ollut sellaisia tietoja, jotka tämän mahdollistaisivat. Siellä ei ole ollut esimerkiksi käyttäjätunnus ja salasana -pareja tai […]

Read More

Daily NCSC-FI news followup 2019-09-02

Google White Hat Hackers Say Thousands of iPhones Have Been Hacked for Years www.pandasecurity.com/mediacenter/news/google-iphones-hacked/ Last week computer security specialists from Google announced that thousands of iPhones had been hacked using a vulnerability seen in almost every version from iOS 10 through to the latest version of iOS 12. Googles Project Zero team, a division of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.