Daily NCSC-FI news followup 2020-10-20

Ruotsi rajaa kiinalaisyhtiöiden tekniikan pois 5G-verkostaan turvallisuuspoliisin ja puolustusvoimien suosituksesta

yle.fi/uutiset/3-11603515 Ruotsi on päättänyt estää Huawein ja ZTE:n tekniikan käyttämisen maan 5G-verkkoa rakennettaessa. Kyseessä ovat kiinalaiset yhtiöt.. katso myös www.is.fi/digitoday/mobiili/art-2000006675870.html

NSA: Top 25 vulnerabilities actively abused by Chinese hackers

www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/ The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests.. see also

media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

Seven mobile browsers vulnerable to address bar spoofing attacks

www.zdnet.com/article/seven-mobile-browsers-vulnerable-to-address-bar-spoofing-attacks/ Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar.

Facebook: A Top Launching Pad For Phishing Attacks

threatpost.com/facebook-launching-pad-phishing-attacks/160351/ Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks including a recent strike on a half-million Facebook users.

Adobe fixes 18 critical bugs affecting its Windows, macOS apps

www.bleepingcomputer.com/news/security/adobe-fixes-18-critical-bugs-affecting-its-windows-macos-apps/ The software products patched today by Adobe include Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo.

Coinbase phishing hijacks Microsoft 365 accounts via OAuth app

www.bleepingcomputer.com/news/microsoft/coinbase-phishing-hijacks-microsoft-365-accounts-via-oauth-app/ A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim’s email.

Google removes two Chrome ad blockers caught collecting user data

www.zdnet.com/article/google-removes-two-chrome-ad-blockers-caught-collecting-user-data/ Nano Adblocker and Nano Defender have been removed from the official Chrome Web Store.

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

threatpost.com/pharma-pfizer-leaks-prescription-call-transcripts/160354/ Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.

Mirai-alike Python Scanner

isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/

Barnes & Noble hit by Egregor ransomware, strange data leaked

www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/ The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack.

You might be interested in …

Daily NCSC-FI news followup 2019-07-10

Lapin Kansa: Kemin kaupungin tietoliikenneverkossa poikkeuksellisen pitkä vikatilanne syytä selvitetään www.lapinkansa.fi/lappi/kemin-kaupungin-tietoliikenneverkossa-poikkeuksellisen-pitka-vikatilanne-syyta-selvitetaan-3596802/ Zoom reverses course to kill off Mac local web server www.zdnet.com/article/zoom-reverses-course-to-kill-off-mac-local-web-server/ Less than a day after backing its approach to get around Safari restrictions on Mac, Zoom’s local web server is no more. New FinSpy iOS and Android implants revealed ITW securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/ FinSpy is […]

Read More

Daily NCSC-FI news followup 2019-12-13

G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike […]

Read More

Daily NCSC-FI news followup 2019-12-03

An Update on Android TLS Adoption security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html Today, were happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default. Critical Android Flaw Leads to Permanent DoS threatpost.com/google-critical-android-permanent-dos-flaw/150764/ The December security update stomped […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.