Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts

www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data.

Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking contest

www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest Many of today’s top software programs have been hacked using new and never-before-seen exploits at this year’s edition of the Tianfu Cup China’s largest and most prestigious hacking competition.

Many websites will stop working on older Android versions in 2021

www.androidpolice.com/2020/11/07/many-websites-will-stop-working-on-older-android-versions-in-2021 It took a long time, but most of the web now uses HTTPS to securely transmit information, partially thanks to a push by Google. However, this does mean that many websites could encounter issues (or fail to load entirely) if the proper certificates aren’t installed on your device, which is exactly what will happen to older Android devices next year. Lisäksi:

www.forbes.com/sites/daveywinder/2020/11/08/android-user-alert-how-to-stop-220-million-websites-from-breaking-in-2021/

Cryptojacking Targeting WebLogic TCP/7001

isc.sans.edu/diary/rss/26768 This past week got some interesting logs targeting TCP/7001 (WebLogic CVE-2020-14882 – see previous diary) looking to download and launch a shell script to install various cryptominer on the target. The shell script target SELINUX compatible hosts likely CentOS/RedHat, Ubuntu, etc to install various cryptominer applications.

You might be interested in …

Daily NCSC-FI news followup 2020-11-28

Europol and partners thwart massive credit card fraud scheme www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/ Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around 40 million (US$48 million) in losses for both consumers and financial organizations. The operation, dubbed Carding Action 2020, was carried […]

Read More

Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher […]

Read More

Daily NCSC-FI news followup 2019-09-14

Using Docker to Do Machine Learning at Scale www.crowdstrike.com/blog/using-docker-to-do-machine-learning-at-scale/ One key building block we use for scaling our machine learning models at CrowdStrike® is Docker containers. Docker containers let us construct application environments with all the dependencies, tools and security our teams need in an easy to maintain pipeline. This ensures that everyone on the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.