Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts

www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data.

Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking contest

www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest Many of today’s top software programs have been hacked using new and never-before-seen exploits at this year’s edition of the Tianfu Cup China’s largest and most prestigious hacking competition.

Many websites will stop working on older Android versions in 2021

www.androidpolice.com/2020/11/07/many-websites-will-stop-working-on-older-android-versions-in-2021 It took a long time, but most of the web now uses HTTPS to securely transmit information, partially thanks to a push by Google. However, this does mean that many websites could encounter issues (or fail to load entirely) if the proper certificates aren’t installed on your device, which is exactly what will happen to older Android devices next year. Lisäksi:

www.forbes.com/sites/daveywinder/2020/11/08/android-user-alert-how-to-stop-220-million-websites-from-breaking-in-2021/

Cryptojacking Targeting WebLogic TCP/7001

isc.sans.edu/diary/rss/26768 This past week got some interesting logs targeting TCP/7001 (WebLogic CVE-2020-14882 – see previous diary) looking to download and launch a shell script to install various cryptominer on the target. The shell script target SELINUX compatible hosts likely CentOS/RedHat, Ubuntu, etc to install various cryptominer applications.

You might be interested in …

Daily NCSC-FI news followup 2020-03-14

Etätyö kaatoi valtion salatun verkkoyhteyden työntekijöiltä estetään Facebookiin pääsy ensi viikolla yle.fi/uutiset/3-11255717 Moni työpaikka kehottaa nyt tekemään etätöitä koronaviruksen leviämisen estämiseksi. Salattuja eli VPN-verkkoyhteyksiä ei ole kuitenkaan suunniteltu siten, että suurin osa työntekijöistä olisi etätöissä. Silloin ne saattavat kaatua. Kapasiteettia kuormittaa käyttäjämäärän lisäksi se, mitä käyttäjät tekevät verkossa. Esimerkiksi videoiden katsominen kuormittaa verkkoa. Keskisuurissa ja […]

Read More

Daily NCSC-FI news followup 2020-12-25

SUNBURST Additional Technical Details www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated […]

Read More

Daily NCSC-FI news followup 2021-01-30

Trust is the key component of human-centric data economy impulssilvm.fi/2021/01/30/trust-is-the-key-component-of-human-centric-data-economy/ Data and digital innovation are vital for achieving public value, sustainable development goals, and tackling climate change, poverty and exclusion. In Finland, we speak of human-centric data economy, and you might wonder, why? It is because we believe that the critical raw material is not […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.