Daily NCSC-FI news followup 2020-11-19

Tahmaako netti? Liisa-myrskyn aiheuttamia tuhoja korjaillaan

www.tivi.fi/uutiset/tv/e78e181b-62f7-45cb-ac38-e30eee4f8017 Liisa-myrskyn aiheuttamat sähkökatkokset aiheuttavat parhaillaan häiriöitä matkapuhelinverkossa.

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

www.bankinfosecurity.com/accused-ringleader-fin7-hacking-group-pleads-guilty-a-15397 Andrii Kolpakov, who is a Ukrainian national, pleaded guilty to charges of conspiracy to commit wire fraud and conspiracy to commit computer hacking. He faces up to a 25-year federal prison term and a $500, 000 fine when he’s sentenced, federal prosecutors note.

US Food-Supply Giant Americold Admits Cyberattack

threatpost.com/food-supply-americold-cyberattack/161402/ Americold is the largest cold-storage provider in the U.S., and it owns and operates 183 temperature-controlled warehouses globally, including in Argentina, Australia, Canada and New Zealand; and just acquired a similar company in Europe.

IoT Cybersecurity Improvement Act Passed in the US, Heads to President’s Desk

threatpost.com/iot-cybersecurity-improvement-act-passed/161396/ The IoT Cybersecurity Improvement Act has several different parts. First, it mandates that NIST must issue standards-based guidelines for the minimum security of IoT devices that are owned by the federal government. Under the law, federal agencies must also implement a vulnerability-disclosure policy for IoT devices, and they cannot procure devices that don’t meet the security guidelines.

The UK’s new offensive cyber unit takes on organised crime and hostile states

www.zdnet.com/article/new-cyber-force-will-take-the-fight-to-organised-crime-and-hostile-states/ The National Cyber Force draws together experts from intelligence agency GCHQ, the Ministry of Defence, the Defence Science and Technology Laboratory, and the Secret Intelligence Service – MI6 – which will provide its “expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology”.

Evolution of Emotet: From Banking Trojan to Malware Distributor

thehackernews.com/2020/11/anyrun-emotet-malware-analysis.html Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses.

New Proposed DNS Security Features Released

www.darkreading.com/risk/new-proposed-dns-security-features-released/d/d-id/1339469?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Verisign’s R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.

Employee surveillance software demand increased as workers transitioned to home working

www.zdnet.com/article/employee-surveillance-software-demand-increased-as-workers-transitioned-to-home-working/ As people hunkered down to work from home during COVID-19, companies turned to employee surveillance software to track their staff. Of the most popular employee monitoring tools, 81% offer keystroke logging so that employers can see every click of the keyboard.

Meet the hackers who earn millions for saving the web: How bug bounties are changing cybersecurity

www.zdnet.com/article/meet-the-hackers-who-earn-millions-for-saving-the-web-how-bug-bounties-are-changing-cybersecurity/ These hackers are finding security bugs – and getting paid for it. That’s changing the dynamics of cybersecurity. According to HackerOne, which organised the events that Paxton-Fear attended and organises bug bounties for big businesses and government agencies, nine hackers have now earned more than $1m each in rewards for spotting vulnerabilities. Thirteen more have hit $500, 000 in lifetime earnings, and 146 hackers have now earned $100, 000 each.

You might be interested in …

Daily NCSC-FI news followup 2019-07-25

The Unsexy Threat to Election Security krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/ Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and […]

Read More

Daily NCSC-FI news followup 2020-11-18

Hackers are actively probing millions of WordPress sites www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/ Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150, 000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Hacking group exploits ZeroLogon in automotive, industrial attack wave www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/ The active cyberattack is thought […]

Read More

Daily NCSC-FI news followup 2020-07-11

Trump confirms US conducted cyberattack against Russia in 2018 edition.cnn.com/2020/07/10/politics/donald-trump-us-russia-cyberattack/index.html President Donald Trump, for the first time, confirmed the US conducted a covert cyberattack in 2018 against Russia’s Internet Research Agency. Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/ A California jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.