Daily NCSC-FI news followup 2020-11-19

Tahmaako netti? Liisa-myrskyn aiheuttamia tuhoja korjaillaan

www.tivi.fi/uutiset/tv/e78e181b-62f7-45cb-ac38-e30eee4f8017 Liisa-myrskyn aiheuttamat sähkökatkokset aiheuttavat parhaillaan häiriöitä matkapuhelinverkossa.

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

www.bankinfosecurity.com/accused-ringleader-fin7-hacking-group-pleads-guilty-a-15397 Andrii Kolpakov, who is a Ukrainian national, pleaded guilty to charges of conspiracy to commit wire fraud and conspiracy to commit computer hacking. He faces up to a 25-year federal prison term and a $500, 000 fine when he’s sentenced, federal prosecutors note.

US Food-Supply Giant Americold Admits Cyberattack

threatpost.com/food-supply-americold-cyberattack/161402/ Americold is the largest cold-storage provider in the U.S., and it owns and operates 183 temperature-controlled warehouses globally, including in Argentina, Australia, Canada and New Zealand; and just acquired a similar company in Europe.

IoT Cybersecurity Improvement Act Passed in the US, Heads to President’s Desk

threatpost.com/iot-cybersecurity-improvement-act-passed/161396/ The IoT Cybersecurity Improvement Act has several different parts. First, it mandates that NIST must issue standards-based guidelines for the minimum security of IoT devices that are owned by the federal government. Under the law, federal agencies must also implement a vulnerability-disclosure policy for IoT devices, and they cannot procure devices that don’t meet the security guidelines.

The UK’s new offensive cyber unit takes on organised crime and hostile states

www.zdnet.com/article/new-cyber-force-will-take-the-fight-to-organised-crime-and-hostile-states/ The National Cyber Force draws together experts from intelligence agency GCHQ, the Ministry of Defence, the Defence Science and Technology Laboratory, and the Secret Intelligence Service – MI6 – which will provide its “expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology”.

Evolution of Emotet: From Banking Trojan to Malware Distributor

thehackernews.com/2020/11/anyrun-emotet-malware-analysis.html Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses.

New Proposed DNS Security Features Released

www.darkreading.com/risk/new-proposed-dns-security-features-released/d/d-id/1339469?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Verisign’s R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.

Employee surveillance software demand increased as workers transitioned to home working

www.zdnet.com/article/employee-surveillance-software-demand-increased-as-workers-transitioned-to-home-working/ As people hunkered down to work from home during COVID-19, companies turned to employee surveillance software to track their staff. Of the most popular employee monitoring tools, 81% offer keystroke logging so that employers can see every click of the keyboard.

Meet the hackers who earn millions for saving the web: How bug bounties are changing cybersecurity

www.zdnet.com/article/meet-the-hackers-who-earn-millions-for-saving-the-web-how-bug-bounties-are-changing-cybersecurity/ These hackers are finding security bugs – and getting paid for it. That’s changing the dynamics of cybersecurity. According to HackerOne, which organised the events that Paxton-Fear attended and organises bug bounties for big businesses and government agencies, nine hackers have now earned more than $1m each in rewards for spotting vulnerabilities. Thirteen more have hit $500, 000 in lifetime earnings, and 146 hackers have now earned $100, 000 each.

You might be interested in …

Daily NCSC-FI news followup 2020-01-06

The Hidden Cost of Ransomware: Wholesale Password Theft krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Moral of the story: Companies that experience a ransomware attack or for that matter any type of equally invasive malware infestation should assume that all credentials stored anywhere on the local network (including those saved inside Web browsers and password managers) are compromised and need to […]

Read More

Daily NCSC-FI news followup 2019-07-21

Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’ www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#56b83da66b11 Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSBRussia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and […]

Read More

Daily NCSC-FI news followup 2019-11-24

CNAME Cloaking, the dangerous disguise of third-party trackers medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a What has started to happen in the last few months in the world of third-party tracking is having a major impact on peoples privacy, and it all stayed pretty much under the radar. How to Avoid Black Friday Scams Online www.wired.com/story/how-to-avoid-black-friday-scams-online/ Black Friday attracts crowds, and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.