Daily NCSC-FI news followup 2020-11-29

Hacker Lexicon: What Is the Signal Encryption Protocol?

www.wired.com/story/signal-encryption-protocol-hacker-lexicon/ LAST WEEK, WITH little fanfare, Google announced a change that could soon make its 2 billion Android users worldwide far harder to surveil: The tech giant says it’s rolling out a beta version of its Android messaging app that will now use end-to-end encryption by default. That level of encryption, while limited to one-on-one conversations, is designed to prevent anyone else from eavesdroppingnot phone carriers, not intelligence agencies, not a hacker who has taken over the local Wi-Fi router, not even Google itself will have the keys to decrypt and read those billions of messages.. The news isn’t just a win for global privacy. It’s also a win for one particular encryption system: the Signal protocol, which is well on its way to accounting for a majority of the world’s real-time text conversations.

Älypuhelimeen saa ujutettua haittaohjelman tavalla, jota useimmat eivät tule ajatelleeksi

www.is.fi/digitoday/tietoturva/art-2000007646405.html Älypuhelimen kameralla skannattavat qr-koodit, eli neliönmuotoiset hieroglyfit ovat yleinen tapa avata esimerkiksi verkkosivu puhelimen selaimessa. Tämän tietävät myös rikolliset, tietoturvayhtiö Check Point varoittaa. On muistettava, ettei qr-koodi ole muuta kuin nopea ja kätevä tapa käyttää nettipalveluja. Emme voi olla varmoja, että koodi on aito ennen kuin olemme jo skannanneet sen ja silloin hyökkäys on jo voinut käynnistyä, toteaa Check Point Softwaren Suomen maajohtaja Sampo Vehkaoja tiedotteessa.

Quick Tip: Using JARM With a SOCKS Proxy

isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/ Rik talked about JARM yesterday “Threat Hunting with JARM”. JARM is a tool to fingerprint TLS servers. I made some changes to the JARM code to support a SOCKS proxy.

The Top 20 Cybersecurity Startups To Watch In 2021 Based On Crunchbase

www.forbes.com/sites/louiscolumbus/2020/11/29/the-top-20-cybersecurity-startups-to-watch-in-2021-based-on-crunchbase/ Today, 797 cybersecurity, privacy and security startups have received a total of $10.73 billion so far this year, with $4.6 million being the median funding round and $17.5 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 25 cybersecurity startups are all based on Crunchbase Pro analysis done today. New startups and established vendors are attracting record levels of investment as all organizations look to thwart increasingly complex, costly and unpredictable cyberattacks.

HS: Kansainvälinen sijoitushuijausverkosto vienyt suomalaisilta kymmeniätuhansia euroja

yle.fi/uutiset/3-11671748? Sadat suomalaiset ovat menettäneet merkittäviä summia rahaa bitcoin-sijoitushuijausverkoston uhreina. Näin kertoo Helsingin Sanomat, joka on selvittänyt asiaa kansainvälisen toimittajaryhmän kanssa. HS:n lainaamien viranomaisarvioiden mukaan suomalaisten menetykset nousevat kymmeniintuhansiin euroihin. Maailmanlaajuisesti huijauksen uhreilta on kiskottu vuosittain miljardeja euroja.

Pennsylvania county pays 500K ransom to DoppelPaymer ransomware

www.bleepingcomputer.com/news/security/pennsylvania-county-pays-500k-ransom-to-doppelpaymer-ransomware/ Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. On Monday, Delaware County disclosed that they had taken portions of their computer network offline after discovering that their network was compromised. “The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems,” the Delaware County alert stated.

You might be interested in …

Daily NCSC-FI news followup 2021-07-24

Internet Futures www.ofcom.org.uk/__data/assets/pdf_file/0013/222205/internet-futures.pdf This report should not be seen as an exhaustive list of every innovative technology being developed. Indeed, it can be no more than a sample of the high-quality ongoing research work being conducted in industry and academia. Further, the omission or inclusion of any technology shouldnt be taken as a signal of […]

Read More

Daily NCSC-FI news followup 2021-08-03

Five Southeast Asian telcos hacked by three different Chinese espionage groups therecord.media/five-southeast-asian-telcos-hacked-by-three-different-chinese-espionage-groups/ At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups. “These are global telcos with tens of millions of customers, ” Assaf Dahan, Senior Director and Head of Threat Research at security […]

Read More

Daily NCSC-FI news followup 2021-09-23

KRP varoittaa ovelasta Omakanta-huijauksesta toimi näin suojautuaksesi www.is.fi/digitoday/tietoturva/art-2000008285667.html Poliisi kehottaa noudattamaan varovaisuutta pankkitunnuksilla sähköiseen palveluun kirjauduttaessa. VoIP company battles massive ransom DDoS attack www.zdnet.com/article/voip-company-battles-massive-ransom-ddos-attack/ VoIP company battles massive ransom DDoS attack. katso myös www.is.fi/digitoday/art-2000008284709.html FamousSparrow: A suspicious hotel guest www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/ ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide. […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.