Daily NCSC-FI news followup 2021-01-01

Inbox Attacks: The Miserable Year (2020) That Was

threatpost.com/miserable-spam-year-2020/162566/ Purging your inbox has become a year-end tradition for many. A short hiatus for the holidays often provides a quiet moment to flush the previous year’s mountain of spam. And, from the looks of our 2020 inbox, years of herculean efforts to harden email defenses have fallen short. The most-targeted business attack vector continues to be our inboxes.

The strangest cybersecurity events of 2020: a look back

blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/ This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020’s news stories were the pressure-cooker product of mania, chaos, and the downright absurd. “Murder hornets” made the journey to the US. Mystery seeds from China arrived in US mailboxes. The Pentagon officially released three videos of “unidentified aerial phenomena”which many interpreted as three videos of alien spacecraft.

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

thehackernews.com/2021/01/secret-backdoor-account-found-in.html Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.

Would you take the bait? Take our phishing quiz to find out!

www.welivesecurity.com/2020/12/31/would-you-take-bait-phishing-quiz hishing comes in a number of forms and remains one of the most pervasive online scams, as both consumers and businesses face an incessant stream of unsolicited emails, texts and even phone calls where bad actors impersonate a trusted institution and attempt to purloin login data, money and identities.

Daily NCSC-FI news followup 2021-05-31

NSA spied on European politicians through Danish telecommunications hub therecord.media/nsa-spied-on-european-politicians-through-danish-telecommunications-hub/ Denmark’s foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe’s biggest news agencies revealed on Sunday. The covert spying […]

Daily NCSC-FI news followup 2021-05-26

North Korean (LAZARUS) hackers behind CryptoCore multi-million dollar heists www.bleepingcomputer.com/news/security/north-korean-hackers-behind-cryptocore-multi-million-dollar-heists/ Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. Full report as PDF: www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf Russian Hydra DarkNet Market Made Over $1.3 Billion in […]

Daily NCSC-FI news followup 2021-05-20

China could soon have stronger privacy laws than the U.S. www.protocol.com/china/china-privacy-laws-surpass-usa In late April, China unveiled the second draft of the country’s privacy law, the Personal Information Protection Law, for public comment. The law is expected to pass by the end of the year, and would shield Chinese internet users from excessive data collection and […]