Daily NCSC-FI news followup 2021-01-01

Inbox Attacks: The Miserable Year (2020) That Was

threatpost.com/miserable-spam-year-2020/162566/ Purging your inbox has become a year-end tradition for many. A short hiatus for the holidays often provides a quiet moment to flush the previous year’s mountain of spam. And, from the looks of our 2020 inbox, years of herculean efforts to harden email defenses have fallen short. The most-targeted business attack vector continues to be our inboxes.

The strangest cybersecurity events of 2020: a look back

blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/ This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020’s news stories were the pressure-cooker product of mania, chaos, and the downright absurd. “Murder hornets” made the journey to the US. Mystery seeds from China arrived in US mailboxes. The Pentagon officially released three videos of “unidentified aerial phenomena”which many interpreted as three videos of alien spacecraft.

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

thehackernews.com/2021/01/secret-backdoor-account-found-in.html Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products.

Would you take the bait? Take our phishing quiz to find out!

www.welivesecurity.com/2020/12/31/would-you-take-bait-phishing-quiz hishing comes in a number of forms and remains one of the most pervasive online scams, as both consumers and businesses face an incessant stream of unsolicited emails, texts and even phone calls where bad actors impersonate a trusted institution and attempt to purloin login data, money and identities.

You might be interested in …

Daily NCSC-FI news followup 2020-06-27

DarkCrewFriends Returns with Botnet Strategy threatpost.com/darkcrewfriends-returns-botnet/156963/ The botnet can be used to mount different kinds of attacks, including code-execution and DDoS. 8 U.S. City Websites Targeted in Magecart Attacks threatpost.com/8-city-gov-websites-magecart/156954/ Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. Admin of carding portal behind $568M […]

Read More

Daily NCSC-FI news followup 2020-10-19

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and. indictment www.justice.gov/opa/press-release/file/1328521/download. see also www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able […]

Read More

Daily NCSC-FI news followup 2019-11-20

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems www.wired.com/story/iran-apt33-industrial-control-systems/ The recent shift away from IT networks raises the possibility that Irans APT33 is exploring physically disruptive cyberattacks on critical infrastructure. Ransomware Gangs Adopt APT Tactics in Targeted Attacks www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/ Ransomware operators are moving away from mass volume attacks and partnering with specialists who […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.