Daily NCSC-FI news followup 2021-01-16

BugTraq Shutdown

www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also:

www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years/

Massive stolen credit card shop Joker’s Stash shuts down

www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month. The company says that Joker’s Stash added more than 40 million new card records over the past year, most of them from physical transactions at a point-of-sale. Gemini Advisory estimates that Joker’s Stash made more than $1 billion from selling stolen credit card data.

NSA Releases Guidance on Encrypted DNS in Enterprise Environments

us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors. PDF:

media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF

You might be interested in …

Daily NCSC-FI news followup 2021-02-28

Bombardier Blindsided By Extortion Threat After Hackers Breach Server www.forbes.com/sites/leemathews/2021/02/27/bombardier-blindsided-by-extortion-threat-after-hackers-breach-server/ It seems likely that the attackers intent was never to launch a more sophisticated and lucrative attack. Instead they sought to use a fresh exploit to hit as many Accellion FTA customers as quickly as possible. A 2020 Go Malware Round-Up www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf In the last […]

Read More

Daily NCSC-FI news followup 2020-09-10

Viranomainen varoittaa huijausviestistä – varo tätä sähköpostia www.is.fi/digitoday/tietoturva/art-2000006630773.html Apple ID -tunnusten kalastelu on nyt aktiivista. Huijauksen mukaan vastaanottajan Apple ID:tä olisi käytetty luvattomasti muualla Applen iCloud-palveluun kirjautumiseksi. Tämän väitetään tapahtuneen Moskovasta käsin. Mukana on keinotekoinen ip-osoite sekä päivämäärä ja kellonaika. Ne saattavat vaihdella viestistä toiseen. Katso myös meidän twiitti: https://twitter.com/CERTFI/status/1303604786361774080 Ransomware accounted for 41% of […]

Read More

Daily NCSC-FI news followup 2020-11-26

ENISA Report Highlights Resilience of Telecom Sector in Facing the Pandemic www.enisa.europa.eu/news/enisa-news/telecom-security-and-resilience-during-covid19 ENISA is releasing its Telecom Security During a Pandemic report at the 32nd meeting of EU telecom security authorities. Underlining the current strength of the sector in the face of the pandemic, the report also calls for increased cooperation, as telecommunications become more […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.