Daily NCSC-FI news followup 2021-01-24

Listasimme verkkohuijausten uusimmat trendit ja keinoja niiden tunnistamiseen Moni huijaus tepsii aina uudestaan sillä kollektiivinen muisti unohtaa

yle.fi/uutiset/3-11721481 Lue myös: www.kuluttajaliitto.fi/hankkeet/huijarit-kuriin/

Your Password Isn’t Safe: The Danger Of An Inactive Zombie’ Account

www.forbes.com/sites/brookecrothers/2021/01/23/your-password-isnt-safe-the-danger-of-inactive-zombie-accounts/

WhatsApp BacklashStop Using Signal Or Telegram Until You Change These 4 Critical Settings

www.forbes.com/sites/zakdoffman/2021/01/23/stop-using-signal-and-telegram-until-you-change-settings-after-whatsapp-and-imessage-privacy-backlash/

SonicWall firewall maker hacked using zero-day in its VPN device

www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-hacked-using-zero-day-in-its-vpn-device/ Also:

www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/

Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants, Memo Says

www.nytimes.com/2021/01/22/us/politics/dia-surveillance-data.html The disclosure comes amid growing legislative scrutiny of how the government uses commercially available location records.

DDoSers are abusing Microsoft RDP to make attacks more powerful

arstechnica.com/information-technology/2021/01/ddosers-are-abusing-microsoft-rdp-to-make-attacks-more-powerful/ DDoS amplification attacks have abused all kinds of legit services. Now, it’s Windows.

Cyber criminals publish more than 4, 000 stolen Sepa files

www.bbc.co.uk/news/uk-scotland-55757884 Cyber criminals who stole thousands of digital files belonging to environmental regulator Sepa have published them on the internet. The public body had about 1.2GB of data stolen from its digital systems on Christmas Eve.

Hacker leaks data of 2.28 million dating site users

www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/#ftag=RSSbaffb68 Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.

You might be interested in …

Daily NCSC-FI news followup 2020-10-31

Code of Practice for Cyber Security and Safety in Engineering www.ncsc.gov.uk/news/code-of-practice-cyber-security-and-safety-in-engineering The Institution of Engineering and Technology has published a Code of Practice with the support of the NCSC. A Code of Practice to help the engineering sector implement effective cyber security has been published today. The Code, developed by the Institution of Engineering and […]

Read More

Daily NCSC-FI news followup 2021-03-24

Rauli Paananen: Tehdään kyberturvallisuudesta kansalaistaito ja vientituote www.erillisverkot.fi/rauli-paananen-tehdaan-kyberturvallisuudesta-kansalaistaito-ja-vientituote/ Asia on yhteinen: kansallinen kyberturvallisuus rakentuu viranomaisten, elinkeinoelämän, järjestöjen ja kansalaisten yhteistyönä. Tarvitsemme lisää suomalaista osaamista ja alan yritystoimintaa näille on kysyntää maailmallakin, kirjoittaa blogivieraamme valtion kyberturvallisuusjohtaja Rauli Paananen liikenne- ja viestintäministeriöstä. Microsoftin Exchange-palvelimen haavoittuvuudesta johtuvasta henkilötietojen tietoturvaloukkauksesta tulee ilmoittaa rekisteröidyille ja tietosuojavaltuutetun toimistolle tietosuoja.fi/-/microsoftin-exchange-palvelimen-haavoittuvuudesta-johtuvasta-henkilotietojen-tietoturvaloukkauksesta-tulee-ilmoittaa-rekisteroidyille-ja-tietosuojavaltuutetun-toimistolle Tietosuojavaltuutetun toimisto […]

Read More

Daily NCSC-FI news followup 2020-04-28

WordPress plugin bug lets hackers create rogue admin accounts www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/ WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw. The security vulnerability is a Cross-Site Request […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.