Daily NCSC-FI news followup 2021-01-24

Listasimme verkkohuijausten uusimmat trendit ja keinoja niiden tunnistamiseen Moni huijaus tepsii aina uudestaan sillä kollektiivinen muisti unohtaa

yle.fi/uutiset/3-11721481 Lue myös: www.kuluttajaliitto.fi/hankkeet/huijarit-kuriin/

Your Password Isn’t Safe: The Danger Of An Inactive Zombie’ Account


WhatsApp BacklashStop Using Signal Or Telegram Until You Change These 4 Critical Settings


SonicWall firewall maker hacked using zero-day in its VPN device

www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-hacked-using-zero-day-in-its-vpn-device/ Also:


Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants, Memo Says

www.nytimes.com/2021/01/22/us/politics/dia-surveillance-data.html The disclosure comes amid growing legislative scrutiny of how the government uses commercially available location records.

DDoSers are abusing Microsoft RDP to make attacks more powerful

arstechnica.com/information-technology/2021/01/ddosers-are-abusing-microsoft-rdp-to-make-attacks-more-powerful/ DDoS amplification attacks have abused all kinds of legit services. Now, it’s Windows.

Cyber criminals publish more than 4, 000 stolen Sepa files

www.bbc.co.uk/news/uk-scotland-55757884 Cyber criminals who stole thousands of digital files belonging to environmental regulator Sepa have published them on the internet. The public body had about 1.2GB of data stolen from its digital systems on Christmas Eve.

Hacker leaks data of 2.28 million dating site users

www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/#ftag=RSSbaffb68 Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.

You might be interested in …

Daily NCSC-FI news followup 2020-04-28

WordPress plugin bug lets hackers create rogue admin accounts www.bleepingcomputer.com/news/security/wordpress-plugin-bug-lets-hackers-create-rogue-admin-accounts/ WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw. The security vulnerability is a Cross-Site Request […]

Read More

Daily NCSC-FI news followup 2020-12-06

Running in Circles – Uncovering the Clients of Cyberespionage Firm Circles citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ The public discussion around surveillance and tracking largely focuses on well known technical means, such as targeted hacking and network interception. However, other forms of surveillance are regularly and extensively used by governments and third parties to engage in cross-border surveillance and monitoring. […]

Read More

Daily NCSC-FI news followup 2020-04-08

COVID-19 Exploited by Malicious Cyber Actors www.us-cert.gov/ncas/alerts/aa20-099a This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.. This is a joint alert from the United […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.