Google fixes Chrome zero-day actively exploited in the wild
www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/ Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.
Eletrobras, Copel energy companies hit by ransomware attacks
www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/ Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week.
Microsoft warns of increasing OAuth Office 365 phishing attacks
www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/ Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.
SitePoint discloses data breach after stolen info used in attacks
www.bleepingcomputer.com/news/security/sitepoint-discloses-data-breach-after-stolen-info-used-in-attacks/ The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
Launching OSV – Better vulnerability triage for open source
security.googleblog.com/2021/02/launching-osv-better-vulnerability.html We are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for developers and consumers of open source software. The goal of OSV is to provide precise data on where a vulnerability was introduced and where it got fixed, thereby helping consumers of open source software accurately identify if they are impacted and then make security fixes as . quickly as possible.
Näin toimii Suomessa nähty kiero verkkopankkihuijaus tunnusluvulla suojautuminen ei auta, uhri hyväksyy itse rahasiirron
www.is.fi/digitoday/tietoturva/art-2000007784669.html Mies välissä- eli väliintulohyökkäyksellä pankkitili voidaan tyhjentää, vaikka käytössä on tunnuslukulaite tai -sovellus.
The Great Suspender Chrome extension’s fall from grace
www.bleepingcomputer.com/news/software/the-great-suspender-chrome-extensions-fall-from-grace/ Google has forcibly uninstalled the immensely popular ‘The Great Suspender’ extension from Google Chrome and classified it as malware.
Mozilla fixes Windows 10 NTFS corruption bug in Firefox
www.bleepingcomputer.com/news/software/mozilla-fixes-windows-10-ntfs-corruption-bug-in-firefox/ Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser.
Hackers post detailed patient medical records from two hospitals to the dark web
www.nbcnews.com/tech/security/hackers-post-detailed-patient-medical-records-two-hospitals-dark-web-n1256887 The files, which number in at least the tens of thousands, includes patients personal identifying information.
They Stormed the Capitol. Their Apps Tracked Them.
www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html Times Opinion was able to identify individuals from a trove of leaked smartphone location data.
Microsoft delays disabling Basic Authentication for several Exchange Online protocols ‘until further notice’
www.theregister.com/2021/02/05/exchange_online_basic_authentication/ Insists ‘We’re not backtracking’ as tenants given longer to move to something more secure. Microsoft has shifted gears on plans to disable Basic Authentication for five Exchange Online protocols this year, provided your tenant is actually using them.
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
threatpost.com/spotify-credential-stuffing-cyberattack/163672/ As many as 100,000 of the music streaming services customers could face account takeover.. Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.
Industrial Networks See Sharp Uptick in Hackable Security Holes
threatpost.com/industrial-networks-hackable-security-holes/163708/ Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks.. The report analyzed all publicly disclosed vulnerabilities in ICS networks in the second half of 2020 and found a nearly 33 percent increase in ICS disclosures over 2018, both from organizations like Claroty and from independent researchers.. Report:
security.claroty.com/biannual-ics-risk-vulnerability-report-2H-2020
NCIJTF Releases Ransomware Factsheet
us-cert.cisa.gov/ncas/current-activity/2021/02/05/ncijtf-releases-ransomware-factsheet The National Cyber Investigative Joint Task Force (NCIJTF) has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques.
