Daily NCSC-FI news followup 2021-02-07

Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge

www.theregister.com/2021/02/07/in_brief_security/ Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more. Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits.

Nettirikolliset etsivät LinkedInistä tietoa ja iskevät tietoturvan merkitys ymmärretään vasta, kun vahinko on tapahtunut

www.tivi.fi/uutiset/tv/0301ce3c-13a4-487d-8cc4-5a41d10d7ff8 Poliisi toivoo yrittäjille lisää koulutusta yritysturvallisuudesta. Niin sanottujen toimitusjohtajapetosten rikoshyöty oli viime vuonna ainakin 6, 7 miljoonaa euroa. Poliisi kirjasi niistä yhteensä 414 rikosilmoitusta.

This Flash Player emulator lets you securely play your old games

www.bleepingcomputer.com/news/software/this-flash-player-emulator-lets-you-securely-play-your-old-games/ A Flash Player emulator called ‘Ruffle’ allows you to play your archived Flash games without fear of being attacked as you browse the web.

Barcode Scanner app on Google Play infects 10 million users with one update

blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ After an update in December, Barcode Scanner had gone from an innocent scanner to full on malware! Although Google has already pulled this app, we predict from a cached Google Play webpage that the update occurred on December 4th, 2020.

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/ Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.

New phishing attack uses Morse code to hide malicious URLs

www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things

www.forbes.com/sites/chuckbrooks/2021/02/07/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things/

Ziggy ransomware shuts down and releases victims’ decryption keys

www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/ The Ziggy ransomware operation has shut down and released the victims’ decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.

A Swiss Company Says It Found Weakness That Imperils Encryption

www.bloombergquint.com/onweb/a-swiss-company-says-it-found-weakness-that-imperils-encryption Now, a Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption. The company believes it’s found a security weakness that could jeopardize the confidentiality of the world’s internet data, banking transactions and emails. The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum

You might be interested in …

Daily NCSC-FI news followup 2021-04-14

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation.. see […]

Read More

Daily NCSC-FI news followup 2020-11-07

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Lisäksi: www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/ New Pay2Key ransomware encrypts networks within one […]

Read More

Daily NCSC-FI news followup 2020-06-19

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy krebsonsecurity.com/2020/06/fema-it-specialist-charged-in-id-theft-tax-refund-fraud-conspiracy/ An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.