Daily NCSC-FI news followup 2021-02-07

Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge

www.theregister.com/2021/02/07/in_brief_security/ Plus: British Mensa in data leak blunder, DARPA are Star Wars fans, Sonicwall patch out, and more. Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits.

Nettirikolliset etsivät LinkedInistä tietoa ja iskevät tietoturvan merkitys ymmärretään vasta, kun vahinko on tapahtunut

www.tivi.fi/uutiset/tv/0301ce3c-13a4-487d-8cc4-5a41d10d7ff8 Poliisi toivoo yrittäjille lisää koulutusta yritysturvallisuudesta. Niin sanottujen toimitusjohtajapetosten rikoshyöty oli viime vuonna ainakin 6, 7 miljoonaa euroa. Poliisi kirjasi niistä yhteensä 414 rikosilmoitusta.

This Flash Player emulator lets you securely play your old games

www.bleepingcomputer.com/news/software/this-flash-player-emulator-lets-you-securely-play-your-old-games/ A Flash Player emulator called ‘Ruffle’ allows you to play your archived Flash games without fear of being attacked as you browse the web.

Barcode Scanner app on Google Play infects 10 million users with one update

blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ After an update in December, Barcode Scanner had gone from an innocent scanner to full on malware! Although Google has already pulled this app, we predict from a cached Google Play webpage that the update occurred on December 4th, 2020.

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/ Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.

New phishing attack uses Morse code to hide malicious URLs

www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/ A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things

www.forbes.com/sites/chuckbrooks/2021/02/07/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things/

Ziggy ransomware shuts down and releases victims’ decryption keys

www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/ The Ziggy ransomware operation has shut down and released the victims’ decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.

A Swiss Company Says It Found Weakness That Imperils Encryption

www.bloombergquint.com/onweb/a-swiss-company-says-it-found-weakness-that-imperils-encryption Now, a Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption. The company believes it’s found a security weakness that could jeopardize the confidentiality of the world’s internet data, banking transactions and emails. The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum

You might be interested in …

Daily NCSC-FI news followup 2020-03-24

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop www.fortinet.com/blog/threat-research/fortinet-security-researcher-discovers-multiple-critical-vulnerabilities-in-adobe-photoshop.html This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. […]

Read More

Daily NCSC-FI news followup 2020-10-29

Why the extortion of Vastaamo matters far beyond Finland and how cyber pros are responding www.cyberscoop.com/finland-vastaamo-hack-response/ Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual and disturbing. Kyberturvallisuusprofessori vaatii kansallista selvitysryhmää penkomaan Vastaamon vuotoa www.tivi.fi/uutiset/tv/cd1d113a-f573-406a-9aa5-ad59bb17c117 Psykoterapiakeskuksen tietomurto ja kansalaisten laaja kiristys ovat kansallinen kriisitilanne, katsoo kyberturvallisuuden […]

Read More

Daily NCSC-FI news followup 2020-02-14

U.S. Charges Huawei with Stealing Trade Secrets from 6 Companies thehackernews.com/2020/02/united-states-china-huawei.html The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. North […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.