France Ties Russia’s Sandworm to a Multiyear Hacking Spree
www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.”. In fact, DomainTools’ Slowik says the intrusions instead appear to have been carried out simply by exploiting internet-facing servers running Centreon’s software inside the victims’ networks.
North Korea may have hacked into Pfizer servers looking for COVID data
arstechnica.com/gadgets/2021/02/north-korea-may-have-hacked-into-pfizer-servers-looking-for-covid-data/ South Korea’s NIS warned lawmakers of Russian and North Korean hacking activity.
Beware of COVID19 vaccine scams and misinformation
www.welivesecurity.com/2021/02/16/beware-covid19-vaccine-scams-misinformation/ The vaccination push provides a vital shot in the arm for the worlds battle against the pandemic, but it’s also a topic ripe for exploitation by fraudsters and purveyors of misinformation
Kia Motors America experiences massive IT outage across the US
www.bleepingcomputer.com/news/security/kia-motors-america-experiences-massive-it-outage-across-the-us/ Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.. One Twitter user shared that they could not pick up their car due to a ransomware attack taking down Kia’s systems.
Malvertisers exploited browser zero-day to redirect users to scams
www.bleepingcomputer.com/news/security/malvertisers-exploited-browser-zero-day-to-redirect-users-to-scams/ The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.
Misconfigured Baby Monitors Allow Unauthorized Viewing
threatpost.com/baby-monitors-unauthorized-viewing/163982/ Hundreds of thousands of individuals are potentially affected by this vulnerability.. The issue exists in the manufacturers implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. Its possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.
How DNS-over-HTTPS (DoH) has Changed the Threat Landscape For Companies
quointelligence.eu/2021/02/dns-over-https-doh/ DNS-over-HTTPS (DoH) protocol is now offered and in some instances standard, in major Internet browsers. DoH provides the benefit of communicating DNS information over a secure HTTPS connection in an encrypted manner. . The protocol offers increased privacy for home-users but presents new challenges for enterprise networks and new opportunities for malicious actors. In order to prevent evolving threats from malware authors, organizations should stay updated and follow the latest security recommendations.
Supply chain attacks are on the rise: Check your software build pipeline security
www.zdnet.com/article/supply-chain-attacks-are-on-the-rise-check-your-software-build-pipeline-security/ Defending against supply chain attacks is more than trying to stop the theft of encryption keys to access protected cloud resources.
Recordhigh number of vulnerabilities reported in 2020
www.welivesecurity.com/2021/02/15/record-breaking-number-vulnerabilities-reported-2020/ High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior
LähiTapiola päästi hakkerit käymään konttorillaan turvakamerasta löytyi ikävä haavoittuvuus
www.tivi.fi/uutiset/tv/e46db25d-4b6f-459b-96b5-065bc4fced8f Järjestyksessään 11. Hack Day toteutettiin koronarajoitusten puitteissa.
This cybersecurity threat costs business millions. And it’s the one they often forget about
www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ Phishing emails that dupe users into sending cyber criminals wire transfers is by far the most lucrative form of cybercrime – here’s what you need to know.
DDoS attacks in Q4 2020
securelist.com/ddos-attacks-in-q4-2020/100650/
Introducing DNS Shotgun
en.blog.nic.cz/2021/02/16/introducing-dns-shotgun/ DNS Shotgun is a bechmarking tool specifically developed for realistic performance testing of DNS resolvers. Its goal is to simulate real clients and their behaviour, including timing of queries and realistic connection management, which are areas where traditional tools are lacking.
Bluetooth Overlay Skimmer That Blocks Chip
krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/ I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminals ability to read chip-based cards, forcing customers to swipe the stripe instead.