Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware

www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi:

www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/

Recently fixed Windows zero-day actively exploited since mid-2020

www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – – Windows Win32k Elevation of Privilege Vulnerability.’

Scoop: Sequoia Capital says it was hacked

www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee’s email was successfully phished, Axios has learned.

Zero Trust is not a security solution. It’s a strategy

www.zdnet.com/article/zero-trust-is-not-a-security-solution-its-a-strategy One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.”

Malformed URL Prefix Phishing Attacks Spike 6, 000%

threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Researchers from GreatHorn report they have observed a nearly 6, 000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL.

Active Cyber Defence (ACD) – The Third Year

www.ncsc.gov.uk/report/acd-report-year-three The Active Cyber Defence (ACD) programme’s aim is to Protect the majority of people in the UK from the majority of harm caused by the majority of cyber attacks the majority of the time.’

North Korean hackers charged with $1.3 billion of cyberheists

blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/ The US Department of Justice recently unsealed indictments detailing North Korea’s involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states.

You might be interested in …

Daily NCSC-FI news followup 2019-07-08

Croatia government agencies targeted with news SilentTrinity malware securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. The SilentTrinity malware can take control over an infected computer, it allows attackers to execute arbitrary commands.. Between February […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.