Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware

www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi:

www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/

Recently fixed Windows zero-day actively exploited since mid-2020

www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – – Windows Win32k Elevation of Privilege Vulnerability.’

Scoop: Sequoia Capital says it was hacked

www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee’s email was successfully phished, Axios has learned.

Zero Trust is not a security solution. It’s a strategy

www.zdnet.com/article/zero-trust-is-not-a-security-solution-its-a-strategy One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.”

Malformed URL Prefix Phishing Attacks Spike 6, 000%

threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Researchers from GreatHorn report they have observed a nearly 6, 000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL.

Active Cyber Defence (ACD) – The Third Year

www.ncsc.gov.uk/report/acd-report-year-three The Active Cyber Defence (ACD) programme’s aim is to Protect the majority of people in the UK from the majority of harm caused by the majority of cyber attacks the majority of the time.’

North Korean hackers charged with $1.3 billion of cyberheists

blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/ The US Department of Justice recently unsealed indictments detailing North Korea’s involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states.

You might be interested in …

Daily NCSC-FI news followup 2021-02-02

Liikkeellä erittäin uskottavia huijaussivuja älä mene verkkopankkiin Google-haun kautta www.finanssiala.fi/uutismajakka/Sivut/Liikkeella-uskottavia-huijaussivuja-ala-mene-verkkopankkiin-Google-haun-kautta.aspx Huijarit pyrkivät tällä hetkellä erittäin aktiivisesti verkkopankkeihin tuttujen sähköpostilinkkien avulla. Lisäksi pankit ovat havainneet uuden huijauskampanjan, jossa rikolliset ovat tavalla tai toisella saaneet ujutettua huijaussivustojaan Googlen hakutuloksiin. Pankeista neuvotaan, että ainakaan toistaiseksi ei kannata mennä verkkopankkiin hakemalla pankkinsa nimeä Googlesta, vaan kirjoittamalla osoite selaimen osoitekenttään. […]

Read More

Daily NCSC-FI news followup 2020-07-01

Experts: COVID Multiplying Risks To Critical Infrastructure www.forbes.com/sites/paulfroberts/2020/07/01/experts-covid-multiplying-risks-to-critical-infrastructure/ Former DHS Secretary Michael Chertoff warned on Tuesday that changes wrought by the COVID global pandemic are exacerbating vulnerabilities in the global economy, including the risk of crippling cyber attacks on critical infrastructure like the electric grid. China’s Software Stalked Uighurs Earlier and More Widely, Researchers Learn […]

Read More

Daily NCSC-FI news followup 2020-07-25

Will Garmin Pay $10m Ransom To End Two-Day Outage? www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage/ Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days. Lisäksi yle.fi/uutiset/3-11465640 Hackers actively exploit high-severity networking vulnerabilities arstechnica.com/information-technology/2020/07/hackers-actively-exploit-high-severity-networking-vulnerabilities/ Hackers are actively exploiting two unrelated high-severity […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.