Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware

www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi:

www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/

Recently fixed Windows zero-day actively exploited since mid-2020

www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – – Windows Win32k Elevation of Privilege Vulnerability.’

Scoop: Sequoia Capital says it was hacked

www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee’s email was successfully phished, Axios has learned.

Zero Trust is not a security solution. It’s a strategy

www.zdnet.com/article/zero-trust-is-not-a-security-solution-its-a-strategy One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.”

Malformed URL Prefix Phishing Attacks Spike 6, 000%

threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Researchers from GreatHorn report they have observed a nearly 6, 000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL.

Active Cyber Defence (ACD) – The Third Year

www.ncsc.gov.uk/report/acd-report-year-three The Active Cyber Defence (ACD) programme’s aim is to Protect the majority of people in the UK from the majority of harm caused by the majority of cyber attacks the majority of the time.’

North Korean hackers charged with $1.3 billion of cyberheists

blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/ The US Department of Justice recently unsealed indictments detailing North Korea’s involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states.

You might be interested in …

Daily NCSC-FI news followup 2019-11-06

BlueKeep RDP Attacks are Starting Patch CVE-2019-0708 Now www.fortinet.com/blog/threat-research/bluekeep-rdp-attacks-starting-patch-now.html Microsoft patched a critical Remote Desktop Services Remote Code Execution Vulnerability this past May, 2019. Identified as CVE-2019-0708, and also known as BlueKeep, this remote code execution vulnerability can be exploited when an unauthenticated attacker connects to a target system using RDP and then sends specially […]

Read More

Daily NCSC-FI news followup 2020-01-19

Kohta kaikki tapahtuu pilvessä Amazonin evankelista vertaa pilvipalveluita sähkölaitoksiin yle.fi/uutiset/3-11151242 Pilvipalveluista on lyhyessä ajassa muodostunut perusta, jonka päälle arkemme rakentuu. Sähköpostit, valokuvat ja pikaviestit tallentuvat kaikki palvelinkeskuksiin eri puolille maailmaa.. Suomessa yritykset ovat viime vuosien aikana siirtyneet vauhdilla pilvipalveluiden asiakkaiksi. Elinkeinoelämän keskusliiton EK:n tilastojen mukaan suurista suomalaisyrityksistä 90 prosenttia käyttää maksullisia pilvipalveluita.. Suunta on aivan […]

Read More

Daily NCSC-FI news followup 2021-07-24

Internet Futures www.ofcom.org.uk/__data/assets/pdf_file/0013/222205/internet-futures.pdf This report should not be seen as an exhaustive list of every innovative technology being developed. Indeed, it can be no more than a sample of the high-quality ongoing research work being conducted in industry and academia. Further, the omission or inclusion of any technology shouldnt be taken as a signal of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.