Daily NCSC-FI news followup 2021-02-20

Safety Certification Giant UL Has Been Hit By Ransomware

www.forbes.com/sites/leemathews/2021/02/19/safety-certification-giant-ul-has-been-hit-by-ransomware/ UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware. Lisäksi:

www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/

Recently fixed Windows zero-day actively exploited since mid-2020

www.bleepingcomputer.com/news/security/recently-fixed-windows-zero-day-actively-exploited-since-mid-2020/ Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data. The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – – Windows Win32k Elevation of Privilege Vulnerability.’

Scoop: Sequoia Capital says it was hacked

www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee’s email was successfully phished, Axios has learned.

Zero Trust is not a security solution. It’s a strategy

www.zdnet.com/article/zero-trust-is-not-a-security-solution-its-a-strategy One of the top challenges and misunderstandings that I continue to see is what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.”

Malformed URL Prefix Phishing Attacks Spike 6, 000%

threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Researchers from GreatHorn report they have observed a nearly 6, 000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL.

Active Cyber Defence (ACD) – The Third Year

www.ncsc.gov.uk/report/acd-report-year-three The Active Cyber Defence (ACD) programme’s aim is to Protect the majority of people in the UK from the majority of harm caused by the majority of cyber attacks the majority of the time.’

North Korean hackers charged with $1.3 billion of cyberheists

blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/ The US Department of Justice recently unsealed indictments detailing North Korea’s involvement in several global cyberattack campaigns against institutions in the financial and entertainment sectors, and money laundering schemes in certain US states.

You might be interested in …

Daily NCSC-FI news followup 2021-03-23

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector The NCSC is responding to further targeted ransomware attacks on the education sector by cyber criminals. When & How to Report Security Incidents www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents […]

Read More

Daily NCSC-FI news followup 2021-07-18

Japan Has Shattered the Internet Speed Record at 319 Terabits per Second interestingengineering.com/japan-shattered-internet-speed-record-319-terabits The new record was made on a line of fibers more than 3, 000 km long. It’s nearly double the previous record of 178 Tb/s, which was set in 2020. And it’s seven times the speed of the earlier record of 44.2 […]

Read More

Daily NCSC-FI news followup 2019-08-13

Attackers could use this coding bug to turn BIG-IP load balancers against organizations blog.f-secure.com/command-injection-in-f5-irules/ During a routine security assessment, F-Secure Senior Security Consultant Christoffer Jerkeby discovered that an obscure coding bug could allow attackers to exploit F5 Networks popular BIG-IP load balancer. Further research found that, following a successful exploit, an adversary could turn the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.