Daily NCSC-FI news followup 2021-04-16

SolarWinds hack affected six EU agencies

therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack.

FIN7 hacker sentenced to 10 years in prison

therecord.media/fin7-hacker-sentenced-to-10-years-in-prison/ A Ukrainian national was sentenced today to 10 years in prison for his role in a cybercrime syndicate known as FIN7, a group that has orchestrated major attacks against point-of-sale systems across Europe and the US.

Five signs ransomware is becoming an industry

www.kaspersky.com/blog/darkside-ransomware-industry/39377/ With a website that looks like it could represent an online service provider, DarkSide Leaks makes us wonder what cybercriminals’ other PR tricks might be. Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.

Celsius email system breach leads to phishing attack on customers

www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/ Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius’ third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.

Google backs new security standard for smartphone VPN apps

www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/ The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. The new ioXt compliance program includes a ‘mobile application profile’ a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications.

Biden Races to Shore Up Power Grid Against Hacks

threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.

Spring cleaning? Don’t forget about your digital footprint

www.welivesecurity.com/2021/04/16/spring-cleaning-dont-forget-digital-footprint You’ve probably heard the phrase “digital footprint” before, but do you really know what it is? Your social media content, various online payment transactions, location history, emails sent, messages sent through instant messaging platforms, and passport usage these are just some of the data that makes up your digital footprint.

You might be interested in …

Daily NCSC-FI news followup 2020-07-26

DJI Drone App Riddled With Privacy Issues, Researchers Allege threatpost.com/dji-drone-app-riddled-with-privacy-issues-researchers-allege/157730/ Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. […]

Read More

Daily NCSC-FI news followup 2021-08-12

Microsoft confirms another Windows print spooler zero-day bug www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/ Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as ‘PrintNightmare, ‘ which abuses configuration settings for the Windows […]

Read More

Daily NCSC-FI news followup 2020-11-12

Two New Chrome 0-Days Under Active Attacks Update Your Browser thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Lisäksi: chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html. Lisäksi: www.zdnet.com/article/google-patches-two-more-chrome-zero-days/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2020/11/12/google-releases-security-updates-chrome. Lisäksi: threatpost.com/2-zero-day-bugs-google-chrome/161160/ DNS cache poisoning, the Internet […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.