Daily NCSC-FI news followup 2021-04-16

SolarWinds hack affected six EU agencies

therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack.

FIN7 hacker sentenced to 10 years in prison

therecord.media/fin7-hacker-sentenced-to-10-years-in-prison/ A Ukrainian national was sentenced today to 10 years in prison for his role in a cybercrime syndicate known as FIN7, a group that has orchestrated major attacks against point-of-sale systems across Europe and the US.

Five signs ransomware is becoming an industry

www.kaspersky.com/blog/darkside-ransomware-industry/39377/ With a website that looks like it could represent an online service provider, DarkSide Leaks makes us wonder what cybercriminals’ other PR tricks might be. Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.

Celsius email system breach leads to phishing attack on customers

www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/ Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius’ third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.

Google backs new security standard for smartphone VPN apps

www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/ The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. The new ioXt compliance program includes a ‘mobile application profile’ a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications.

Biden Races to Shore Up Power Grid Against Hacks

threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.

Spring cleaning? Don’t forget about your digital footprint

www.welivesecurity.com/2021/04/16/spring-cleaning-dont-forget-digital-footprint You’ve probably heard the phrase “digital footprint” before, but do you really know what it is? Your social media content, various online payment transactions, location history, emails sent, messages sent through instant messaging platforms, and passport usage these are just some of the data that makes up your digital footprint.

You might be interested in …

Daily NCSC-FI news followup 2021-07-12

DNS-over-HTTPS takes another small step towards global domination blog.malwarebytes.com/privacy-2/2021/07/dns-over-https-takes-another-small-step-towards-global-domination/ Firefox recently announced that it will be rolling out DNS-over-HTTPS (or DoH) soon to one percent of its Canadian users as part of its partnership with CIRA (the Canadian Internet Registration Authority), the Ontario-based organization responsible for managing the .ca top-level domain for Canada and a […]

Read More

Daily NCSC-FI news followup 2021-01-30

Trust is the key component of human-centric data economy impulssilvm.fi/2021/01/30/trust-is-the-key-component-of-human-centric-data-economy/ Data and digital innovation are vital for achieving public value, sustainable development goals, and tackling climate change, poverty and exclusion. In Finland, we speak of human-centric data economy, and you might wonder, why? It is because we believe that the critical raw material is not […]

Read More

Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.