Daily NCSC-FI news followup 2021-05-15

Irelands Health Services hit with $20 million ransomware demand

www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/ Yesterday, a cybersecurity researcher shared a screenshot of a chat between Conti and Ireland’s HSE with BleepingComputer.. In the screenshot, the Conti gang claims to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700 GB of unencrypted files from the HSE, including patient info and employee info, contracts, financial statements, payroll, and more.

DarkSide Drama Isnt The Death Of Ransomware – Its Not Even The Death Of DarkSide

www.forbes.com/sites/daveywinder/2021/05/15/darkside-faq-who-are-the-5-million-colonial-pipeline-ransomware-attackers/ DarkSide was effectively forced into retreat by alleged law enforcement or unspecified government disruption of the publicity blog and the ransom negotiation dark web site.

Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs

therecord.media/brazilian-gang-defrauds-uber-lyft-doordash-using-gps-spoofing-and-stolen-ids/ According to court documents obtained by The Record, the gang used stolen IDs to create driver accounts at the aforementioned services, which they later sold to individuals who were not eligible for such accounts.. The gang also sold GPS-spoofing tech to drivers that made rides appear longer than they were or food delivery routes shorter in order to obtain increased fares.

www.bleepingcomputer.com/news/apple/apple-rejected-over-215-000-apps-in-2020-for-privacy-violations/ Apple says that more than 215,000 iOS apps were blocked by its App Store’s App Review team for privacy violations in 2020, while another 150,00 were rejected because they were spamming or misleading iOS users.. The company also blocked 48,000 applications from being published on the App Store due to using undocumented or having hidden features.. Ninety-five thousand additional apps were also removed from the App Store for using bait-and-switch tactics where new features and capabilities were added to fundamentally change their functionality after being approved.

You might be interested in …

Daily NCSC-FI news followup 2021-09-13

Varo Office-tiedostoja jo esi­katselu voi olla vaarallista www.is.fi/digitoday/tietoturva/art-2000008260361.html Microsoftin Office-asiakirjoissa, eli Wordilla, Excelillä ja PowerPointilla tehdyissä tiedostoissa piilee luultua suurempi vaara, kertovat muun muassa Traficomin Kyberturvallisuuskeskus sekä Kaspersky Lab. Aiemmin kerrottiin, että Windowsiin kuuluvassa MSHTML-nimisessä ohjelmistokomponentissa oleva haavoittuvuus mahdollistaa haittaohjelman ujuttamisen tietokoneelle Office-asiakirjan mukana. Tällöin uskottiin haittaohjelman aktivoitumisen edellyttävän asiakirjan avaamista ja suojausvaroituksen klikkaamista. Nyt […]

Read More

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.