Daily NCSC-FI news followup 2021-05-16

We Found Joe Bidens Secret Venmo. Heres Why Thats A Privacy Nightmare For Everyone.

www.buzzfeednews.com/article/ryanmac/we-found-joe-bidens-secret-venmo BuzzFeed News found President Joe Bidens Venmo account after less than 10 minutes of looking for it, revealing a network of his private social connections, a national security issue for the United States, and a major privacy concern for everyone who uses the popular peer-to-peer payments app.

HTML Phishing Email Opens the Door for Threat Actors

cofense.com/blog/html-phishing-email/ The Cofense Phishing Defense Center (PDC) has observed a credential phishing trend whereby threat actors are sending out several emails to employees with nothing more than an HTML attachment and subject line, OfficeDoc Important Business/Work Guide. As organizations are planning for return-to-work procedures, threat actors are leveraging this theme to increase the likelihood of user . interaction with the attachment.

Chemical distributor pays $4.4 million to DarkSide ransomware

www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/ In this particular case, the DarkSide affiliate claims to have gotten access to the network after purchasing stolen credentials. However, the DarkSide affiliate does not know how the credentials were originally obtained.

3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

www.helpnetsecurity.com/2021/05/13/supply-chain-compromises/ To get a broader understanding of what organizations are up against, lets look at three major supply chain compromises that occurred during the first quarter of 2021. Each one of these supply chain attacks targeted a different piece of implicitly trusted infrastructureinfrastructure that you may or not be paying attention to as a potential target in your organization.. 1. Package squatting via software package repositories. 2. Malicious commits via version control systems. 3. Man-in-the-middle attacks via TLS certificates

Consumers Unforgiving of Merchants Data Failings

www.infosecurity-magazine.com/news/consumers-unforgiving-of-merchants/ New research has revealed that most American consumers who shop online will cease doing business with a merchant that mishandles their data.. The finding emerged from the May 2021 Securing eCommerce study, carried out by PYMNTS.com in collaboration with NuData, which surveyed a census-balanced panel of nearly 2,400 American consumers.

Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry

www.infosecurity-magazine.com/news/twothirds-global-firms-exposed/ Over two-thirds (67%) of organizations are still running an insecure Windows protocol largely responsible for the infamous WannaCry and NotPetya attacks of 2017 and 2018, according to new research.. Security vendor ExtraHop used its network detection and response (NDR) capabilities to analyze anonymized metadata from an unspecified number of customer networks, in order to better understand where they may be vulnerable to outdated protocols.. Report at

assets.extrahop.com/pdfs/security-advisories/insecure-protocols.pdf

You might be interested in …

Daily NCSC-FI news followup 2019-10-22

Googlen ja Amazonin älykaiuttimia voi käyttää vakoiluun ja tietojen urkintaan haittasovelluksien kautta. www.is.fi/digitoday/art-2000006281649.html Tutkijat esittelevät julkaisemallaan videolla yhtä mahdollista urkintakeinoa. Horoskooppisovellukseksi naamioitu haittasovellus ilmoittaa ensin, ettei horoskoopin luku onnistu ja hiljenee. Sammumisen sijaan sovellus pysyy kuitenkin käynnissä. 3 Key Questions to Help Address Enterprise IoT Security Risks securityintelligence.com/posts/3-key-questions-to-help-address-enterprise-iot-security-risks/ Armis estimated that by 2021, up to […]

Read More

Daily NCSC-FI news followup 2021-07-25

Shortcomings With Financial Market Infrastructure Companies Business Continuity And Cybersecurity Plans Need To Be Resolved www.forbes.com/sites/mayrarodriguezvalladares/2021/07/25/shortcomings-with-financial-market-infrastructure-companies-business-continuity-and-cybersecurity-plans-need-to-be-resolved/ [A report released this week] shows that it is doubtful that [financial markets infrastructure companies] business continuity plans (BCPs) are designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events and […]

Read More

Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.