Daily NCSC-FI news followup 2021-05-22

Crypto-mining gangs are abusing the free tiers of cloud computing platforms

therecord.media/crypto-mining-gangs-are-running-amok-on-free-cloud-computing-platforms/ Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider’s free tier infrastructure.

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/ Air India has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered during a span of 10 years and includes names, dates of birth, contact information, passport information and other personal information.

Privacy in the time after cookies – Google Chrome’s new FLoC tracking

www.forbes.com/sites/zakdoffman/2021/05/01/stop-using-google-chrome-on-your-iphone-android-macbook-and-pc/ Now that end of the third party cookie era is coming to an end, other tracking methods are being experimented with. Zak Doffman discusses in detail what kind of privacy impact Chrome’s new FLoC tracking has.

Serverless Phishing Campaign

isc.sans.edu/diary/%22Serverless%22+Phishing+Campaign/27446 Usually most attackers deploy their phishing kits on servers, this one includes an obfuscated html phishing page attached in the mail. Xavier Mertens, Senior ISC Handler, analyses the method in the InfoSec handlers diary blog.

PowerShell Is Source of More Than a Third of Critical Security Threats

www.esecurityplanet.com/threats/powershell-source-of-third-of-critical-security-threats/ PowerShell was the source of more than a third of critical threats detected on endpoints in the second half of 2020, according to a Cisco research study released at the RSA Conference.

Nuoret hakkerit löysivät tietoturva-aukkoja Abitti-ohjelmasta

yle.fi/uutiset/3-11939828 Poikakolmikko löysi laajoja tietoturva-aukkoja lukioiden käyttämästä Abitti-ohjelmasta, jonka kautta järjestetään muun muassa yo-kokeet. He ovat saaneet löydöksen jälkeen lukuisia työtarjouksia.

You might be interested in …

Daily NCSC-FI news followup 2021-09-14

Microsoft September 2021 Patch Tuesday: Remote code execution flaws in MSHTML, OMI fixed www.zdnet.com/article/microsoft-september-2021-patch-tuesday-remote-code-execution-flaws-in-mshtml-open-management-fixed/ This month’s round of security fixes tackles critical software issues including a zero-day flaw known to be exploited in the wild. Microsoft has released over 60 security fixes and updates resolving issues including a remote code execution (RCE) flaw in MSHTML […]

Read More

Daily NCSC-FI news followup 2020-11-21

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is […]

Read More

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.