Daily NCSC-FI news followup 2021-06-06

Hacker lexicon: What is a supply chain attack?

arstechnica.com/information-technology/2021/06/hacker-lexicon-what-is-a-supply-chain-attack/ Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate hardware and software that makes up your network has been compromised at the source?

China Has Triggered a Bitcoin Mining Exodus

www.wired.com/story/china-bitcoin-mining-exodus/ The promise of a crackdown is sending the country’s crypterati scrambling for the exit.

Google Warns On Password Strength

www.forbes.com/sites/brookecrothers/2021/06/06/google-warns-on-password-strength/ Google is warning you about compromised passwords. It’s a very good idea to heed these warnings. Yes, passwords are hell. Strong self-generated passwords often turn into a fog of forgotten letter combinations and phrases.

How to hack into 5500 accounts just using “credential stuffing”

nakedsecurity.sophos.com/2021/06/04/how-to-hack-into-5500-accounts-just-using-credential-stuffing/ We all ought to know by now that passwords that are easy to guess will get guessed.

Exchange Servers Targeted by Epsilon Red’ Malware

threatpost.com/exchange-servers-epsilon-red-ransomware/166640/ REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.

Email spoofing: how attackers impersonate legitimate senders

securelist.com/email-spoofing-types/102703/ In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address.

You might be interested in …

Daily NCSC-FI news followup 2021-06-29

Russian hackers had months-long access to Denmark’s central bank www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/ Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/ Yoroi Malware ZLAB is reporting […]

Read More

Daily NCSC-FI news followup 2019-07-25

The Unsexy Threat to Election Security krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/ Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and […]

Read More

Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.