Daily NCSC-FI news followup 2021-08-29

A bad solar storm could cause an Internet apocalypse

arstechnica.com/science/2021/08/a-bad-solar-storm-could-cause-an-internet-apocalypse/ Scientists have known for decades that an extreme solar storm, or coronal mass ejection, could damage electrical grids and potentially cause prolonged blackouts. The repercussions would be felt everywhere from global supply chains and transportation to Internet and GPS access. Less examined until now, though, is the impact such a solar emission could have on Internet infrastructure specifically. New research shows that the failures could be catastrophic, particularly for the undersea cables that underpin the global Internet.

Filter JSON Data by Value with Linux jq

isc.sans.edu/forums/diary/Filter+JSON+Data+by+Value+with+Linux+jq/27792/ Since JSON has become more prevalent as a data service, unfortunately, it isn’t at all BASH friendly and manipulating JSON data at the command line with REGEX (i.e. sed, grep, etc.) is cumbersome and difficult to get the output I want. So, there is a Linux tool I use for this, jq is a tool specifically written to manipulate and filter the data I want (i.e. like scripting and extract the output I need) from large JSON file in an output format I can easily read and manipulate.

72-vuotias Maija menetti eläke­säästönsä Microsoft-huijari vei 23500 euroa

www.is.fi/digitoday/tietoturva/art-2000008222024.html 15000 euroa pankkitililtä ja 8500 euroa luottokortilla. Tämän eläkesäästöjen menetyksen kanssa joutuu nyt elämään Varsinais-Suomessa asuva Maija, 72 (nimi muutettu). Kaikki alkoi 4. elokuuta, kun Maijalla oli ongelmia uuden kannettavan tietokoneen kanssa. Huono-onnisen sattuman kautta huijari soitti juuri tällä hetkellä ja esittäytyi Microsoftin edustajaksi.

6 Things You Need to Do to Prevent Getting Hacked

www.wired.com/story/how-to-prevent-getting-hacked/ THERE ARE TWO big reasons why people get hacked. Flaws in software and flaws in human behavior. While theres not much you can do about coding vulnerabilities, you can change your own behavior and bad habits. Just ask former US president Donald Trump, whose Twitter password was maga2020! Or Boris Johnson, who revealed details of sensitive Zoom calls at the start of the pandemic in 2020. (These world leaders will have had specific security training from protection agencies too.). The risks are just as real for the average personeven if the stakes arent quite so high. If your accounts arent properly protected, your credit card could be compromised or your private messages and photographs stolen and shared for all to see.

GitHub Copilot Security Study: ‘Developers Should Remain Awake’ in View of 40% Bad Code Rate

visualstudiomagazine.com/articles/2021/08/26/github-copilot-security.aspx Researchers published a scholarly paper looking into security implications of GitHub Copilot, an advanced AI system now being used for code completion in Visual Studio Code and possibly headed for Visual Studio after its current preview period ends. In multiple scenario testing, some 40 percent of tested projects were found to include security vulnerabilities.

Winning the Cyber-Defense Race: Understand the Finish Line

threatpost.com/winning-cyber-defense-race/168996/ Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: Its not achieving visibility. If you ask organizations about their top objectives, you will likely hear they need to increase visibility, reduce toolsets and adopt automation to counteract the cybersecurity skills gap. And what most dont realize is that these initiatives are driven by hurdles the industry has created for itself. Countless hours are spent trying to overcome hurdles in a process that doesnt get us any closer to thwarting threat actors. Consolidating tools, for example, is just a preservation tactic therein lies the problem. So, how can security professionals stop using Band-Aids and reevaluate whats really going on and how to defend against threats?

You might be interested in …

[NCSC-FI News] APT35 Automates Initial Access Using ProxyShell

In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via multiple web shells. The overlap of activities and tasks was remarkably similar to that observed in our previous report, “Exchange Exploit Leads to Domain Wide Ransomware” In this intrusion, we observed the initial exploitation […]

Read More

Daily NCSC-FI news followup 2020-03-16

Coronavirus-themed phishing attacks and hacking campaigns are on the rise www.zdnet.com/article/coronavirus-themed-phishing-attacks-and-hacking-campaigns-are-on-the-rise/ Opportunist crooks are exploiting coronavirus as part of their phishing attacks, malware, ransomware and more. The National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. Experts at the NCSC the […]

Read More

[NCSC-FI News] Gmail-linked Facebook accounts vulnerable to attack using a chain of bugsnow fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.