Daily NCSC-FI news followup 2021-09-04

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle

www.theregister.com/2021/09/04/bluetooth_headphones_tracking_oslo/ A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation meaning they can be used to track their wearers.

The State of SSL/TLS Certificate Usage in Malware C&C Communications

www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/ssl-tls-technical-brief/ssl-tls-technical-brief.pdf Over the last six years there has been an increased shift by malware authors to secure their C&C communications using the SSL/TLS protocol to stymie detection and blend in with normal traffic. This shift is noticeable in commodity malware, as well as in APT type attacks.. This is also seen in red teaming tabletop exercises to test the capabilities of different detection security layers, using frameworks such as Cobalt Strike, Metasploit and Core Impact, among others

You might be interested in …

Daily NCSC-FI news followup 2020-09-11

New cyberattacks targeting U.S. elections blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below.. Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties […]

Read More

Daily NCSC-FI news followup 2021-07-02

Microsoft shares mitigations for Windows PrintNightmare zero-day bug www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/ Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. Lisäksi: www.fortinet.com/blog/threat-research/fortinet-releases-ips-signature-microsoft-printnightmare-vulnerability. Lisäksi: www.theregister.com/2021/07/01/printnightmare_windows_fix/. Lisäksi: us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability Microsoft warns of critical PowerShell 7 code execution vulnerability www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/ Microsoft warns of a critical.NET Core remote […]

Read More

Daily NCSC-FI news followup 2021-05-02

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/ According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. That same global survey discovered that only 8% of them got all their data […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.