Daily NCSC-FI news followup 2021-12-19

Superior Plus, the number one propane distributor in Canada and number five distributor in the U.S., has reported a ransomware incident. It’s the second security incident involving a top company in the propane business in the last six months

www.forbes.com/sites/leemathews/2021/12/16/one-of-north-americas-largest-propane-distributors-reports-ransomware-attack/ Superior reported having discovered the breach on December 12. The company’s announcement does not mention when the attackers originally gained access to its systems.

Firefox fixes password leak via Windows Cloud Clipboard feature

therecord.media/firefox-fixes-password-leak-via-windows-cloud-clipboard-feature/ Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers.

Entiset työntekijät voivat muodostaa uhan yritysten it-järjestelmille

www.kauppalehti.fi/uutiset/kysely-exat-ovat-merkittava-tietoturvauhka-yrityksille/f7804220-ed63-4bb3-bbd2-60085b645dbf Tuoreen raportin mukaan peräti 83 prosenttia organisaatioiden tietoturva-ammattilaisista toteaa, ettei organisaatioiden entisiä työntekijöitä pystytä varmuudella pitämään poissa it-järjestelmistä. Asia selviää it-yhtiö Teleportin raportista, josta uutisoi VentureBeat.

Western Digital warns customers to update their My Cloud devices

www.bleepingcomputer.com/news/security/western-digital-warns-customers-to-update-their-my-cloud-devices/ Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. “On April 15, 2022, support for prior generations of My Cloud OS, including My Cloud OS 3, will end, ” the company said this week. “If your device isn’t compatible with My Cloud OS 5, you will lose remote access and will only be able to access it locally. Devices on these older firmware versions will not receive security fixes or technical support.”

Daily NCSC-FI news followup 2021-03-30

Älä ole hiljaa: 7 syytä, joiden vuoksi verkkorötöksistä kannattaa tehdä rikosilmoitus www.is.fi/digitoday/tietoturva/art-2000007889042.html Kyberrikokset tulisi ilmoittaa poliisille, uusi Kyberrikollisuus on poliisiasia -opas kertoo. Suuri osa kyberrikoksista jää ilmoittamatta poliisille. Tähän tärkeimmät syyt ovat epäröinti käynnistää prosessi esimerkiksi negatiivisen julkisuuden pelossa, pelko omien virheiden paljastumisesta, sekä hyötyjen ja haittojen punnitseminen, johon kuuluu muun muassa uskomus rikollisen kiinni […]

[NCSC-FI News] Trends in the Recent Emotet Maldoc Outbreak

Emotet is a malware family that steals sensitive and private information from victims’ computers. The malware has infected more than a million devices and is considered one of the most dangerous threats of the decade In addition to analyzing threats, FortiGuard Labs also focuses on how malware spreads. We have observed that the recent Emotet […]

Daily NCSC-FI news followup 2019-07-09

Serious Zoom security flaw could let websites hijack Mac cameras www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. Exclusive: The true origins […]