Daily NCSC-FI news followup 2019-06-09

Microsoft warns about email spam campaign abusing Office vulnerability www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/ Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. Microsoft said the spam wave appears to target […]

Daily NCSC-FI news followup 2019-06-08

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover threatpost.com/amcrest-critical-security-issues/145507/ Two critical severity bugs have been publicly disclosed that impact Amcrest HDSeries model IPM-721S cameras. Both vulnerabilities open the consumer-grade ($50) Wi-Fi cameras to complete takeover by remote, unauthenticated attackers. Mandar Satam, senior security researcher at Synopsys, found the six security flaws in the IPM-721S […]

Daily NCSC-FI news followup 2019-06-07

A Deep Dive into the Emotet Malware www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file. Later versions evolved to use macro-enabled Office documents to retrieve a malicious payload from a C2 server. […]

Daily NCSC-FI news followup 2019-06-06

Microsoft and Oracle link up their clouds techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity […]

Daily NCSC-FI news followup 2019-06-05

The EU Found Out That Its Embassy In Moscow Had Been Hacked But Kept It A Secret www.buzzfeednews.com/article/albertonardelli/eu-embassy-moscow-hack-russia A sophisticated cyber espionage event began in February 2017. Russian entities are believed to be behind the hack, a source told BuzzFeed News. The Most Expensive Lesson Of My Life: Details of SIM port hack medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124 I […]

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Digihuijatut YLE Areena

Digihuijatut @ YLE Areena

YLE Areena has published a Finnish TV show that details cases of digital fraud. The TV show is called “Digihuijatut”, and it covers fraud cases from romance scams to identity theft. Each episode is based around interviews conducted with victims of digital fraud. I was interviewed as a cyber security expert on several of the […]