Daily NCSC-FI news followup 2019-07-13

Brazil is at the forefront of a new type of router attack

www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/ On these sites, malicious ads (malvertising) run special code inside users’ browsers to search and detect the IP address of a home router, the router’s model. When they detect the router’s IP and model, the malicious ads then use a list of default usernames and passwords to log into users’ devices, without their knowledge.. If the attacks are successful, additional malicious code relayed through the malicious ads will modify the default DNS settings on the victims’ routers, replacing the DNS server IP addresses routers receive from the upstream ISPs with the IP addresses of DNS servers managed by the hackers.

Brilliant Boston boffins blow big borehole in Bluetooth’s ballyhooed barricades: MAC addy randomization broken

www.theregister.co.uk/2019/07/12/untraceable_bluetooth_exposed/ David Strobinski, David Li, and Johannes Becker at Boston University told The Register how they found that the MAC randomization system of Bluetooth LE, designed to thwart the tracking of devices, transmits packages of data that can still be used to uniquely identify, and thus track the location of a mobile phone or PC.

iOS URL Scheme Susceptible to Hijacking

blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/ The URL Scheme can be dangerous and is not recommended for the transfer of sensitive data. Attackers can take advantage of the non-authentication feature since communication and data is transferred regardless of the source or destination.

Burning down the house with IoT

www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/ Weve shown that we can tamper with the temperature, so even if used safely by the user, a hacker can make them less safe.. Yes, this attack requires the hacker to be within Bluetooth range, but it would have been so easy for the manufacturer to include a pairing/bonding function to prevent this.

You might be interested in …

Daily NCSC-FI news followup 2020-10-27

Uusi työkalu johdolle kyberuhkien hallintaan www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/uusi-tyokalu-johdolle-kyberuhkien-hallintaan Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen kehittämä Kybermittari auttaa yritysjohtoa saamaan kyberriskit kattavammin hallintaan ja turvaamaan liiketoiminnan jatkuvuuden. DN: Suuri tietomurto ruotsalaiseen turvallisuusalan yritykseen, verkkoon on vuodettu muun muassa pankki­holvien piirustuksia www.hs.fi/ulkomaat/art-2000006700788.html Ruotsalaiseen, kansainvälisesti toimivaan turvallisuusalan yhtiöön on tehty mittava tietomurto, jossa verkkoon on vuodettu esimerkiksi pankkiholvien piirustuksia ja hälytysjärjestelmien […]

Read More

Daily NCSC-FI news followup 2020-06-08

German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign securityintelligence.com/posts/german-task-force-for-covid-19-medical-equipment-targeted-in-ongoing-phishing-campaign/ During the course of ongoing research on coronavirus-related cyber activity, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a COVID-19 related phishing campaign targeting a German multinational corporation (MNC), associated with a German government-private sector task force to procure personal protective […]

Read More

Daily NCSC-FI news followup 2020-04-11

How Apple and Google Are Enabling Covid-19 Contact-Tracing www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19/ The tech giants have teamed up to use a Bluetooth-based framework to keep track of the spread of infections without compromising location privacy. The Challenge of Proximity Apps For COVID-19 Contact Tracing www.eff.org/deeplinks/2020/04/challenge-proximity-apps-covid-19-contact-tracing Around the world, a diverse and growing chorus is calling for the use […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.