Daily NCSC-FI news followup 2019-08-03

Joosua sai palkkion hakkeroinnista: Menneinä vuosina ei katsottu hyvällä

www.is.fi/digitoday/tietoturva/art-2000006192538.html Joosua Santasalo sai tuntuvan palkkion löytämästään tietoturva-aukosta. Bug bounty -kampanjoiden yleistyminen kertoo ohjelmistoalan asennemuutoksesta.

Internet connected cars can be hacked to gridlock major cities

www.hackread.com/internet-connected-cars-hacked-gridlock-cities/ Hacking Internet Connected Cars a near possibility for cybercriminals to cause major havoc.

Say hello to Lord Exploit Kit

blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/ In this blog post, we do a quick review of this exploit kit based on what we have collected so far.

40,000 Cloud Container Platforms Left Unsecured

www.msspalert.com/cybersecurity-research/40000-cloud-container-platforms-left-unsecured/ More than 40,000 cloud container platforms are using default, un-secured, out-of-the-box configurations, Palo Alto Networks threat intelligence research says.

The Malicious Use of Pastebin

www.fortinet.com/blog/threat-research/malicious-use-of-pastebin.html At first, my goal was to look up malicious files, since Pastebin can be used as an evasion techniques. However, what I discovered was a wide variety of malicious scripts, stolen credentials, encoded content, and malware. The result of this research, based on examining thousands of pastes, is as follows.. To take a closer look at this practice, and see how prevalent the misuse of this service is by cybercriminals, I decided to scrape all the pastes in Pastebin and process them for malicious content.

One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!

medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7 Here, Ill be sharing about what was that critical vulnerability that I happened to find in Jira (An Atlassian task tracking systems/project management software) or more specifically a misconfiguration issue which caused the leakage of internal sensitive information of organization and companies.

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

thehackernews.com/2019/08/hack-wpa3-wifi-password.html The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.. Shortly after that disclosure, the WiFi Alliance, the non-profit organization which oversees the adoption of the WiFi standard, released patches to address the issues and created security recommendations to mitigate the initial Dragonblood attacks.. But it turns out that those security recommendations, which were created privately without collaborating with the researchers, are not enough to protect users against the Dragonblood attacks. Instead, it opens up two new side-channel attacks, which once again allows attackers to steal your WiFi password even if you are using the latest version of WiFi protocol.

5G Is Hereand Still Vulnerable To Stingray Surveillance

www.wired.com/story/5g-security-stingray-surveillance/ At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. . Also called “IMSI catchers” after the international mobile subscriber identity number attached to every cell phone, stingrays masquerade as legitimate cell towers. . Once they trick a device into connecting to it, a stingray uses the IMSI or other identifiers to track the device, and even listen in on phone calls.

You might be interested in …

Daily NCSC-FI news followup 2021-03-21

Puolustusministeri Kaikkonen: Digitaalinen itsenäisyys on puolustamisen arvoinen www.erillisverkot.fi/puolustusministeri-kaikkonen-digitaalinen-itsenaisyys-on-puolustamisen-arvoinen/ Digitaalisen itsenäisyyden turvaaminen on osa modernia maanpuolustusta. Kyberpuolustus ja kyberhyökkäysten torjuminen kuuluu olennaisesti siihen, linjasi puolustusministeri Antti Kaikkonen Erve Foorumi 2021 -tervehdyksessään. Samsung Investigation Part 2: Exploiting Trusted Applications (TAs) www.riscure.com/blog/samsung-investigation-part2 In this second blog post, we will continue to explore TEEGRIS by reverse engineering TAs in […]

Read More

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2019-09-13

Israel accused of planting mysterious spy devices near the White House www.politico.com/story/2019/09/12/israel-white-house-spying-devices-1491351 The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.