Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and algorithms described in our white paper.. Part three:

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

blog.trendmicro.com/trendlabs-security-intelligence/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script/ To help security researchers, we have developed LLDBFuzzer, which is based on the LLVM Projects next-generation debugger called Low Level Debugger (LLDB). We tested LLDBFuzzer on a MacPros AMD graphic drivers.

Researchers Bypass Apple FaceID Using Biometrics Achilles Heel

threatpost.com/researchers-bypass-apple-faceid-using-biometrics-achilles-heel/147109/ Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications including Apples FaceID. But there is a catch. Doing so requires the victim to be out cold.

Porin kaupunkiin kohdistunut tietomurto onkin odotettua vakavampi

yle.fi/uutiset/3-10916012 Porin kaupungin tietomurto on paljastunut vakavammaksi kuin aluksi luultiin. Tutkimusten edetessä on huomattu, että tietomurron tekijät ovat päässeet käsiksi käyttäjien omiin tiedostoihin.

Customer Information Exposed In Air New Zealand Phishing Attack

www.bleepingcomputer.com/news/security/customer-information-exposed-in-air-new-zealand-phishing-attack/ Air New Zealand sent e-mails to customers enrolled in its Airpoints loyalty program to warn them of a phishing attack that successfully compromised the email accounts of two staff members which potentially led to personal information being accessed by the attackers.

Instagram’s lax privacy practices let a trusted partner track millions of users’ physical locations, secretly save their stories, and flout its rules

www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8?r=US&IR=T A buzzy San Francisco startup has been secretly saving what appears to be millions of Instagram users’ stories and tracking their locations. The marketing firm Hyp3r has been scraping huge quantities of data off the Facebook-owned app and using it to build up detailed profiles of people’s movements and interests.

Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone

www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/#69ec0a8b3948 Apple has massively increased the amount its offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. Its by far the highest bug bounty on offer from any major tech company.

You might be interested in …

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Read More

Daily NCSC-FI news followup 2021-01-03

2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud threatpost.com/2021-cybersecurity-trends/162629/ Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts. After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and […]

Read More

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.