Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and algorithms described in our white paper.. Part three:

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

blog.trendmicro.com/trendlabs-security-intelligence/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script/ To help security researchers, we have developed LLDBFuzzer, which is based on the LLVM Projects next-generation debugger called Low Level Debugger (LLDB). We tested LLDBFuzzer on a MacPros AMD graphic drivers.

Researchers Bypass Apple FaceID Using Biometrics Achilles Heel

threatpost.com/researchers-bypass-apple-faceid-using-biometrics-achilles-heel/147109/ Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications including Apples FaceID. But there is a catch. Doing so requires the victim to be out cold.

Porin kaupunkiin kohdistunut tietomurto onkin odotettua vakavampi

yle.fi/uutiset/3-10916012 Porin kaupungin tietomurto on paljastunut vakavammaksi kuin aluksi luultiin. Tutkimusten edetessä on huomattu, että tietomurron tekijät ovat päässeet käsiksi käyttäjien omiin tiedostoihin.

Customer Information Exposed In Air New Zealand Phishing Attack

www.bleepingcomputer.com/news/security/customer-information-exposed-in-air-new-zealand-phishing-attack/ Air New Zealand sent e-mails to customers enrolled in its Airpoints loyalty program to warn them of a phishing attack that successfully compromised the email accounts of two staff members which potentially led to personal information being accessed by the attackers.

Instagram’s lax privacy practices let a trusted partner track millions of users’ physical locations, secretly save their stories, and flout its rules

www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8?r=US&IR=T A buzzy San Francisco startup has been secretly saving what appears to be millions of Instagram users’ stories and tracking their locations. The marketing firm Hyp3r has been scraping huge quantities of data off the Facebook-owned app and using it to build up detailed profiles of people’s movements and interests.

Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone

www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/#69ec0a8b3948 Apple has massively increased the amount its offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. Its by far the highest bug bounty on offer from any major tech company.

You might be interested in …

Daily NCSC-FI news followup 2019-11-17

Indian officials acknowledged on October 30th that a cyberattack occurred at the countrys Kudankulam nuclear power plant. thebulletin.org/2019/11/lessons-from-the-cyberattack-on-indias-largest-nuclear-power-plant/ While reactor operations at Kudankulam were reportedly unaffected, this incident should serve as yet another wake-up call that the nuclear power industry needs to take cybersecurity more seriously.. The problem of cybersecurity is not new to the […]

Read More

Daily NCSC-FI news followup 2020-08-04

Google and Amazon overtake Apple as most imitated brands for phishing in Q2 2020 blog.checkpoint.com/2020/08/04/google-and-amazon-overtake-apple-as-most-imitated-brands-for-phishing-in-q2-2020/ When the career criminal Willie Sutton was asked by a reporter why he robbed so many banks, he reportedly answered: Because thats where the money is. The same logic applies to the question, Why are there so many phishing attacks? […]

Read More

Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.