Daily NCSC-FI news followup 2019-08-09

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-two.html This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In this post, we demonstrate how to retrieve a compressed page using the structures and algorithms described in our white paper.. Part three:

www.fireeye.com/blog/threat-research/2019/08/finding-evil-in-windows-ten-compressed-memory-part-three.html

LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script

blog.trendmicro.com/trendlabs-security-intelligence/lldbfuzzer-debugging-and-fuzzing-the-apple-kernel-with-lldb-script/ To help security researchers, we have developed LLDBFuzzer, which is based on the LLVM Projects next-generation debugger called Low Level Debugger (LLDB). We tested LLDBFuzzer on a MacPros AMD graphic drivers.

Researchers Bypass Apple FaceID Using Biometrics Achilles Heel

threatpost.com/researchers-bypass-apple-faceid-using-biometrics-achilles-heel/147109/ Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications including Apples FaceID. But there is a catch. Doing so requires the victim to be out cold.

Porin kaupunkiin kohdistunut tietomurto onkin odotettua vakavampi

yle.fi/uutiset/3-10916012 Porin kaupungin tietomurto on paljastunut vakavammaksi kuin aluksi luultiin. Tutkimusten edetessä on huomattu, että tietomurron tekijät ovat päässeet käsiksi käyttäjien omiin tiedostoihin.

Customer Information Exposed In Air New Zealand Phishing Attack

www.bleepingcomputer.com/news/security/customer-information-exposed-in-air-new-zealand-phishing-attack/ Air New Zealand sent e-mails to customers enrolled in its Airpoints loyalty program to warn them of a phishing attack that successfully compromised the email accounts of two staff members which potentially led to personal information being accessed by the attackers.

Instagram’s lax privacy practices let a trusted partner track millions of users’ physical locations, secretly save their stories, and flout its rules

www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8?r=US&IR=T A buzzy San Francisco startup has been secretly saving what appears to be millions of Instagram users’ stories and tracking their locations. The marketing firm Hyp3r has been scraping huge quantities of data off the Facebook-owned app and using it to build up detailed profiles of people’s movements and interests.

Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone

www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/#69ec0a8b3948 Apple has massively increased the amount its offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. Its by far the highest bug bounty on offer from any major tech company.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.