Daily NCSC-FI news followup 2019-10-19

Schneier: Why Technologists Need to Get Involved in Public Policy

www.schneier.com/blog/archives/2019/10/why_technologis.html

US stopped using floppy disks to manage nuclear weapons arsenal

www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/ The system was created in 1968 and has been running for nearly 50 years on top of an IBM Series/1 mainframe, using 8-inch floppy disks as its storage medium.

US.GOV: Mind Your Own Business Act – Execs Could Face Jail Time For Privacy Violations

threatpost.com/execs-jail-time-privacy-violations/149334/ In addition to fines, senior executives who knowingly lie to the FTC could face up to 10- to 20-year criminal penalties under the act.

Debug mode in popular webdev tool Laravel exposes credentials for hundreds of websites, including Donald Trumps

www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/

Microsoft Tackles Election Security with Bug Bounties

threatpost.com/microsoft-election-security-bug-bounties/149347/ Researchers can earn up to $15,000, depending on the severity of the bug found.

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/

UC Browser app abuses may have exposed 500 million users

www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users

Vatican sponsored eRosary Application Account Takeover

fidusinfosec.com/clicktopray-erosary-account-takeover/ See also

www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/

Redaman banking malware C&C servers hidden inside the Bitcoin blockchain

research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/

SIMATIC IPC – Security Guidelines for Linux systems

support.industry.siemens.com/cs/document/109768383/simatic-ipc-security-guidelines-for-linux-systems

You might be interested in …

Daily NCSC-FI news followup 2021-09-24

SonicWall warns users to patch critical vulnerability as soon as possible blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/ SonicWall has issued a security notice about its SMA 100 series of appliances. The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and gain administrator access to the device. Uusi pankkihuijaus […]

Read More

Daily NCSC-FI news followup 2020-05-30

List of well-known web sites that port scan their visitors www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/ Last weekend, news heavily circulated that eBay.com was port scanning visitors’ computers when they browsed their site. To see what other sites may be using this script, BleepingComputer reached out to DomainTools, a cybersecurity company specializing in web domain and DNS threat intelligence. Of […]

Read More

Daily NCSC-FI news followup 2020-04-10

Large email extortion campaign underway, DON’T PANIC! www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends. Ransomware scumbags leak Boeing, Lockheed […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.