Daily NCSC-FI news followup 2019-10-19

Schneier: Why Technologists Need to Get Involved in Public Policy

www.schneier.com/blog/archives/2019/10/why_technologis.html

US stopped using floppy disks to manage nuclear weapons arsenal

www.zdnet.com/article/us-stopped-using-floppy-disks-to-manage-nuclear-weapons-arsenal/ The system was created in 1968 and has been running for nearly 50 years on top of an IBM Series/1 mainframe, using 8-inch floppy disks as its storage medium.

US.GOV: Mind Your Own Business Act – Execs Could Face Jail Time For Privacy Violations

threatpost.com/execs-jail-time-privacy-violations/149334/ In addition to fines, senior executives who knowingly lie to the FTC could face up to 10- to 20-year criminal penalties under the act.

Debug mode in popular webdev tool Laravel exposes credentials for hundreds of websites, including Donald Trumps

www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/

Microsoft Tackles Election Security with Bug Bounties

threatpost.com/microsoft-election-security-bug-bounties/149347/ Researchers can earn up to $15,000, depending on the severity of the bug found.

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/

UC Browser app abuses may have exposed 500 million users

www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users

Vatican sponsored eRosary Application Account Takeover

fidusinfosec.com/clicktopray-erosary-account-takeover/ See also

www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/

Redaman banking malware C&C servers hidden inside the Bitcoin blockchain

research.checkpoint.com/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/

SIMATIC IPC – Security Guidelines for Linux systems

support.industry.siemens.com/cs/document/109768383/simatic-ipc-security-guidelines-for-linux-systems

You might be interested in …

Daily NCSC-FI news followup 2020-11-02

Oracle Releases Out-of-Band Security Alert us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert Oracle has released an out-of-band security alert to address a remote code execution vulnerabilityCVE-2020-14750in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. Read also: www.oracle.com/security-alerts/alert-cve-2020-14750.html Poliisille ilmoitettujen tietomurtojen määrä on liki tuplaantunut parissa vuodessa rikosten todellinen määrä on vielä suurempi […]

Read More

Daily NCSC-FI news followup 2021-03-07

Biden administration labels China top tech threat, promises proportionate responses to cyberattacks www.theregister.com/2021/03/05/bide_administration_interim_national_security_guidance/ That assessment was offered in a new Interim National Security Guidance [PDF] issued on Wednesday, in which the administration also outlines plans to seek more regulation of advanced technologies and an intention to strike back after cyberattacks.. Guidance document at www.whitehouse.gov/wp-content/uploads/2021/03/NSC-1v2.pdf AdGuard […]

Read More

Daily NCSC-FI news followup 2020-09-18

RampantKitten: An Iranian Surveillance Operation unraveled blog.checkpoint.com/2020/09/18/rampantkitten-an-iranian-surveillance-operation-unraveled/ Check Point Research has unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the several different campaigns and […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.