If there’s somethin’ stored in a secure enclave, who ya gonna call? Membuster!
www.theregister.co.uk/2019/12/05/membuster_secure_enclave/ Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU to off-chip DRAM through the memory bus. Read also: arxiv.org/pdf/1912.01701.pdf
VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed
www.theregister.co.uk/2019/12/05/vcs_tricked_mitm/ A group of hackers used a compromised email account to steal a start-up’s $1m venture capital payment. The incident response team at security house Check Point says it was called in to investigate the case of money that a Chinese VC firm had reported missing after it was supposedly sent to a startup in Israel. It was believed that the attack was down to a compromised email account that had been used to re-route the payment to an account controlled by the attacker, a rather cut-and-dry business email compromise (BEC) operation.
Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads
Get yourself a USB condom
www.zdnet.com/article/get-yourself-a-usb-condom/ Sometimes simple is best. And security doesn’t come much easier than the Original USB Condom.
FBI recommends that you keep your IoT devices on a separate network
www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/ The FBI also recommends changing factory-set (default) passwords and not allowing an IoT device’s accompanying mobile app to gain access to too many smartphone permissions. The FBI says owners of IoT (Internet of Things) devices should isolate this equipment on a separate WiFi network, different from the one they’re using for their primary devices, such as laptops, desktops, or smartphones. Read also:
Labor’s plan to fix Australia’s encryption laws doesn’t go far enough
www.zdnet.com/article/labors-plan-to-fix-australias-encryption-laws-doesnt-go-far-enough/ The new Bill to require judicial oversight and a clarification of definitions is a great start, Labor says, but the Assistance and Access regime needs reining in much more tightly.
The most copied StackOverflow Java code snippet contains a bug
www.zdnet.com/article/the-most-copied-stackoverflow-java-code-snippet-contains-a-bug/ The most copied StackOverflow Java code snippet of all time contains a bug. The admission comes from the author of the snippet itself, Andreas Lundblad, a Java developer at Palantir, and one of the highest-ranked contributors to StackOverflow, a Q&A website for programming-related topics. Academics found that this code had been copied and embedded in more than 6, 000 GitHub Java projects, more than any other StackOverflow Java snippet.
The “Great Cannon” has been deployed again
Most of the largest US voting districts are vulnerable to email spoofing
techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/ Only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks, seen as a key attack method by hackers who officials say want to disrupt the upcoming presidential election.
Phishing with a self-contained credentials-stealing webpage
isc.sans.edu/diary/rss/25580 Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Not all credentials-stealing has to be done using a remote website, however.
Some Hardware-based Password Managers Have Poor Security
www.bleepingcomputer.com/news/security/some-hardware-based-password-managers-have-poor-security/ Some hardware-based password managers lack proper protections for the sensitive data they store and allow reading it in plain text, even after they’ve been reset. The information was retrieved through physical access to the electronic board inside the device and connecting directly to the flash chips used for storage.
Näin toimii dnssec “lisää tietoturvaa kuten esimerkiksi ssl”
www.tivi.fi/uutiset/tv/c116bc6a-a238-4ee8-a24a-200e1de66a48 Internetin nimipalvelulla (dns) on tärkeä tehtävä muuntaa koneiden verkko-osoitteita numeerisiksi tcp/ip-osoitteiksi ja päinvastoin. Se on kuin netin hajautettu puhelinluettelo koneille. Dns-osoitteiston puurakenteen solmuja kutsutaan domaineiksi. Juurisolmun alla ovat esimerkiksi.edu, .org, .com, ja suomalainen.fi. Niiden alla ovat organisaatioiden, yritysten ja käyttäjien domainit, joilla voi edelleen olla alidomaineja. Internetosoitteessa domainit on listattu pisteellä eroteltuina oikealta vasemmalle, esimerkiksi:
www.suomi.fi. Dnssec on internetin nimipalvelinstandardin turvalaajennus, joka tarjoaa lisäturvaa verkkoliikenteeseen.
To catch criminals faster, the police needs a technology revamp
www.zdnet.com/article/to-catch-criminals-faster-the-police-needs-a-technology-revamp/ Motorola has already started a small revolution with a “digital policing platform”, but a lot more change is still needed, say police officers.
New ransomware attacks target your NAS devices, backup storage
www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/ The number of ransomware strains targeting NAS and backup storage devices is growing, with users “unprepared” for the threat, researchers say.
Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry
threatpost.com/stealthy-macos-malware-lazarus-apt/150881/ Researchers have identified new MacOS malware that can execute remote code in memory that they believe is the work of the powerful North Korean APT group Lazarus, they said Thursday.
How to spot if your child is a victim of cyberbullying
www.welivesecurity.com/2019/12/06/how-spot-your-child-is-victim-cyberbullying/ What are some of the most common warning signs that your child is experiencing online harassment?. Answers: Unexplained physical changes, School avoidance, Mood swings, Loss of interest, and Quitting social media.
BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/ The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019.
NVIDIA Patches Severe Flaws in Mercedes Infotainment System Chips
www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/ NVIDIA released security updates for six high severity vulnerabilities found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier, TK1, TX1, TX2, and Nano chips used in Mercedes-Benz’s MBUX infotainment system and Bosch self-driving computer systems. The chips affected by these flaws are also used in HP and Acer Chromebooks [1, 2], Android tablets, Nintendo Switch video game consoles, and Magic Leap One virtual retinal displays. These security flaws that could allow local attackers with various levels of user privileges to execute arbitrary code, escalate privileges, trigger denial-of-service (DoS) states, and launch information disclosure attacks against devices featuring unpatched chips.
Fake VPN Site Pushes CryptBot and Vidar Info-Stealing Trojans
www.bleepingcomputer.com/news/security/fake-vpn-site-pushes-cryptbot-and-vidar-info-stealing-trojans/ A cyberthreat actor has created a web site that promotes a fake VPN program that installs the Vidar and CryptBot password-stealing trojans. These trojans will then attempt to steal saved browser credentials and other information from a victim’s computer. While investigating a different malware infection, BleepingComputer stumbled upon a website promoting a VPN program called ‘Inter VPN’ that claims to be the “fastest VPN”. It then shows an image of the VPN client, which is actually an image of the legitimate VPN Pro software.
Microsoft to Make Office 365 Encrypted Emails Look Less Spammy
www.bleepingcomputer.com/news/security/microsoft-to-make-office-365-encrypted-emails-look-less-spammy/ Microsoft is currently working on enhancing the way emails sent using the Office 365 Message Encryption (OME) service are seen by mail servers so that they are less likely to be marked as spam and sent to the Trash folder. OME is built on Microsoft Azure Rights Management (Azure RMS), part of Azure Information Protection, and it allows Office 365 customers to send and receive encrypted email messages using Outlook.com, Yahoo!, Gmail, and several other email services using encryption, identity, and authorization policies.
VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system
www.us-cert.gov/ncas/current-activity/2019/12/06/vmware-releases-security-updates-esxi-and-horizon-daas The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds. Read also: www.vmware.com/security/advisories/VMSA-2019-0022.html
These are the worst hacks, cyberattacks, and data breaches of 2019
www.zdnet.com/article/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019/ A slew of hacks, data breaches, and attacks tainted the cybersecurity landscape in 2019. For the past few years, there has been a constant stream of data breaches that have hit the headlines, ranging from the theft of medical information, account credentials, corporate emails, and internal sensitive enterprise data. When a data breach occurs, companies will usually haul in third-party investigators, notify regulators, promise to do better and give any impacted consumers free credit monitoring — but we’ve reached a stage where you should consider signing up to such services anyway, given how much of our information is now available in data dumps strewn all over the internet. (Consider using Have I Been Pwned to check if you’ve been involved in a breach.)
BMW and Hyundai hacked by Vietnamese hackers, report claims
www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/ Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government. German media is reporting that hackers suspected to have ties to the Vietnamese government have breached the networks of two car manufacturers, namely BMW and Hyundai. The report, coming from Bayerischer Rundfunk (BR) and Taggesschau (TS), claims that hackers breached the network of a BMW branch sometime this spring. Read also (in German):
Feds Crack Down on Money Mules, Warn of BEC Scams
threatpost.com/feds-crack-down-on-money-mules-warn-of-bec-scams/150900/ Authorities say they have halted over 600 domestic money mules exceeding the 400 money mules stopped last year. The Justice Department said this week that it is cracking down on money mules, i.e., middlemen who assist in fraud schemes by receiving money from victims and forwarding proceeds to foreign-based perpetrators. So far, feds say they have halted more than 600 domestic money mules exceeding the 400 money mules stopped last year. Of these, more than 30 individuals were criminally charged for their roles in receiving victim payments and providing the fraud proceeds to accomplices. The Department of Justice (DoJ) said this is triple the number of criminal prosecutions brought against money mules in last year’s