Daily NCSC-FI news followup 2020-01-05

Austria: Cyberangriff auf Außenministerium

orf.at/stories/3149769/ Die IT-Systeme des Außenministeriums sind derzeit offenbar Ziel eines schwerwiegenden Cyberangriffs. Der Angriff lief auch am Sonntag weiter, so Außenamtssprecher Peter Guschelbauer. Vonseiten des Ministeriums vermutet man einen Angriff eines staatlichen Akteurs.. Also www.bbc.com/news/world-europe-50997773

US announces AI software export restrictions

www.theverge.com/2020/1/5/21050508/us-export-ban-ai-software-china-geospatial-analysis The ban, which comes into force on Monday, is the first to be applied under a 2018 law known as the Export Control Reform Act or ECRA. This requires the government to examine how it can restrict the export of emerging technologies essential to the national security of the United States including AI. News of the ban was first reported by Reuters.. But the new export ban is extremely narrow. It applies only to software that uses neural networks (a key component in machine learning) to discover points of interest in geospatial imagery; things like houses or vehicles. The ruling, posted by the Bureau of Industry and Security, notes that the restriction only applies to software with a graphical user interface a feature that makes . programs easier for non-technical users to operate.

Russia Takes a Big Step Toward Internet Isolation

www.wired.com/story/russia-internet-control-disconnect-censorship/ According to Russian reports, last week’s government drills actually focused on testing firewalls meant to protect telephony and wireless protocol layers known as SS7 and Diameter that are used for relaying and authenticating data. Mikhail Klimarev, executive director of the Internet Protection Society, a Russian NGO, argues that the tests were largely a propaganda exercise to spread fear about the . extent of the government’s technical prowess.


www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States

Researching the Digitime Tech FOTA Backdoors

wuffs.org/blog/digitime-tech-fota-backdoors An investigation into the shady stuff going on behind Digitime Tech’s FOTA (Firmware Over The Air) update service, as seen on Planet Computers’s Android devices and on other low-budget Android hardware.. Planet are only one OEM though and there’s undoubtedly others using Digitime’s services. There is no way I can trust an OTA distributor which moonlights as a malware distributor like this. This isn’t your typical accidental security bug – this is a company that is knowingly and actively putting a malware distribution mechanism on phones through the supply chain, and getting paid for it. Truly . living the dream.

Iranilaiseksi itseään väittävä ryhmä hakkeroi USA:n hallituksen viraston nettisivun

www.iltalehti.fi/ulkomaat/a/37237c4c-36ae-42d2-828b-2eca66dbee7c Virasto, jonka sivuille hakkerit onnistuivat pääsemään on Federal Depository Library Program (FDLP). Se on verrattain vähän tunnettu. FDLP:n tarkoitus on taata se, että kaikilla halukkailla on ilmainen pääsy hallituksen julkaisuihin.

Time for Insider-Threat Programs to Grow Up

www.darkreading.com/threat-intelligence/time-for-insider-threat-programs-to-grow-up/d/d-id/1336713 In a research paper published this week, Forrester Research found that many of the current insider-threat programs may violate new privacy laws and the more draconian programs may undercut employee performance, says Joseph Blankenship, vice president of research for Forrester.

DeathRansom Part II: Attribution

www.fortinet.com/blog/threat-research/death-ransom-attribution.html FortiGuard Labs established a significant connection between the ongoing DeathRansom and Vidar malware campaigns. They share the naming pattern and infrastructure used. We also found evidence that a Vidar sample tried to download the DeathRansom malware.. Based on the evidence left on Russian underground forums, we were able to find a person who seems to likely to be behind these malicious campaigns.

FPGA cards can be abused for faster and more reliable Rowhammer attacks

www.zdnet.com/article/fpga-cards-can-be-abused-for-faster-and-more-reliable-rowhammer-attacks/ Seeing that FPGA-CPU architectures are becoming more common, a team of researchers from the Worcester Polytechnic Institute in the US, the University of Lubeck in Germany, and Intel, have looked into how Rowhammer attacks impact this new cloud setup.. Furthermore, the academic team also found that a JackHammer attack is much more difficult to detect because of the FPGA’s direct access to system resources leaves no traces on the CPU of the FPGA’s memory access operations. Since most anti-Rowhammer detection systems are configured at the CPU level, this opens a new blindspot in CPU and cloud security.

Trump signs law increasing max robocall fine to $10,000

www.theverge.com/2020/1/1/21045369/robocall-traced-act-signed-trump-law-congress-fcc-ajit-pai The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) was signed on Monday, after Congress approved the landmark bill earlier this month to give the federal government new abilities to go after illegal robocallers. Fines can now reach $10,000 per call. The law also requires major carriers such as AT&T, Verizon, and T-Mobile to use a new technology called STIR/SHAKEN to . help customers know if theyre being targeted by a robocaller with a spoofed number.

www.linkedin.com/pulse/australian-research-program-inspects-real-scene-between-peter-cassidy/ A population-level survey of Australia would measure the population’s resilience to common spam-based phishing and deliver important insights into any number of factors at the real scene of the cybercrime: between the users ears. With a deeper view of the behavioral aspects of the phishing phenomenon, the research and development communities also come closer to the right questions about how . design of the built computing environment and user experience contributes to the success of the phishers artful deceptions.

‘Do Not Sell My Info’ – U.S. retailers rush to comply with California privacy law

in.reuters.com/article/uk-usa-retail-privacy/do-not-sell-my-info-u-s-retailers-rush-to-comply-with-california-privacy-law-idINKBN1YZ04D U.S. retailers including Walmart Inc will add Do Not Sell My Info links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, sources said.

You might be interested in …

Daily NCSC-FI news followup 2021-10-12

Farm equipment security at DEF CON 29 www.kaspersky.com/blog/hacking-agriculture-defcon29/42402/ One of the most unusual presentations at the DEF CON 29 conference, held in early August, covered farm equipment vulnerabilities found by an Australian researcher who goes by the alias Sick Codes. Vulnerabilities affecting the major manufacturers John Deere and Case IH were found not in tractors […]

Read More

Daily NCSC-FI news followup 2019-06-04

Headhunting Firm Leaks Millions of Resumes, Client Private Data www.bleepingcomputer.com/news/security/headhunting-firm-leaks-millions-of-resumes-client-private-data/ A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data.. The database containing hundreds of thousands of customer records, internal emails, as well as employees […]

Read More

Daily NCSC-FI news followup 2021-06-03

Exchange Servers Targeted by Epsilon Red’ Malware threatpost.com/exchange-servers-epsilon-red-ransomware/166640/ Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.